Configure Google Workspace as a SMTP relay

:e-mail:

1. Purchase the Google Workspace service

I recommend the Business Standard package. The password of the e-mail account you created will be sent to the account you used when purchasing the package at Google Workspace.

2. Configure Google Workspace MX

Name/Host/Alias Time to Live (TTL*) Record Type Priority Value/Answer/Destination
@ or leave blank 3600 MX 1 ASPMX.L.GOOGLE.COM
@ or leave blank 3600 MX 5 ALT1.ASPMX.L.GOOGLE.COM
@ or leave blank 3600 MX 5 ALT2.ASPMX.L.GOOGLE.COM
@ or leave blank 3600 MX 10 ALT3.ASPMX.L.GOOGLE.COM
@ or leave blank 3600 MX 10 ALT4.ASPMX.L.GOOGLE.COM

3. Configure SPF

Define your SPF record. Create a TXT record:

v=spf1 include:_spf.google.com ~all

4. Allow less secure apps

Login in google admin link. Type “Less Secure Apps” in the search box and click on the result. Select the option “Allow users to manage their access to less secure apps”.

Open the “Security” section in the Google myaccount link. Turn the “Less secure app access” setting to “On” and turn it on.

5. Configure DKIM

Login in google admin link. Type “gmail” in the search box and click on the “Settings for Gmail” option.

Click on the “Authenticate email” section. Apply the TXT record on your domain. It may take up to 48 hours to be active.

6. Set routing and permissions

Go back to the “Settings for Gmail” page, click on the “Routing” section.

7. Configure your site’s SMTP settings

nano ./containers/app.yml
  DISCOURSE_SMTP_ADDRESS: smtp-relay.gmail.com
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: hello@domain.com
  DISCOURSE_SMTP_PASSWORD: "password"
  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
  DISCOURSE_SMTP_DOMAIN: domain.com
  DISCOURSE_NOTIFICATION_EMAIL: hello@domain.com

8. Rebuild

./launcher rebuild app

9. Test email

It is useful to wait 48 hours after all procedures.

Open the e-mails section from the admin panel and perform the test. You can also use the mail tester site.

3 Likes

Somewhere in the middle of step 4 should be “create a new account”.

Also, please inspect your contact for the permissibility of

  1. Running a computer service authenticating as a human account
  2. Sending transactional emails

Google Workspace service varies by page. If the domain name is registered in Google Domains, it is purchased from the Google Domains menu. If the domain name is registered with another operator, it is purchased from Google Workspace.

1 Like

You would need another smtp server that would rewrite the headers.

IP numbers are not secret. If you have a something in front of your small forum that is serving pages and don’t want access from other addresses, configure a firewall to allow access only from the proxy.

I also used the following guide successfully…

1 Like