single instance multi-tenant service

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

single instance multi-tenant service

Penny Parker
Hello

Does anyone have experience of building a multi-tenant service for
processing incoming email using a single instance of Postfix?  I'm
talking about an Internet-facing service where all service subscribers
configure their MX records to point to the same host, running a single
instance of Postfix configured to route email for different domains to
different back-end systems.

Is Postfix suitable for offering this type service, or are there
security concerns e.g. leaking information from one tenant to another?

Would adding a new tenant to the system (i.e. a new route in Postfix)
require a restart, interrupting mail flow for existing tenants?

Would the service be able to serve up different TLS certificates for
different subscribers, or would it have to respond with the same
certificate for all subscribers?

Many thanks and apologies if this has been answered before.
Reply | Threaded
Open this post in threaded view
|

Re: single instance multi-tenant service

Wietse Venema
Penny Parker:
> Hello
>
> Does anyone have experience of building a multi-tenant service for
> processing incoming email using a single instance of Postfix?  I'm
> talking about an Internet-facing service where all service subscribers
> configure their MX records to point to the same host, running a single
> instance of Postfix configured to route email for different domains to
> different back-end systems.

That is covered under 'Configuring Postfix as primary or backup MX
host for a remote site' in
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup

This requires that you maintain a list of all valid email addresses
in a customer domain. If you can't maintain that information, then
see 'Recipient address verification' in
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

> Would adding a new tenant to the system (i.e. a new route in Postfix)
> require a restart, interrupting mail flow for existing tenants?

Service disruption is unnecessary. "postfix reload" (not stop+start)
should suffice.

> Would the service be able to serve up different TLS certificates for
> different subscribers, or would it have to respond with the same
> certificate for all subscribers?

Postfix 3.4 supports SNI. One Postfix configuration also supports
different SMTP servers on different IP addresses with different
(TLS) configuration.

> Many thanks and apologies if this has been answered before.

Asked and answered many times.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: single instance multi-tenant service

Phillip Schichtel
For the routing part I've written a small application that can
translate Postfix' socketmap lookups, tcp lookups and policy requests
into HTTP requests for integrating other applications for dynamic
routing info: [1]. That application is part of a larger application
I've build that does most of what you are asking for.

[1]: https://github.com/pschichtel/postfix-rest-connector

~ Phillip

Am 27. November 2019 19:35:59 schrieb Wietse Venema <
[hidden email]>:

> Penny Parker:
> > Hello
> >
> >
> > Does anyone have experience of building a multi-tenant service for
> > processing incoming email using a single instance of Postfix?  I'm
> > talking about an Internet-facing service where all service
> > subscribers
> > configure their MX records to point to the same host, running a
> > single
> > instance of Postfix configured to route email for different domains
> > to
> > different back-end systems.
>
> That is covered under 'Configuring Postfix as primary or backup MX
> host for a remote site' in
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
>
> This requires that you maintain a list of all valid email addresses
> in a customer domain. If you can't maintain that information, then
> see 'Recipient address verification' in
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
>
> > Would adding a new tenant to the system (i.e. a new route in
> > Postfix)
> > require a restart, interrupting mail flow for existing tenants?
>
> Service disruption is unnecessary. "postfix reload" (not stop+start)
> should suffice.
>
> > Would the service be able to serve up different TLS certificates
> > for
> > different subscribers, or would it have to respond with the same
> > certificate for all subscribers?
>
> Postfix 3.4 supports SNI. One Postfix configuration also supports
> different SMTP servers on different IP addresses with different
> (TLS) configuration.
>
> > Many thanks and apologies if this has been answered before.
>
> Asked and answered many times.
>
> Wietse



Reply | Threaded
Open this post in threaded view
|

Re: single instance multi-tenant service

Viktor Dukhovni
In reply to this post by Wietse Venema
> On Nov 27, 2019, at 1:35 PM, Wietse Venema <[hidden email]> wrote:
>
>> Would adding a new tenant to the system (i.e. a new route in Postfix)
>> require a restart, interrupting mail flow for existing tenants?
>
> Service disruption is unnecessary. "postfix reload" (not stop+start)
> should suffice.

When lists of relay, virtual, ... domains etc., are stored in tables
rather than listed verbatim in main.cf, even a reload is not generally
required, but may in some cases speed up the visibility of the new
data.

The main difficulty with multi-tenant configurations is hosting of
mailing lists (mailman and the like), this often requires per-tenant
user accounts which own the respective alias files, run maintenance
scripts, ...

If you're providing shared outbound mail, its "reputation" can be
tainted by just a single user who buys a list to market to, or
whose username/password is compromised.

--
        Viktor.