I am planning on installing site-to-site openvpn on my customers server and my server. How do I ensure that their email goes through the VPN and not just out over the internet?
to me you are just going with a XY situation.
Have you really investigated all levels about lowering the SPAM score for this client emails ?
Using simply VPN without managing the whole issue, will just :
- change the IP sending but might not change the score
- deteriorate your IP reputation
If you do not take the time to first:
- declare SPF fields for their domains
- declare a MX server for their domain
- declare a DKIM policy for their server, and enforce DKIM signing
- declare a DMARC policy and respect it
- configure reverse dns if available, if not change provider
- configure the way the server present itself according to reverse dns and DMARC policy
- fix any internal misuse of the email, by checking the SPAM codes of rejected emails : missing header, altered content after signing, wrong proportion of text/images...
And of course you will have to adapt most of those if you put your server as SMTP for your client.
Yes this is complex and time consuming, but this is how email goes in 2018... You can not cut corners.
I understand that I can change the SMTP serve in the email panel, but will that put the email through my server as they are not using the email function on their server?
explained this way, I will say no.. if they do not use their SME to send mail, then configuring their SME to relay mail to yours will do nothing ... As from your writting, I understand that they use an external service for their emails (ISP, gmail, office365...)
However, you might be saying that they do not use the webmail but rather pop/imap and smtp (pointing to the SME) with a client on their computers?