Split Google Workspace tenant

Gael_Giraud · June 9, 2026, 7:35pm

Your question

Hello,
I have a client with 1500 Google Workspace accounts.
The solution is starting to get expensive for them, at €18 per month per user.
Many of their users don’t need all the Google services, but only an email address to register for the car manufacturers’ training programs.
I’m looking for a solution to offer them a split domain with Google Workspace accounts and Stalwart accounts.
Has anyone already implemented a similar solution?
How do I manage the email flow between the two solutions? Should I route all emails to Stalwart and forward some to Google Workspace, or vice versa?
I’m using an enterprise version of Stalwart.

helpbot · June 9, 2026, 7:36pm

This is a well-supported pattern in Stalwart and the recommended architecture is: Stalwart as the inbound MX front-end, with split-delivery relaying for Google Workspace users. Here is how it works:

Recommended architecture

Point your domain’s MX record(s) to Stalwart. Stalwart then acts as the authoritative receiver for your domain and decides per-recipient where to deliver:

Stalwart-hosted users (the light email-only accounts) are delivered locally.
Google Workspace users are relayed upstream to Google’s SMTP inbound gateway.

This is exactly what Stalwart calls split-delivery relaying.

Step-by-step configuration

1. Enable split-delivery on the Domain object

In the WebUI go to Management > Domains, edit your domain, and set allowRelaying to true. With this flag set, if an incoming recipient is not found in the local directory, Stalwart accepts the message and relays it rather than rejecting it with an “unknown recipient” error.

2. Create a Relay MtaRoute pointing to Google Workspace

Google Workspace accepts inbound SMTP at aspmx.l.google.com (port 25) or, if you use Google’s “dual delivery” feature, at alt1.aspmx.l.google.com. Create a Relay route in Settings > MTA > Outbound > Routes:

{
  "@type": "Relay",
  "name": "google-workspace",
  "address": "aspmx.l.google.com",
  "port": 25,
  "protocol": "smtp",
  "implicitTls": false,
  "allowInvalidCerts": false,
  "authSecret": {"@type": "None"}
}

Also create your standard Local and Mx routes if not already present.

3. Wire up the outbound strategy expression

On the MtaOutboundStrategy object, set the route expression to select 'google-workspace' for the recipients that belong to Google, 'local' for Stalwart accounts, and 'mx' for everything else. The simplest approach is: if the recipient resolves locally, use Local; otherwise (the fallthrough from allowRelaying) route via the Google relay.

Important practical notes

Google’s dual delivery / split delivery feature: Google Workspace itself has a “Split delivery” setting under Apps > Google Workspace > Gmail > Advanced settings. You should configure it there as well, so that mail originating inside Google (user-to-user) also follows the same routing. Otherwise Google-side users emailing a Stalwart-side address may go into a loop.
DNS: Only one set of MX records can point to Stalwart; Google must no longer be a secondary MX or mail will bypass Stalwart for Google-hosted users.
Directory: Keep only your light (Stalwart-hosted) users in the local directory. Google Workspace users should deliberately not exist there, so the allowRelaying fallthrough kicks in and forwards to Google.

Relevant docs:

This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong.

Topic		Replies	Views
Tips on multi-site redundancy? Questions	6	58	May 31, 2026
Stalwart Milter / MTA Hooks are Inbound Only? Questions	4	38	May 14, 2026
Select smtp relay based on sender Questions no-ai	10	35	May 18, 2026
Adding new ACME-renewable certificate Questions	3	33	May 29, 2026
I have installed stalwart now correctly, but system mails are not sent. what is wrong? Questions	4	23	May 29, 2026