Home / server / Questions / 633558
Accepted
ylluminate
Asked: 2014-10-05 07:43:32 +0800 CST

How to isolate Google Gmail SMTP server IPs directly?

  • 772

I am performing some custom routing with a VPN in the mix that is requiring me to add each Google Gmail SMTP server IP to the routing table so that they pass over another gateway than the VPN's default gateway.

As per this, I can ascertain Google's general address ranges, however I can't seem to isolate the SMTP servers directly. Curiously, I made an inquiry to a VPN company at one point and they replied with all of the specific Gmail SMTP servers, but did not and would not explain how to ascertain these IP addresses.

How can I isolate these IP addresses via shell incantations? A standard GNU Linux or OS X method would be fine for this.

routing

3 Answers

  1. All you would need to do is a DNS lookup for the MX records. This would give you (at that point in time) a list of all the servers that Gmail uses to receive mail.

    • 2
  2. Best Answer

    Please test this a LOT, sine it is just a Q&D WAG, but I believe this does what you want:

    dig @8.8.8.8 +short  _spf.google.com TXT \
  |awk '
    BEGIN {RS=" " ; FS=":"} ; 
    $1="include" {print $2}
  ' \
  |sed -e '/^\s*$/d' \
  |while read NETBLOCK ; do 
    dig @8.8.8.8 +short "${NETBLOCK}" TXT \
    |awk '
      BEGIN {RS=" " ; FS=":"} ;
      $1 ~ /^ip4/ {print $2} ;
      $1 ~ /^ip6/ {s = ""; for (i = 2; i <= NF; i++) s = s":"$i; print s }
    ' \
  |sed -e 's/^://' ;
done

    Note that Google puts most of their public allocations into the SPF records. This makes sense, since it allows them to flexibly add/remove/move/change their outbound mail gateways, but may be less granular than the question author wanted.

    • 2
    • The outbound servers can be found using @DTK's answer
    • The inbound servers can be found using @Rex' answer

    Both answers are correct but incomplete. Following each answer only provides you with the servers at that particular point in time. Even a week later the servers could be completely different as Google changes their servers very often.

    The real solution is not to worry about Google's servers at all. Let a mail server do the job for you. (This is what they are intended to do.) Put a smarthost in "this" network for relaying mails. Relay the mails for Google (*@gmail.com, *@googlemail.com, ...) through the tunnel to another smarthost on "that" network behind the VPN. "That" smarthost does it's job and resolves the MX for Google's domain and delivers the mails to Google.

    In that configuration "this" smarthost only has to know that all of Google's mail should first go to "that" smarthost. The network traffic between both of the two servers gets tunneled (and probably firewalled) and is the only connection on port 25. (As both are "your" servers they could even communicate over any port you want).

    So you just have to configure any client to use "this" smarthost for mail delivery.

    This can be easily done with Postfix (see relay_domains and transport_maps as a start). I could provide you with a working configuration (except the VPN stuff).

    • 2