A New Version of this Guide is Available
Register now to unlock:
- complete guide
- unblur all images
- members area
- downloads page
Here are a few examples of how to create a config file for your PowerMTA server.
NOTE:
Mumara users don't need to do this on their own. Just follow the installation process "Integrations > PMTA Integration" and you will get a config file for each PowerMTA server that you will add.
PMTA Must Have Parts
http-mgmt-port 5555 # Set port for PMTA Monitor http-access YOUR_IP admin # Enter your IP so you will be able to change config in PMTA Monitor http-access 127.0.0.1 monitor # Enable Monitoring access from localhost. Make sure you never set this to 0/0 or people will be able to access your log files and see what and who you send emails to! postmaster [email protected] # Set email of postmaster host-name srv.example.com # Set your hostname here <domain example.com> deliver-local-dsn yes </domain> smtp-listener 127.0.0.1:6666 # If running local PMTA leave this as it is. If this is external PMTA set this to the IP of your MTA server relay-domain example.com # Your domain
We also need some other parts so PMTA will keep logs we can use in EMS to process bounces.
# Logging file log-file /etc/pmta/log/pmta.log # logrotate is used for rotation log-rotate 10 # number of files; 0 disables rotation # Accounting file(s) <acct-file /etc/pmta/files/acct.csv> record-fields delivery *,envId,jobId,bounceCat move-interval 5m delete-after 7d max-size 100M user-string from </acct-file> # transient errors (soft bounces) <acct-file /etc/pmta/files/diag.csv> move-interval 1d delete-after 7d records t </acct-file> # spool directories spool /var/spool/pmta
Now let's add some bounce rules
<bounce-category-patterns> /spam/ spam-related /junk mail/ spam-related /blacklist/ spam-related /blocked/ spam-related /\bU\.?C\.?E\.?\b/ spam-related /\bAdv(ertisements?)?\b/ spam-related /unsolicited/ spam-related /\b(open)?RBL\b/ spam-related /realtime blackhole/ spam-related /http:\/\/basic.wirehub.nl\/blackholes.html/ spam-related /\bvirus\b/ virus-related /message +content/ content-related /content +rejected/ content-related /quota/ quota-issues /limit exceeded/ quota-issues /mailbox +(is +)?full/ quota-issues /\bstorage\b/ quota-issues /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee) (has|has been|is)? *(currently|temporarily +)?(disabled|expired|inactive|not activated)/ inactive-mailbox /(conta|usu.rio) inativ(a|o)/ inactive-mailbox /Too many (bad|invalid|unknown|illegal|unavailable) (user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)/ other /(No such|bad|invalid|unknown|illegal|unavailable) (local +)?(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)/ bad-mailbox /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee) +(\S+@\S+ +)?(not (a +)?valid|not known|not here|not found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox /\S+@\S+ +(is +)?(not (a +)?valid|not known|not here|not found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox /no mailbox here by that name/ bad-mailbox /my badrcptto list/ bad-mailbox /not our customer/ bad-mailbox /no longer (valid|available)/ bad-mailbox /have a \S+ account/ bad-mailbox /\brelay(ing)?/ relaying-issues /domain (retired|bad|invalid|unknown|illegal|unavailable)/ bad-domain /domain no longer in use/ bad-domain /domain (\S+ +)?(is +)?obsolete/ bad-domain /denied/ policy-related /prohibit/ policy-related /rejected/ policy-related /refused/ policy-related /allowed/ policy-related /banned/ policy-related /policy/ policy-related /suspicious activity/ policy-related /bad sequence/ protocol-errors /syntax error/ protocol-errors /\broute\b/ routing-errors /\bunroutable\b/ routing-errors /\bunrouteable\b/ routing-errors /^2.\d.\d/ success /^[45]\.1\.1/ bad-mailbox /^[45]\.1\.2/ bad-domain /^[45]\.3\.5/ bad-configuration /^[45]\.4\.1/ no-answer-from-host /^[45]\.4\.2/ bad-connection /^[45]\.4\.4/ routing-errors /^[45]\.4\.6/ routing-errors /^[45]\.4\.7/ message-expired /^[45]\.7\.1/ policy-related // other # catch-all </bounce-category-patterns>
And Backoff rules so PMTA will lower the number of sent emails in case of any problems
<smtp-pattern-list backoff> reply /421 PR(ct1)/ mode=backoff reply /^550 SC-001/ mode=backoff reply /420 Resources unavailable temporarily/ mode=backoff reply /^Resources unavailable temporarily/ mode=backoff reply /^421/ mode=backoff reply /^450/ mode=backoff reply /^try later/ mode=backoff reply /^553/ mode=backoff reply /^421/ mode=backoff reply /^550/ mode=backoff reply /^553/ mode=backoff reply /^550 SC-001/ mode=backoff reply /^421 4.7.0/ mode=backoff reply /^busy/ mode=backoff reply /^WSAECONNREFUSED/ mode=backoff reply /^WSAECONNRESET/ mode=backoff reply /^Connection attempt failed/ mode=backoff </smtp-pattern-list> <smtp-pattern-list common-errors> reply /generating high volumes of.* complaints from AOL/ mode=backoff reply /Excessive unknown recipients - possible Open Relay/ mode=backoff reply /^421 .* too many errors/ mode=backoff reply /blocked.*spamhaus/ mode=backoff reply /451 Rejected/ mode=backoff </smtp-pattern-list> <smtp-pattern-list blocking-errors> # A QUEUE IN BACKOFF MODE WILL SEND MORE SLOWLY # To place a queue back into normal mode, a command similar # to one of the following will need to be run: # pmta set queue --mode=normal yahoo.com # or # pmta set queue --mode=normal yahoo.com/vmta1 #AOL Errors reply /421 .* SERVICE NOT AVAILABLE/ mode=backoff reply /generating high volumes of.* complaints from AOL/ mode=backoff reply /554 .*aol.com/ mode=backoff reply /421dynt1/ mode=backoff reply /HVU:B1/ mode=backoff reply /DNS:NR/ mode=backoff reply /RLY:NW/ mode=backoff reply /DYN:T1/ mode=backoff reply /RLY:BD/ mode=backoff reply /RLY:CH2/ mode=backoff # #Yahoo Errors reply /421 .* Please try again later/ mode=backoff reply /421 Message temporarily deferred/ mode=backoff reply /VS3-IP5 Excessive unknown recipients/ mode=backoff reply /VSS-IP Excessive unknown recipients/ mode=backoff # # The following 4 Yahoo errors may be very common # Using them may result in high use of backoff mode # reply /\[GL01\] Message from/ mode=backoff reply /\[TS01\] Messages from/ mode=backoff reply /\[TS02\] Messages from/ mode=backoff reply /\[TS03\] All messages from/ mode=backoff # #Hotmail Errors reply /exceeded the rate limit/ mode=backoff reply /exceeded the connection limit/ mode=backoff reply /Mail rejected by Windows Live Hotmail for policy reasons/ mode=backoff reply /mail.live.com\/mail\/troubleshooting.aspx/ mode=backoff # #Adelphia Errors reply /421 Message Rejected/ mode=backoff reply /Client host rejected/ mode=backoff reply /blocked using UCEProtect/ mode=backoff # #Road Runner Errors reply /Mail Refused/ mode=backoff reply /421 Exceeded allowable connection time/ mode=backoff reply /amIBlockedByRR/ mode=backoff reply /block-lookup/ mode=backoff reply /Too many concurrent connections from source IP/ mode=backoff # #General Errors reply /too many/ mode=backoff reply /Exceeded allowable connection time/ mode=backoff reply /Connection rate limit exceeded/ mode=backoff reply /refused your connection/ mode=backoff reply /try again later/ mode=backoff reply /try later/ mode=backoff reply /550 RBL/ mode=backoff reply /TDC internal RBL/ mode=backoff reply /connection refused/ mode=backoff reply /please see www.spamhaus.org/ mode=backoff reply /Message Rejected/ mode=backoff reply /refused by antispam/ mode=backoff reply /Service not available/ mode=backoff reply /currently blocked/ mode=backoff reply /locally blacklisted/ mode=backoff reply /not currently accepting mail from your ip/ mode=backoff reply /421.*closing connection/ mode=backoff reply /421.*Lost connection/ mode=backoff reply /476 connections from your host are denied/ mode=backoff reply /421 Connection cannot be established/ mode=backoff reply /421 temporary envelope failure/ mode=backoff reply /421 4.4.2 Timeout while waiting for command/ mode=backoff reply /450 Requested action aborted/ mode=backoff reply /550 Access denied/ mode=backoff reply /exceeded the rate limit/ mode=backoff reply /421rlynw/ mode=backoff reply /permanently deferred/ mode=backoff reply /\d+\.\d+\.\d+\.\d+ blocked/ mode=backoff reply /www\.spamcop\.net\/bl\.shtml/ mode=backoff reply /generating high volumes of.* complaints from AOL/ mode=backoff reply /Excessive unknown recipients - possible Open Relay/ mode=backoff reply /^421 .* too many errors/ mode=backoff reply /blocked.*spamhaus/ mode=backoff reply /451 Rejected/ mode=backoff reply /rate limit exceeded/ mode=backoff reply /Our system has detected an unusual rate of unsolicited mail/ mode=backoff </smtp-pattern-list>
Now we can add custom domain rules. Here is an example:
<domain somedomain.com> max-smtp-out 10 # prevent "exceeded the connection limit" max-msg-rate 80/h # prevent "exceeded the rate limit" max-msg-per-connection 10 dk-sign yes dkim-sign yes dkim-identity sender-or-from log-transfer-failures yes log-connections yes log-commands yes retry-after 10m bounce-after 2d12h smtp-421-means-mx-unavailable yes smtp-pattern-list backoff backoff-to-normal-after 2h backoff-to-normal-after-delivery true backoff-max-msg-rate 10/h backoff-retry-after 30m smtp-421-means-mx-unavailable yes bounce-upon-no-mx yes smtp-pattern-list backoff # This is the Back off patern we created before </domain> <domain *> max-smtp-out 2 # default be nice on concurrent connections max-msg-per-connection 10 # max 500 mails in one session max-errors-per-connection 10 # avoid 'too long without data command' error bounce-upon-no-mx yes # proper mail domains should have mx assume-delivery-upon-data-termination-timeout yes # avoid duplicate deliveries retry-after 10m # typical greylisting period bounce-after 4d # default 4d12h smtp-pattern-list backoff backoff-max-msg-rate 1/m # send only regular tries during backoff (default unlimited) backoff-retry-after 30m # retry at least every 20m (default 1h) #backoff-notify # disable backoff notifications backoff-to-normal-after-delivery yes # revert to normal asap (default no) backoff-to-normal-after 2h # always revert to normal after 1h (default never) dk-sign yes dkim-sign yes dkim-identity sender-or-from use-starttls yes require-starttls no </domain>
Keep in mind that in the example above sending limits for somedomain.com are set really low. People tend to make one big mistake and do not warm up their IPs. They want to start sending as soon as possible and forget about Black lists and spam filters. You must change this!
Now we have almost everything ready. It's time to add sources, smtps, and dkims.
It should look like this
LOCKED CONTENT!
Create an account
Unlock guide parts, Unblur images in guide, Access members area and downloads page.
With a config file like this, your PMTA monitor is running on port 5555 and your PMTA SMTP on port 6666.