Define domain-specific behavior at the Tenant level?

crx · October 30, 2025, 4:33pm

… I’m probably missing something obvious, and maybe it’s a question with a simple answer

TL;DR
As per the subject… basically, I’m trying to achieve what in Momentum could be done like this:

Binding_Group "123456" {
  Domain "example.com" {
    Max_Outbound_Connections = "1"
    Max_Deliveries_Per_Connection = "1"
    Outbound_Throttle_Messages = "1/20"
  }
  Binding "ip.10.120.4.5"  {
     bind_address = "10.120.4.5"
  }
  Binding "ip.10.120.4.6"  {
     bind_address = "10.120.4.6"
  }
  Binding "ip.10.120.4.7"  {
     bind_address = "10.120.4.7"
  }
}

Is there a “simple”, no-code way to do this in Kumo?

Let me explain:

With traffic-shaping, I can set, for example, the following limits for the domain example.com:

connection_limit = 10
max_connection_rate = "100/min"
max_deliveries_per_connection = 100

However, for customers with “special” traffic patterns, I’d like to specify custom limits for the same domain, such as:

connection_limit = 1
max_connection_rate = "20/min"
max_deliveries_per_connection = 1

So, for X-Tenant 123456, I’d like traffic from their IPs (see below, e.g., 3 IPs) going to example.com to use these specific parameters only for them.

[tenant.'123456']
egress_pool = 'pool-123456'

[pool."pool-123456"]
[pool."pool-123456"."ip-10.120.4.5"]
[pool."pool-123456"."ip-10.120.4.6"]
[pool."pool-123456"."ip-10.120.4.7"]

[source."ip-10.120.4.5"]
source_address = 10.120.4.5

[source."ip-10.120.4.6"]
source_address = 10.120.4.6

[source."ip-10.120.4.7"]
source_address = 10.120.4.7

I’m experimenting with get_egress_path_config and make_egress_path, but so far without success

In any case, with “hundreds” of such cases, scripting everything in Lua would turn init.lua into a monster or I have to build my toml and load it dynamically, BTW I already have:

kumo.on('get_egress_path_config',
  shaping:setup{
    '/opt/kumomta/etc/policy/shaping_custom.toml',
  }
)

Mike · October 30, 2025, 4:41pm

At this point egress_source’s don’t have the ability to inherit shaping from egress_pool’s, and Tenants are Scheduled queue granularity so they don’t have traffic shaping. As you assumed, you would need to assign a pool specific to a given tenant.

Also, your init.lua would only be huge if you hardcoded everything, which would not be a good idea.

Keep in mind that shaping.lua is a starting point, you could always modify it to fit your needs by adjusting it to meet your needs (or sponsor such work).

crx · October 30, 2025, 4:47pm

Thanks Mike, got it, I’ll try to explore the idea that “shaping.lua is a starting point, and can be modified to fit specific needs”, I’m still in R&D

tom · November 11, 2025, 5:32pm

a little late adding this but…
TL;DR, the throttles can be source specific, but not pool specific and there is no inheritance.

But… Taking your sample and converting it to Kumo config, I would…

change binding group to egress_pool
add the bindings as egress_sources
set shaping per source as opposed to worthing through inheritance.
You can do this all with the helpers to make it easier
EG:

  Domain "example.com" {
    Max_Outbound_Connections = "1"
    Max_Deliveries_Per_Connection = "1"
    Outbound_Throttle_Messages = "1/20"
  }
  Binding "ip.10.120.4.5"  {
     bind_address = "10.120.4.5"
  }
  Binding "ip.10.120.4.6"  {
     bind_address = "10.120.4.6"
  }
  Binding "ip.10.120.4.7"  {
     bind_address = "10.120.4.7"
  }
}```

tom · November 11, 2025, 5:32pm

Becomes:
In source.toml:

[pool."123456"]
[pool."123456"."ip.10.120.4.5"]
[pool."123456"."ip.10.120.4.6"]
[pool."123456"."ip.10.120.4.7"]

[source."ip.10.120.4.5"]
     source_address = "10.120.4.5"
[source."ip.10.120.4.6"]
     source_address = "10.120.4.6"
[source."ip.10.120.4.7"]
     source_address = "10.120.4.7"

In shaping.toml:


["example.com".sources."ip.10.120.4.5"]
    connection_limit = 1
    max_deliveries_per_connection = 1
    max_message_rate = "3/minute"

["example.com".sources."ip.10.120.4.6"]
    connection_limit = 1
    max_deliveries_per_connection = 1
    max_message_rate = "3/minute"

["example.com".sources."ip.10.120.4.7"]
    connection_limit = 1
    max_deliveries_per_connection = 1
    max_message_rate = "3/minute"

So you can still assign to pool “123456”, but if the message is routed through source “ip.10.120.4.5”, the domain “example.com” will be throttled appropriately.

tom · November 11, 2025, 5:33pm

That is something you can get Chef or Ansible to produce out of a database so it does not have to be manually coded.

crx · November 11, 2025, 6:23pm

Thanks Tom for the feedback and suggestion, I’ll definitely run some tests

wez · November 11, 2025, 8:06pm

BTW, for low rate throttles like those, you probably want to set max_burst=1 in the throttle spec. Take a look at make_throttle - KumoMTA Docs for more information. You can also use explain-throttle to get a better feel for the effective rates:

$ /opt/kumomta/sbin/explain-throttle 3/m
3/m
implied burst rate 3 every 20s, or: 0.150/s, 9/m, 540/h, 12,960/d in that period.
overall rate 0.050/s, 3/m, 180/h, 4,320/d

$ /opt/kumomta/sbin/explain-throttle 3/m,max_burst=1
3/m,max_burst=1
explicit burst rate 1 every 20s, or: 0.050/s, 3/m, 180/h, 4,320/d in that period.
overall rate 0.050/s, 3/m, 180/h, 4,320/d