Connect - Setting Up Your Inbound Email

Updated

This article contains information on setting up inbound email routing through Mimecast, including modifying MX records and configuring delivery routes for Microsoft 365, On-Premises Exchange, Hosted Exchange, and Google Workspace.

Having previously set up your outbound email, messages are successfully routed outbound. You are now ready to set up an inbound routing through Mimecast.

External messages destined for your organization must be directed to Mimecast, not left directed to your email server or hosted email service. Once the messages reach Mimecast, they are processed by Recipient Validation and other Mimecast security systems. Only once we are satisfied it is safe to do so is the message delivered to your organization's infrastructure or hosted service.

Mimecast supports hybrid environments. As such, we can deliver emails for one or multiple domains to the following Exchanges:

      • Microsoft 365.
      • On-Premises.
      • Hosted Exchange (HEX).
      • Google Workspace.

To set up your inbound email, you need to:

  1. Create a delivery route to specify where the emails must be delivered to.
  2. Modify your MX records to direct inbound emails to your Mimecast account.

Preparing Your Environment

The steps to prepare your environment to accept email from Mimecast depend on the type of Exchange you have. See the relevant option below for more information.

      • If your mail server is configured to restrict the IP addresses that can deliver inbound emails, ensure these are amended to include Mimecast's data center ranges.
      • Your firewall must be configured to allow inbound SMTP traffic from Mimecast.
      • We recommend that any local inbound IP reputation or authentication scanning bypasses Mimecast's data center ranges. This ensures inbound messages from Mimecast are not incorrectly flagged as false positives. These services are provided by the default DNS Authentication policy.

Microsoft 365

For full details, see the Connect: Configuring Inbound Delivery Routing for Microsoft 365 page.

On-Premises and Hosted Exchange (HEX)

The delivery route specifies where Mimecast delivers messages to. You can configure multiple delivery routes depending on the organization's infrastructure. This can be useful to have email flow spread across single or multiple destination email servers.

  1. Create a Delivery Routing Definition to specify the destination email server details.
  2. Create a Delivery Routing policy to specify which messages are to be delivered to which servers.

We provide the ability to create custom SMTP delivery routes. These can be configured to deliver all inbound emails to an IP address or hostname.

Google Workspace

To add entries from the Mimecast IP ranges to your email allow list

  1. Log in to the Google Admin Console.
  2. Navigate to Apps | Google Workspace | Gmail.
  3. Select Spam, Phishing and Malware.
  4. Select the pencil icon for the Email allowlist.
  5. Add the Mimecast Data Center IP for your account region, separating the entries with commas. See the Mimecast Data Centers and URLs page for full details.
  6. Click on the Save button.
Connect Process Setting Up Your Inbound Email

 

To add the Mimecast IP ranges to your inbound gateway

  1. Navigate to Inbound Gateway.
  2. Click on the Configure button.
      • Enter Mimecast Gateway in the Short description.
      • Use Add to enter the Mimecast Data Center IP for your Mimecast account region. See the Mimecast Data Centers and URLs page for full details.
      • Ensure the Require TLS for Connections From the Email Gateways Listed Above option is selected.
      • Ensure the Reject all mail not from gateway IPs option is also selected.
        If there are any appliances (printers / scanners) or applications that send messages directly to Google instead of via MX resolution (which will direct the messages through Mimecast), you will also need to include those IPs in addition to your region's Mimecast IP ranges.
  1. Click on the Add Setting button to save the change.
Connect Process Setting Up Your Inbound Email_1

Google Workspace will not sanitize input from IP ranges added to the Inbound Gateway settings. Check entries for leading and trailing spaces.

To configure a delivery route in Mimecast

  1. Create a Delivery Routing Definition using the Google Workspace MX record values from the following link: http://support.google.com/a/answer/174125?hl=en.
      • Primary host: smtp.google.com
      • Alternative host: smtp.google.com
  1. Create a Delivery Routing policy.
    Field / Option Value
    Policy Narrative Google Workspace
    Route Select the definition created in step 1.
    Address Based On Both
    Applies From Everyone (Applies to all Senders)
    Applies To Internal Addresses (Applies to all Internal Recipients)
  2. Click on the Save and Exit button.

Modifying Your Domain's Zone File

Your organization's zone file directs Mail Exchanger (MX) traffic to each domain's specific IP address(es). To ensure messages are delivered to Mimecast, your zone file must be amended for the domain to add the appropriate hostnames. The Connect Team will provide these to you, or you can read the Mimecast Gateway page for more information.

The customer's Technical Point of Contact (TPOC) is responsible for completing this step of the Connect.

See Also...

Related to

Was this article helpful?
0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.