Integration of Planisys AVAS with Google Workspace

This describes how to configure an AVAS for cases where the maildrop is within Google Workspace (i.e., Gmail) and you want to use AVAS as an outgoing relay and take advantage of Mailaudit, as well as AVAS MX.

Configure Incoming AVAS in Google Workspace

First, log in as an Administrator in Google, and click on the menus:

Apps, Google Workspace, and Gmail

../_images/google-admin-gmail-1.jpg

Since we are going to use the AVAS logic for MX filtering, we declare the Planisys IPs as trusted.

On the right, look for the panel that says Spam, Phishing, and Malware.

../_images/google-admin-gmail-2.jpg

Where it says Allowed Senders List, enter the list of Planisys IPv4 blocks to trust these IPs and avoid rechecking for spam:

190.185.104.0/22

131.108.40.0/22

179.63.248.0/22

185.180.8.0/22

38.73.73.0/24

154.57.159.0/24
../_images/google-admin-gmail-3.jpg

The result should look like this: (where it says Planisys it should say the name of YOUR organization)

../_images/google-admin-gmail-4.jpg

Next, enable the inbound gateway by hovering over it and clicking on thepencil icon. By enabling the gateway only for Planisys IPs, you ensurethat only emails that have passed through AVAS MXs are accepted.

../_images/google-admin-gmail-6.jpg ../_images/google-admin-gmail-7.jpg ../_images/google-admin-gmail-8.jpg ../_images/google-admin-gmail-9.jpg

Here you should include all listed IPv4 ranges, and additionally IPv6:

190.185.104.0/22

131.108.40.0/22

179.63.248.0/22

185.180.8.0/22

38.73.73.0/24

154.57.159.0/24

2803:bc00::/32
../_images/google-admin-gmail-10.jpg

Configure Outgoing AVAS in Google Workspace

Here, you should choose Apps, Google Workspace, Gmail, and Routing**to configure the outgoing mail in the **Outbound Gateway. Enter thename avas-out-<avasid>-1.planisys.net as the outgoing relay, where in the example it says electronotif as a replacement for <avas>.

../_images/google-admin-gmail-5.jpg ../_images/google-admin-gmail-11.jpg

Then, where it says Routing, add the rule by entering the AVAS outgoingrelay name again, enabling the option to skip spam checks, and enablingthe TLS encryption protocol between Google Workspace and AVAS Planisys.

../_images/google-admin-gmail-12.jpg ../_images/google-admin-gmail-13.jpg ../_images/google-admin-gmail-14.jpg

Configure Google Ranges in AVAS

In AVAS, you must enter the following blocks in the Relays section,which correspond to the Gmail blocks according to the SPF record _spf.google.com

35.190.247.0/24

64.233.160.0/19

66.102.0.0/20

66.249.80.0/20

72.14.192.0/18

74.125.0.0/16

108.177.8.0/21

173.194.0.0/16

209.85.128.0/17

216.58.192.0/19

216.239.32.0/19

172.217.0.0/19

172.217.32.0/20

172.217.128.0/19

172.217.160.0/20

172.217.192.0/19

172.253.56.0/21

172.253.112.0/20

108.177.96.0/19

35.191.0.0/16

130.211.0.0/22

If the outgoing relay avas-out-<avasname>-1.planisys.net also has an IPv6, add these blocks to Relays as well:

2001:4860:4000::/36

2404:6800:4000::/36

2607:f8b0:4000::/36

2800:3f0:4000::/36

2a00:1450:4000::/36

2c0f:fb50:4000::/36

Wait 10 minutes for the configuration to take effect, and you can use the AVAS outgoing relay from Gmail.