MENA SAAS . io
WHITEPAPER > MAIL ENGINE

Mail Infrastructure Engine Enterprise Email Delivery.
Integrated into Any SaaS Platform.

A self-contained mail provisioning engine that integrates directly into any SaaS product. Domain isolation, automated DNS record generation, outbound relay configuration, and application-layer mailbox binding — all triggered from a single API call. No mail infrastructure knowledge required on the integrator's side.

VIEW LIVE DEPLOYMENT — MANAGELY MAIL
Architecture

API-First Engine

DNS Records

Auto-Generated

Outbound Relay

AWS SES

Provisioning

Under 2 Minutes

ENGINE OVERVIEW

Provisioning Flow & Runtime Specifications

Mail Engine — Provisioning Flow
mail_engine.py
┌───────────────────────────────────────┐ │ STEP 1: DOMAIN OWNERSHIP VERIFY │ │ ───────────────────────────────── │ │ • Live DNS TXT record lookup │ │ • Per-user verification token │ │ • Prevents unauthorized domain claims │ └───────────────┴───────────────────────┘ │ Verified ▼ ┌───────────────┬───────────────────────┐ │ STEP 2-4: DOMAIN + MAILBOX + ADMIN │ │ ───────────────────────────────── │ │ • Onboard domain with plan-based quota │ │ • Create admin mailbox (secure pass) │ │ • Bind isolated domain admin account │ └───────────────┴───────────────────────┘ │ Provisioned ▼ ┌───────────────┬───────────────────────┐ │ STEP 5-6: RELAY + DNS RECORDS │ │ ───────────────────────────────── │ │ • Register domain with AWS SES │ │ • Auto-generate MX SPF DKIM DMARC │ │ • Return complete DNS record set │ └───────────────┴───────────────────────┘ │ Delivered ▼ ┌───────────────┬───────────────────────┐ │ STEP 7: APPLICATION SYNC │ │ ───────────────────────────────── │ │ • Write IMAP/SMTP to SaaS instance │ │ • ERP email account auto-configured │ │ • Zero manual config required │ └───────────────────────────────────────┘ # Single API call → Full mail environment
Runtime Specifications
mail-engine@menasaas:~$ Loading runtime specifications...
mail-engine@menasaas:~$ Backend: Flask (Python 3.9+)
mail-engine@menasaas:~$ ORM: SQLAlchemy + PostgreSQL
mail-engine@menasaas:~$ DNS: dnspython (live TXT lookup)
mail-engine@menasaas:~$ Outbound Relay: AWS SES
mail-engine@menasaas:~$ Protocols: IMAP (993) + SMTP (587)
mail-engine@menasaas:~$ Records: MX, SPF, DKIM, DMARC, A
mail-engine@menasaas:~$ Security: DKIM signing + TLS enforced
mail-engine@menasaas:~$ Isolation: Per-domain admin scope
mail-engine@menasaas:~$ Quota Engine: Plan-driven limits
mail-engine@menasaas:~$ Password: Cryptographically secure
mail-engine@menasaas:~$ ERP Binding: ERPNext / Odoo / SMTP
mail-engine@menasaas:~$ Lifecycle: Provision → Suspend → Teardown
mail-engine@menasaas:~$ Provisioning time: < 2 minutes ✓
mail-engine@menasaas:~$ All systems operational ✓

CORE ENGINE

Plug-In Enterprise Mail for Any SaaS Platform

MAIL PROVISIONING ENGINE

One Integration. Full Business Email Stack.

Most SaaS platforms handle software provisioning well — but leave business email as a manual afterthought. This engine closes that gap by treating email as a first-class provisioned resource, identical in lifecycle to a database instance or a server deployment.

Any SaaS vendor can integrate this engine to offer customers professional, domain-isolated business email without building or managing any mail infrastructure themselves. The engine handles everything: domain verification, DNS, mailbox creation, relay setup, and binding to the application layer — fully automated, fully isolated per tenant.

Python / Flask REST API DNS Automation AWS SES Relay Domain Verification SQLAlchemy ORM Multi-Tenant Isolation ERPNext / Odoo Binding
Engine Capabilities:
Domain ownership verification via live DNS
Plan-driven quota enforcement per tenant
Cryptographically secure password generation
Complete DNS record set auto-generated
AWS SES registration + DKIM auto-config
Isolated domain admin — no cross-tenant access
IMAP/SMTP credentials written to ERP instance
Full lifecycle: provision → suspend → teardown
Core Provisioning Logic:
# Mail Engine — Core Flow
def provision_mail_domain(user_id, domain_name, plan, app_instance):
  # 1. Verify ownership via live DNS TXT lookup
  verified = verify_domain_ownership(domain_name, user_id)
  if not verified: return "OWNERSHIP_UNVERIFIED"
  # 2. Onboard domain with plan-derived quotas
  add_domain(domain_name, mailboxes=plan.users, quota=plan.quota_mb)
  # 3. Create admin mailbox + domain admin
  password = generate_secure_password(length=16)
  add_mailbox("info", domain_name, password)
  add_domain_admin(user_id, domain_name, password)
  # 4. Register with outbound relay → get DKIM, SPF records
  relay_data = setup_ses_identity(domain_name)
  # 5. Generate complete DNS record set for customer
  dns_records = generate_dns_records(domain_name, relay_data)
  # 6. Bind mailbox to SaaS/ERP instance — zero manual config
  sync_to_application(app_instance, "info@" + domain_name, password)
  return {"status": "PROVISIONED", "dns": dns_records}

ENGINE MODULES

Four Functional Layers of the Mail Engine

MODULE 1 — DELIVERABILITY

Enterprise Inbox Rates

SPF, DKIM, and DMARC are generated and configured automatically on domain provisioning. Outbound mail routes through AWS SES — ensuring industry-leading deliverability with zero manual configuration on either the vendor or customer side.

SPF Auto-Config DKIM Auto-Config DMARC Auto-Config AWS SES Relay TLS Enforced
MODULE 2 — ISOLATION

Complete Multi-Tenant Isolation

Every domain is a fully isolated tenant. Quota limits, mailbox caps, and admin access are scoped strictly per domain. No cross-tenant data exposure is architecturally possible. Domain admin accounts cannot access any other customer's mail environment.

Per-Domain Quotas Isolated Admin Scope Plan-Driven Limits Ownership Verification
MODULE 3 — APPLICATION SYNC

Zero-Config ERP Binding

On provisioning completion, the engine writes IMAP/SMTP credentials and server settings directly into the customer's application instance. ERPNext, Odoo, or any SMTP-compatible platform — no manual configuration step required on either side.

ERPNext Binding Odoo Compatible IMAP port 993 SMTP port 587 Auto-Credential Sync
MODULE 4 — LIFECYCLE

Full Domain Lifecycle Management

The engine handles the complete resource lifecycle: provisioning, DNS validation, credential rotation, status management, subscription-linked suspension, and clean domain teardown — all via API, all logged, all reversible.

DNS Validation Credential Rotation Subscription Suspension Clean Teardown Full Audit Log

API ARCHITECTURE

RESTful Endpoints Exposed by the Engine

POST /api/email/domains — Provision new mail domain
POST /api/email/domains/verify-ownership — DNS TXT verification
POST /api/email/domains/{domain}/mailboxes — Create mailbox
GET /api/email/domains/{domain}/dns — Retrieve DNS record set
POST /api/email/domains/{domain}/verify-dns — Validate propagation
PUT /api/email/domains/{domain}/password — Rotate credentials
PUT /api/email/domains/{domain}/status — Update domain state
DEL /api/email/domains/{domain} — Full domain teardown

TECHNICAL SPECIFICATIONS

Database Schema & Data Architecture

Mail Engine Database Models

Model Key Fields Relationship Purpose
EmailServiceDomain domain_name, admin_email, max_mailboxes, status, email_service_type One-to-One (Subscription) Core domain record per tenant
EmailDNSSettings mx_value, spf_value, dkim_host, dkim_value, ses_dkim_1/2/3, server_ip One-to-One (Domain) Complete DNS configuration store
Domain Admin admin_username, admin_password_hash, domain_id One-to-One (Domain) Isolated admin credentials per domain
Subscription Link subscription_id, launch_id, max_mailboxes, plan_quota_mb Many-to-One (User) Plan enforcement and quota binding

Integrate Enterprise Mail into Your SaaS

This engine is available as a deployable module for SaaS vendors who want to offer professional business email as part of their product — without managing any mail infrastructure themselves. Already live inside Managely Cloud.

DISCUSS INTEGRATION

Commission Mail Infrastructure

Direct engagement with the Engineering Unit for custom integrations

Technical Liaison

menasaas@techstation.com.eg

Direct Contact

+2 010 9999 5413

The Infrastructure Engineering Partner for Software Vendors