single instance multi-tenant service


Does anyone have experience of building a multi-tenant service for
processing incoming email using a single instance of Postfix? I'm
talking about an Internet-facing service where all service subscribers
configure their MX records to point to the same host, running a single
instance of Postfix configured to route email for different domains to
different back-end systems.

Is Postfix suitable for offering this type service, or are there
security concerns e.g. leaking information from one tenant to another?

Would adding a new tenant to the system (i.e. a new route in Postfix)
require a restart, interrupting mail flow for existing tenants?

Would the service be able to serve up different TLS certificates for
different subscribers, or would it have to respond with the same
certificate for all subscribers?

Many thanks and apologies if this has been answered before.