Powermta Configuration Guide Top [work]

Setting up PowerMTA (PMTA) involves a mix of server-side installation, DNS authentication, and fine-tuning your configuration file to ensure high deliverability. 1. Key Configuration Directives

The heart of PowerMTA is the config file (usually located at /etc/pmta/config). You'll need to define how the server handles traffic for different providers.

Virtual MTAs: Group your IPs to manage reputation separately for different types of mail (e.g., transactional vs. marketing).

MX Rollups: Use to group domains that share the same mail servers (like Gmail and Google Workspace) so you can apply throttling rules to the entire group at once. powermta configuration guide top

Throttling: Control your sending speed to avoid being flagged by ISPs. For example, you can limit the max-msg-rate and max-conn-rate for sensitive domains like Gmail. 2. Essential Authentication Setup

To avoid the spam folder, your DNS records must be perfectly aligned with your PowerMTA configuration:

SPF, DKIM, and DMARC: These are mandatory for modern inbox delivery. You must generate a DKIM key in PMTA and add the corresponding public key to your DNS. Setting up PowerMTA (PMTA) involves a mix of

Reverse DNS (rDNS): Ensure your server's IP address resolves back to your sending domain. 3. Monitoring and Management New Features for PMTA 5.0 - SparkPost

---

Feedback loop for complaints (ISPs send ARF reports)

<fbl-handler> command "/usr/local/bin/pmta-fbl-handler.pl" smtp-port 25 accept-email fbl@yourdomain.com </fbl-handler>

Why this matters: PowerMTA won’t auto-remove bounces. You must read dsn.csv, parse the DSN codes, and unsubscribe/disable addresses. Feedback loop for complaints (ISPs send ARF reports)

5. Configure Authentication

PowerMTA supports various authentication methods, including SASL, TLS, and authentication using external scripts. Here's an example of configuring SASL authentication:

auth 
  mechanism = sasl;
  sasl_server = /usr/lib/sasl2;

Connection & Concurrency

| Parameter | Recommended Value | Why | | :--- | :--- | :--- | | max-smtp-out | 30 (Global), 2-20 (per domain) | Prevents local resource exhaustion | | smtp-out-connection-timeout | 60s | Drop dead connections fast | | smtp-out-data-timeout | 180s | Allow large attachments but don't wait forever | | queue-sync-interval | 10 | Flush metadata to disk frequently | | max-recipients-per-message | 100 | Avoids fragmentation on big ESPs |

9. Secure PowerMTA

To secure PowerMTA, you can:

• Use TLS encryption for secure email delivery.
• Configure authentication using SASL or external scripts.
• Limit access to the PowerMTA server using firewall rules.

Example:

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT