Powermta Configuration Guide Top Site

<dkim mydkim>
    sign yes
    selector pmta2024
    domain senderdomain.com
    key-file /etc/pmta/dkim/private.key
    canonicalization relaxed/simple
    sign-headers From:Date:Subject:To:Message-ID
</dkim>

Attach to VMTA:

<virtual-mta primary>
    dkim mydkim
</virtual-mta>

Throttling protects you from being blacklisted. Configure per-domain policies:

<domain *>
    # Default for all domains
    max-msg-per-connection 100
    max-errors-per-domain 5
    idle-timeout 120
</domain>
<domain gmail.com>
max-msg-per-hour 200000      # Respect Gmail's limits
max-msg-rate 50/second       # Slower warmup
dns-timeout 45
use-starttls yes             # Always TLS if available
</domain>
<domain yahoo.com>
max-msg-per-hour 150000
max-msg-rate 40/second
dns-timeout 60
bounce-pattern-file /etc/pmta/bounce_patterns/yahoo.ptr
</domain> powermta configuration guide top
<domain microsoft.com>   # Outlook/Hotmail
max-msg-rate 20/second      # Very strict
max-msg-per-hour 50000
# Use their smart host for better delivery
smtp-route mail.protection.outlook.com
</domain>

Pro tip: Use a warmup schedule for new IPs. Start with max-msg-rate 5/second on new domains, increase by 10% daily. Throttling protects you from being blacklisted

<domain gmail.com vmta="main"> max-smtp-out 20 max-msg-rate 8/s max-msg-per-connection 50 use-starttls always initial-pts 60 </domain>

<domain * vmta="main"> max-smtp-out 100 max-msg-rate 100/s max-msg-per-connection 100 use-starttls if-supported initial-pts 30 </domain>

Hide your server version.

smtp-greeting "ESMTP Service Ready"

<smtp-listener 0.0.0.0:25> protocol injection </smtp-listener>

PowerMTA supports various authentication methods, including SASL, TLS, and authentication using external scripts. Here's an example of configuring SASL authentication:

auth 
  mechanism = sasl;
  sasl_server = /usr/lib/sasl2;

Before hitting "Start," run these commands. To track which recipient bounced

To track which recipient bounced, use Variable Envelope Return Path (VERP).

<domain *>
    bounce-verp-address "bounce+$r@bounces.mydomain.com"
    bounce-verp-pattern "$r+$h@bounces.mydomain.com"
    # Critical: Only VERP for hard bounces to save resources
    bounce-verp-on-hard yes
    bounce-verp-on-delay no
</domain>