Hi, Google Apps and Exchange online allows you to relay all outgoing email through an external mail server.
Google Apps calls this an "Outbound mail gateway": https://support.google.com/a/answer/178333 And Microsoft calls this "Outbound Smart Hosting": http://technet.microsoft.com/en-us/library/jj723128%28v=exchg.150%29.aspx Both options however do not seem support any kind of authentication (like username/password, or client side certificates). To only way to make sure that only the Google apps or Microsoft online server is allowed to relay it seems that you need to approve the IP ranges used by Google and Microsoft. The problem is that in principle this IP range might change every now and then. I belief Google publishes their IP ranges in an SPF record so in principle this IP range can be looked up. Not sure about Microsoft though. Even if you only only allow Google Apps or Exchange online ip ranges, you still have the problem that someone else might configure your relay servers IP as their outbound gateway. Since in that case the email comes from Google or Microsoft, the external relay will accept the email. So just checking for IP ranges is not enough. I guess the only solution would be to check for sender domain and refuse to relay users from another domain. Has anyone on this list has any experience in setting up an outbound gateway for Google Apps and/or Exchange online? If so any ideas how to make sure this will work without any problems? Kind regards, Martijn Brinkers -- DJIGZO email encryption
