A New Version of this Guide is Available

Register now to unlock:

  • complete guide
  • unblur all images
  • members area
  • downloads page

Here are a few examples of how to create a config file for your PowerMTA server.

NOTE:
Mumara users don't need to do this on their own. Just follow the installation process "Integrations > PMTA Integration" and you will get a config file for each PowerMTA server that you will add.

PMTA Must Have Parts

http-mgmt-port 5555 # Set port for PMTA Monitor
http-access YOUR_IP admin # Enter your IP so you will be able to change config in PMTA Monitor
http-access 127.0.0.1 monitor # Enable Monitoring access from localhost. Make sure you never set this to 0/0 or people will be able to access your log files and see what and who you send emails to!

postmaster [email protected] # Set email of postmaster
host-name srv.example.com # Set your hostname here
<domain example.com>
deliver-local-dsn yes
</domain>

smtp-listener 127.0.0.1:6666 # If running local PMTA leave this as it is. If this is external PMTA set this to the IP of your MTA server

relay-domain example.com # Your domain

We also need some other parts so PMTA will keep logs we can use in EMS to process bounces.

# Logging file
log-file /etc/pmta/log/pmta.log # logrotate is used for rotation
log-rotate 10 # number of files; 0 disables rotation

# Accounting file(s)
<acct-file /etc/pmta/files/acct.csv>
record-fields delivery *,envId,jobId,bounceCat
move-interval 5m
delete-after 7d
max-size 100M
user-string from
</acct-file>

# transient errors (soft bounces)
<acct-file /etc/pmta/files/diag.csv>
move-interval 1d
delete-after 7d
records t
</acct-file>

# spool directories
spool /var/spool/pmta

Now let's add some bounce rules

<bounce-category-patterns>
 /spam/ spam-related
 /junk mail/ spam-related
 /blacklist/ spam-related
 /blocked/ spam-related
 /\bU\.?C\.?E\.?\b/ spam-related
 /\bAdv(ertisements?)?\b/ spam-related
 /unsolicited/ spam-related
 /\b(open)?RBL\b/ spam-related
 /realtime blackhole/ spam-related
 /http:\/\/basic.wirehub.nl\/blackholes.html/ spam-related
 /\bvirus\b/ virus-related
 /message +content/ content-related
 /content +rejected/ content-related
 /quota/ quota-issues
 /limit exceeded/ quota-issues
 /mailbox +(is +)?full/ quota-issues
 /\bstorage\b/ quota-issues
 /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee) (has|has been|is)? *(currently|temporarily +)?(disabled|expired|inactive|not activated)/ inactive-mailbox
 /(conta|usu.rio) inativ(a|o)/ inactive-mailbox
 /Too many (bad|invalid|unknown|illegal|unavailable) (user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)/ other
 /(No such|bad|invalid|unknown|illegal|unavailable) (local +)?(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)/ bad-mailbox
 /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee) +(\S+@\S+ +)?(not (a +)?valid|not known|not here|not found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox
 /\S+@\S+ +(is +)?(not (a +)?valid|not known|not here|not found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox
 /no mailbox here by that name/ bad-mailbox
 /my badrcptto list/ bad-mailbox
 /not our customer/ bad-mailbox
 /no longer (valid|available)/ bad-mailbox
 /have a \S+ account/ bad-mailbox
 /\brelay(ing)?/ relaying-issues
 /domain (retired|bad|invalid|unknown|illegal|unavailable)/ bad-domain
 /domain no longer in use/ bad-domain
 /domain (\S+ +)?(is +)?obsolete/ bad-domain
 /denied/ policy-related
 /prohibit/ policy-related
 /rejected/ policy-related
 /refused/ policy-related
 /allowed/ policy-related
 /banned/ policy-related
 /policy/ policy-related
 /suspicious activity/ policy-related
 /bad sequence/ protocol-errors
 /syntax error/ protocol-errors
 /\broute\b/ routing-errors
 /\bunroutable\b/ routing-errors
 /\bunrouteable\b/ routing-errors
 /^2.\d.\d/ success
 /^[45]\.1\.1/ bad-mailbox
 /^[45]\.1\.2/ bad-domain
 /^[45]\.3\.5/ bad-configuration
 /^[45]\.4\.1/ no-answer-from-host
 /^[45]\.4\.2/ bad-connection
 /^[45]\.4\.4/ routing-errors
 /^[45]\.4\.6/ routing-errors
 /^[45]\.4\.7/ message-expired
 /^[45]\.7\.1/ policy-related
 // other # catch-all
</bounce-category-patterns>

And Backoff rules so PMTA will lower the number of sent emails in case of any problems

<smtp-pattern-list backoff>
 reply /421 PR(ct1)/ mode=backoff
 reply /^550 SC-001/ mode=backoff
 reply /420 Resources unavailable temporarily/ mode=backoff
 reply /^Resources unavailable temporarily/ mode=backoff
 reply /^421/ mode=backoff
 reply /^450/ mode=backoff
 reply /^try later/ mode=backoff
 reply /^553/ mode=backoff
 reply /^421/ mode=backoff
 reply /^550/ mode=backoff
 reply /^553/ mode=backoff
 reply /^550 SC-001/ mode=backoff
 reply /^421 4.7.0/ mode=backoff
 reply /^busy/ mode=backoff
 reply /^WSAECONNREFUSED/ mode=backoff
 reply /^WSAECONNRESET/ mode=backoff
 reply /^Connection attempt failed/ mode=backoff
</smtp-pattern-list>

<smtp-pattern-list common-errors> 
 reply /generating high volumes of.* complaints from AOL/ mode=backoff 
 reply /Excessive unknown recipients - possible Open Relay/ mode=backoff 
 reply /^421 .* too many errors/ mode=backoff 
 reply /blocked.*spamhaus/ mode=backoff 
 reply /451 Rejected/ mode=backoff 
</smtp-pattern-list>

<smtp-pattern-list blocking-errors>
 # A QUEUE IN BACKOFF MODE WILL SEND MORE SLOWLY
 # To place a queue back into normal mode, a command similar
 # to one of the following will need to be run:
 # pmta set queue --mode=normal yahoo.com
 # or
 # pmta set queue --mode=normal yahoo.com/vmta1

#AOL Errors
 reply /421 .* SERVICE NOT AVAILABLE/ mode=backoff
 reply /generating high volumes of.* complaints from AOL/ mode=backoff
 reply /554 .*aol.com/ mode=backoff
 reply /421dynt1/ mode=backoff
 reply /HVU:B1/ mode=backoff
 reply /DNS:NR/ mode=backoff
 reply /RLY:NW/ mode=backoff
 reply /DYN:T1/ mode=backoff
 reply /RLY:BD/ mode=backoff
 reply /RLY:CH2/ mode=backoff
 #
 #Yahoo Errors
 reply /421 .* Please try again later/ mode=backoff
 reply /421 Message temporarily deferred/ mode=backoff
 reply /VS3-IP5 Excessive unknown recipients/ mode=backoff
 reply /VSS-IP Excessive unknown recipients/ mode=backoff
 #
 # The following 4 Yahoo errors may be very common
 # Using them may result in high use of backoff mode
 #
 reply /\[GL01\] Message from/ mode=backoff
 reply /\[TS01\] Messages from/ mode=backoff
 reply /\[TS02\] Messages from/ mode=backoff
 reply /\[TS03\] All messages from/ mode=backoff
 #
 #Hotmail Errors
 reply /exceeded the rate limit/ mode=backoff
 reply /exceeded the connection limit/ mode=backoff
 reply /Mail rejected by Windows Live Hotmail for policy reasons/ mode=backoff
 reply /mail.live.com\/mail\/troubleshooting.aspx/ mode=backoff
 #
 #Adelphia Errors
 reply /421 Message Rejected/ mode=backoff
 reply /Client host rejected/ mode=backoff
 reply /blocked using UCEProtect/ mode=backoff
 #
 #Road Runner Errors
 reply /Mail Refused/ mode=backoff
 reply /421 Exceeded allowable connection time/ mode=backoff
 reply /amIBlockedByRR/ mode=backoff
 reply /block-lookup/ mode=backoff
 reply /Too many concurrent connections from source IP/ mode=backoff
 #
 #General Errors
 reply /too many/ mode=backoff
 reply /Exceeded allowable connection time/ mode=backoff
 reply /Connection rate limit exceeded/ mode=backoff
 reply /refused your connection/ mode=backoff
 reply /try again later/ mode=backoff
 reply /try later/ mode=backoff
 reply /550 RBL/ mode=backoff
 reply /TDC internal RBL/ mode=backoff
 reply /connection refused/ mode=backoff
 reply /please see www.spamhaus.org/ mode=backoff
 reply /Message Rejected/ mode=backoff
 reply /refused by antispam/ mode=backoff
 reply /Service not available/ mode=backoff
 reply /currently blocked/ mode=backoff
 reply /locally blacklisted/ mode=backoff
 reply /not currently accepting mail from your ip/ mode=backoff
 reply /421.*closing connection/ mode=backoff
 reply /421.*Lost connection/ mode=backoff
 reply /476 connections from your host are denied/ mode=backoff
 reply /421 Connection cannot be established/ mode=backoff
 reply /421 temporary envelope failure/ mode=backoff
 reply /421 4.4.2 Timeout while waiting for command/ mode=backoff
 reply /450 Requested action aborted/ mode=backoff
 reply /550 Access denied/ mode=backoff
 reply /exceeded the rate limit/ mode=backoff
 reply /421rlynw/ mode=backoff
 reply /permanently deferred/ mode=backoff
 reply /\d+\.\d+\.\d+\.\d+ blocked/ mode=backoff
 reply /www\.spamcop\.net\/bl\.shtml/ mode=backoff
 reply /generating high volumes of.* complaints from AOL/ mode=backoff 
 reply /Excessive unknown recipients - possible Open Relay/ mode=backoff 
 reply /^421 .* too many errors/ mode=backoff 
 reply /blocked.*spamhaus/ mode=backoff 
 reply /451 Rejected/ mode=backoff 
 reply /rate limit exceeded/ mode=backoff
 reply /Our system has detected an unusual rate of unsolicited mail/ mode=backoff
</smtp-pattern-list>

Now we can add custom domain rules. Here is an example:

<domain somedomain.com>
 max-smtp-out 10 # prevent "exceeded the connection limit"
 max-msg-rate 80/h # prevent "exceeded the rate limit"
 max-msg-per-connection 10
 dk-sign yes 
 dkim-sign yes
 dkim-identity sender-or-from
 log-transfer-failures yes 
 log-connections yes
 log-commands yes
 retry-after 10m
 bounce-after 2d12h
 smtp-421-means-mx-unavailable yes
 smtp-pattern-list backoff
 backoff-to-normal-after 2h
 backoff-to-normal-after-delivery true
 backoff-max-msg-rate 10/h
 backoff-retry-after 30m
 smtp-421-means-mx-unavailable yes
 bounce-upon-no-mx yes
 smtp-pattern-list backoff # This is the Back off patern we created before
</domain>

<domain *>
  max-smtp-out 2 # default be nice on concurrent connections
  max-msg-per-connection 10 # max 500 mails in one session
  max-errors-per-connection 10 # avoid 'too long without data command' error
  bounce-upon-no-mx yes # proper mail domains should have mx
  assume-delivery-upon-data-termination-timeout yes # avoid duplicate deliveries
  retry-after 10m # typical greylisting period
  bounce-after 4d # default 4d12h
  smtp-pattern-list backoff
  backoff-max-msg-rate 1/m # send only regular tries during backoff (default unlimited)
  backoff-retry-after 30m # retry at least every 20m (default 1h)
  #backoff-notify # disable backoff notifications
  backoff-to-normal-after-delivery yes # revert to normal asap (default no)
  backoff-to-normal-after 2h # always revert to normal after 1h (default never)
  dk-sign yes
  dkim-sign yes
  dkim-identity sender-or-from
  use-starttls yes 
  require-starttls no
</domain>

Keep in mind that in the example above sending limits for somedomain.com are set really low. People tend to make one big mistake and do not warm up their IPs. They want to start sending as soon as possible and forget about Black lists and spam filters. You must change this!

Now we have almost everything ready. It's time to add sources, smtps, and dkims.

It should look like this


LOCKED CONTENT!

Locked content

Create an account

Unlock guide parts, Unblur images in guide, Access members area and downloads page.

With a config file like this, your PMTA monitor is running on port 5555 and your PMTA SMTP on port 6666.