cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2623
Views
0
Helpful
2
Replies

Multi Tenant email

guibarati
Level 4
Level 4

If I have an ESA serving multiple tenants I have to add all the email senders on the relay list and have to allow them to send emails.

Is there a way to keep one tenant from sourcing their emails with the domain of the other tenant?

Thank you

1 Accepted Solution

Accepted Solutions

exMSW4319
Level 3
Level 3

Presuming the customers have different, static, IP addresses then a simple content rule with two conditions will do the job. There would be more efficient ways of doing it using sender groups and message filters if you want to get into that level of detail, or if you need to limit any one tenant.

Envelope Sender: mail-from != "tenant.tld$" AND

Remote IP / Host: remote-ip == "10.1.2.3" <-- tenant's IP

add action as appropriate

If you have a large number of tenants then this may not be viable either way; I can't give you any clear idea of what a reasonable upper limit would be with rules or filters.

Tenants need to understand that they cannot spoof other domains, which isn't a bad condition to impose. There may also be issues with auto-replies from some groupware.

If you've got multiple tenants on the same IP then strictly speaking any misbehaviour is the problem of the system administrator upstream, though you've still got to worry about them ruining your reputation. If you're accepting mail for a whole collection of senders on a range of addresses or heaven forbid public dynamic space without some extra authentication then that makes you a relay and you'll be surprised how few people will want to receive your mail.

View solution in original post

2 Replies 2

exMSW4319
Level 3
Level 3

Presuming the customers have different, static, IP addresses then a simple content rule with two conditions will do the job. There would be more efficient ways of doing it using sender groups and message filters if you want to get into that level of detail, or if you need to limit any one tenant.

Envelope Sender: mail-from != "tenant.tld$" AND

Remote IP / Host: remote-ip == "10.1.2.3" <-- tenant's IP

add action as appropriate

If you have a large number of tenants then this may not be viable either way; I can't give you any clear idea of what a reasonable upper limit would be with rules or filters.

Tenants need to understand that they cannot spoof other domains, which isn't a bad condition to impose. There may also be issues with auto-replies from some groupware.

If you've got multiple tenants on the same IP then strictly speaking any misbehaviour is the problem of the system administrator upstream, though you've still got to worry about them ruining your reputation. If you're accepting mail for a whole collection of senders on a range of addresses or heaven forbid public dynamic space without some extra authentication then that makes you a relay and you'll be surprised how few people will want to receive your mail.

This really help a lot. Thank you for all of your inputs and outputs.

Great job guys!