FAQ for this step is available here.

Read TimeWork TimeVideo Time
Around 10 minutes

Alright, you got your DNS records set, your Main server with installed control panel, custom EMS, and PowerMTA Management Console, and in the last step you also got your MTA server with PowerMTA up and running.

In this step, we will do the following

  • Connect our Custom EMS with PowerMTA, later this will allow us to control PowerMTA from EMS. You'll be able to:
    • Download PowerMTA Configurations
    • Server Restart
    • Server Stop
    • Server Start
    • Reset PMTA Counters
    • Flush Queue
    • Open Web Monitor
    • Reset PMTA Server
  • Set tracking domains,
  • Assign sending domains and IPs, create SMTPs, bounces, ...,
  • Create a PowerMTA config file,
  • Configure TLS for PowerMTA,
  • Connect PowerMTA with the PowerMTA Management Console.

IMPORTANT: Should you find yourself immersed in this guide without pause, I highly recommend you take a moment to rest. Step outside, and let the natural world soothe your senses. A brief stroll in a park or woods could work wonders for rejuvenating your mind and eyes. Your well-being deserves this pause.

PowerMTA Setup within the EMS


If you are going to change the default SSH port to something else than port 22 (suggested) finish the "Change SSH port" step available here. When you are done with that continue here.

Open your browser and log in to your EMS. In the left menu go to "Setup>PowerMTA" and click the "Create New" button. You will see this:

Integration of PowerMTA with Ninja EMS

Login or sign up to see unblurred images.

As you can see the whole PowerMTA setup is divided into more easy-to-follow steps. Let's not waste time and get right to it.

Step 1 - Server

  • Name - This is for your reference only. Go with something like PMTA1, PMTA2, ...
  • Server OS - Pick the OS you are using on your MTA server. If you are following my guide you are using CentOS 8.
  • PowerMTA Version - Pick the PowerMTA version. If you are following my guide you are using 5.0.
  • Server IP - This is the IPv4 of your MTA server. You can open the DNS Creator file you generated for your MTA. You will need other info in the upcoming steps.
  • Port - Set this to the port SSH is listening to. If you followed my suggestion your SSH isn't using port 22.
  • Username - If not already set, enter root
  • Password - Password for root user on your MTA server. You use this password for SSH connections.

When you enter everything click on the green "Validate" button. If everything is correct you can continue to Step 2 (click "Next"). If not fix the problems.

Step 2 - PowerMTA

Content Locked

Login or sign up to see instructions for Step 2 of PowerMTA setup.

Click "Next" when you are ready.

IMPORTANT: Leave all other fields as they are!

Step 3 - IPs & Domains

  • Domains - Enter the domain names you have assigned to your server. If you have a single IP MTA server you will only enter one domain. If you are using more than one IP enter the same number of domains.
  • IPs - Same as the field before. If you use a multi-IP server make sure you enter IPs in the same order as you entered domains.

Step 4 - Mapping

In this step, we'll set the email used for sending. You can enter whatever you want here.

  • From Name - Set this to a name you want to use for your emails
  • From Email - Pick what's before the @. You can set this to whatever you want!
  • Reply Email - If a recipient clicks on reply what email should be used? You can set this to whatever you want you have catch-all enabled.
  • Process bounces from PowerMTA log files - Make sure this is checked.

Step 5 - Bounces

My favorite step. There is nothing to do here since bounces are processed from PowerMTA log files.

Just click "Next".

Step 6 - DNS

You will see something like this. Of course with your data and not the placeholders.

DNS records needed for PowerMTA

Login or sign up to see unblurred images.

Most of the DNS records should already be set if you are using the DNS Creator Tool or not. You only need to add two (2) and edit one (1).

Add the two records (A and TXT) for your main domain and in your MTA server DNS records edit the "dkim._domainkey.yourmtadomain.com" record and add the key after "p=".

Once you're done click on "Next"

Step 7 - Review

Just a review of your PowerMTA config file. Nothing to do here, just click the green "Finish" button.

EMS is now configuring your PowerMTA. You will see "Configuring PowerMTA process is running now, and this may take few minutes. Please do not leave this page until finished!"

Once it's done you will see your PowerMTA added to EMS. Now we can enable TLS.

Configure TLS for PowerMTA


Open your SSH client and connect to your MTA server. Run this command:

openssl req -new -x509 -days 3650 -nodes -out "/root/pmta.com.cert" -keyout "/root/pmta.com.key"

You will have to provide a few "answers". Do the following:

Country Name (2 letter code) [XX]:??  < SET THIS, pick 2 letter contry code
State or Province Name (full name) []: Enter
Locality Name (eg, city) [Default City]: Enter
Organization Name (eg, company) [Default Company Ltd]: Enter
Organizational Unit Name (eg, section): Enter
Common Name (eg, your name or your server's hostname) []:PMTA_HOSTNAME < SET THIS
Email Address []:YOUR_EMAIL < SET THIS

This generates a certificate needed to enable TLS. Now run this:

Content Locked

Login or sign up to see how to enable TLS on PowerMTA.

Your PowerMTA config file should now look like this:

PowerMTA TLS domains

Restart PowerMTA and you are done with this part. It's up to you how you want to restart it. You can do it from EMS or via the command line. Since we are already connected via SSH let's run this:

service pmta restart

Open PowerMTA Ports

Now that your PowerMTA is configured and running, there is one more thing to do to make it accessible to your Main server.


Go to your MTAs control panel and in the left menu click "Security". Now click the green "Add Rule" button. In the window that opens enter the ports you choose during PowerMTA Setup (previous step) for "SMTP Port" and "Management Port" (example: SMTP: 2525, Management: 8080). Separate them with a comma so it looks like this.

PowerMTA open ports

Click the green "Confirm" button and you are done. Now your MTA server can communicate with the outside world. In our case with our Main server.

Connect PowerMTA with the PowerMTA Management Console

For this step, you need to log in to your PowerMTA Management Console (on Main) and connect via SSH to your MTA server.

Before you can connect PowerMTA to the Management Console you must enable new connections in MC. In your PowerMTA Management Console click on "Node Management" (at the top) and then the "Accept New PowerMTAs" button.

PowerMTA Management Console - MAIN SERVER

Connect PowerMTA with PMTAMC

Open the SSH client where you are connected to your MTA server and run the following command:


Content Locked

Login or sign up to see how to connect PowerMTA Management Console with PowerMTA.

PowerMTA Management Console - MAIN SERVER

When you add all your MTA servers make sure you disallow new connections to PowerMTA Management Console by clicking the "Stop accepting new PowerMTAs" button.

Your PowerMTAs are now connected with the Management Console. You can see all connected PowerMTAs under "Node Management".

This is the end of this step. If rDNS and DNS changes are already propagated your MTA servers should have a 10/10 score on Mail Tester.

Perfect send score

Congratulations! You finished Step 3!

Continue to Step 4 and Fine-tune your servers, or check the FAQ if you encounter any problems during installation.