Showing posts with label PMTA. Show all posts
Showing posts with label PMTA. Show all posts

Tuesday, May 9, 2023

Steps to configure after PowerMTA Installation

 Steps:

1. Setup PMTA

2. Install Open SSL & Make Certchain with key & cert

3. Create Selector,Generate DKIM public & Private keys 

4. Create CNAME with selector and point to TXT record having public key values

5. Create .pem file in specified directory and add corresponding DKIM private key(s)

6. Setup Master and Subordinate SPF

7. Set PTR & corresponding hostname for IPs

8. Set DMARC, BIMI , MTA STS record

9. Create & setup Domain config file

10. Create & setup PMTA config file 

11. Start PMTA, Test Deliverability

Saturday, February 11, 2023

Add Domain specific DKIM in PMTA config

#MTAs

<virtual-mta ip1>

    smtp-source-host 192.198.0.1 host.domain.tld

    <domain *>

        max-msg-rate 400/h

    </domain>

</virtual-mta>

#DKIM Keys

domain-key key1,domain1.tld,/etc/pmta/keys/key1.domain.tld

domain-key key2,domain2.tld,/etc/pmta/keys/key2.domain.tld

domain-key key3,domain3.tld,/etc/pmta/keys/key3.domain.tld

#Specify the DKIM for specific Domain using Directive

<domain domain1.tld>

    dkim-sign yes

    smtp-hosts [127.0.0.1]:587

    dkim-identity @domain1.tld

</domain>

<domain domain2.tld>

    dkim-sign yes

    smtp-hosts [127.0.0.1]:587

    dkim-identity @domain2.tld

</domain>

<domain domain3.tld>

    dkim-sign yes

    smtp-hosts [127.0.0.1]:587

    dkim-identity @domain3.tld

</domain>

#CALL PMTA POOL for Rotation

<virtual-mta-pool pmta-pool>

    virtual-mta ip1

</virtual-mta-pool>


Friday, January 20, 2023

Install PMTA Management Console

yum install ntp (if not installed)
=======================
Install PMTAMC
=======================

Upload pmconsole1.5r19 to path /root/PMTA/ and run below commands

cd /root/PMTA/pmconsole1.5r19

rpm -ivh PowerMTA-MC-infrastructure-1.5r19-201906071449.x86_64.rpm

rpm -ivh PowerMTA-MC-1.5r19-201906071449.x86_64.rpm

service pmtamc stop

rm -rf /opt/pmtamc/glassfish/glassfish/domains/domain1/applications/pmtamc/WEB-INF/classes/com/port25/webui/security/Lak.class

cd /root/PMTA/pmconsole1.5r19/opt/pmtamc/glassfish/domains/domain1/applications/j2ee-modules/pmtamc/WEB-INF/classes/com/port25/webui/security

cp Lak.class /opt/pmtamc/glassfish/glassfish/domains/domain1/applications/pmtamc/WEB-INF/classes/com/port25/webui/security

rm -rf /opt/pmtamc/glassfish/glassfish/wars/pmtamc.war

cd /root/PMTA/pmconsole1.5r19/opt/pmtamc/glassfish/wars

cp pmtamc.war /opt/pmtamc/glassfish/glassfish/wars

cd /root/PMTA/pmconsole1.5r19

cp license /etc/pmtamc

service pmtamc start

open ports  (8181 8282 4848 3700 7676 8686)

++++++++++++++++++++++++++++

Register PMTA in PMTAMC

++++++++++++++++++++++++++++

http://examplepmtamc.com:{PORT}/pmtamc/nodemanagement/

PowerMTA Node Registration: Accept new PowerMTAs

pmta register --label={Name} --pmtamc-port={PORT} {HOST}

example

pmta register --label=softo --webmon-port=19000 --pmtamc-port=8181 157.245.221.117

----------------------------------------------------------------------------------------


 

Sunday, November 7, 2021

PowerMTA Multiple Virtual PMTA Custom config file (version PowerMTA-5.0r1)

 ############################################################################

# BEGIN: BACKOFF RULES


#N: ISP rules

############################################################################

# domains that resolve to mx?.hotmail.com

domain-macro hotmail hotmail.com,msn.com,hotmail.co.uk,hotmail.fr,live.com,hotmail.it,hotmail.de,email.msn.com,email.hotmail.com,email.msn.com,hotmail.com,live.com,msn.com,webtv.com,webtv.net

<domain $hotmail>

    max-smtp-out 1 # prevent "exceeded the connection limit"

    max-msg-rate 250/h # prevent "exceeded the rate limit"

</domain>


# domains that resolve to ?.mx.mail.yahoo.com

domain-macro yahoo yahoo.com,yahoo.ca,rocketmail.com,ymail.com,yahoo.com.au,geocities.com,yahoo.com.mx,yahoo.com.br,altavista.com,ameritech.net,att.net,bellsouth.net,attbroadband.com,attcanada.net,attglobal.com,attglobal.net,attnet.com,attworldnet.com,bellatlantic.net,bellatlantic.net,bellsouth.com,bellsouth.net,flash.net,netzero.net,nvbell.net,pacbell.net,prodigy.com,prodigy.net,sbcglobal.net,sbcglobal.net,snet.net,swbell.com,swbell.net,toast.net,usa.net,verizon.com,verizon.net,verizonmail.com,vzwpix.com,wans.net,worldnet.att.net,yahoo.net


<domain $yahoo>

    max-msg-per-connection 2 # yahoo policy

    max-msg-rate 250/h # prevent "exceeded the rate limit"

</domain>


# domains that resolve to mailin-0?.mx.aol.com

domain-macro aol aol.com,aim.com,aim.net,cs.com,netscape.com,wmconnect.net,netscape.net,cs.com,mail.com,wmconnect.com,icqmail.com,email.com,usa.com

<domain $aol>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

</domain>


# domains that resolve to (alt?.)gmail-smtp-in.l.google.com

domain-macro gmail gmail.com,googlemail.com

<domain $gmail>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

</domain>

# http://feedback.comcast.net/

 <domain comcast.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>

# Ameritrade, Amitrade

 <domain tdameritrade.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Ameritrade, Amitrade

 <domain ameritrade.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>

 # Broadband

 <domain charterinternet.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain comcast.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain comcast.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>



# Broadband

 <domain comcastwork.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain cox.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain cox.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain coxinternet.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain cox-internet.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Broadband

 <domain suddenlink.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>

# Broadband

 <domain windjammer.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain centurylink.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain centurylink.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain centurytel.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain centurytel.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain cswnet.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain emadisonriver.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain emadisonriver.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain embarq.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain embarq.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain embarqmail.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain grics.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain gulftel.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain mebtel.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain qwest.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain uswest.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain uswest.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain swestmail.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Century Link

 <domain uswestmail.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Cincinnati Bell

 <domain fuse.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Cincinnati Bell

 <domain fuse.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Cincinnati Bell

 <domain zoomnet.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Cincinnati Bell

 <domain zoomtown.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Cincinnati Bell

 <domain zoomtown.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Earthlink

 <domain earthlink.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Earthlink

 <domain earthlink.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Earthlink

 <domain mindspring.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Earthlink

 <domain netcom.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Godaddy

 <domain Inbox.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Godaddy

 <domain outblaze.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Iwon

 <domain excite.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Iwon

 <domain iwon.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Lycos

 <domain angelfire.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Lycos

 <domain lycos.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Lycos

 <domain lycosmail.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Lycos

 <domain mailcity.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Sprint

 <domain sprintpcs.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain rr.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain adelphia.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain adelphia.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain insightbb.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain roadrunner.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Time Warner

 <domain roadrunner.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# Tmobile

 <domain tmomail.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United Internet

 <domain gmx.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United Internet

 <domain mail.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United Online

 <domain juno.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United Online

 <domain netzero.com>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United Online

 <domain unitedonline.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


# United XO

 <domain concentric.net>

    max-msg-rate 250/h # prevent "exceeded the rate limit"

 </domain>


 <domain *>

        use-starttls yes

        require-starttls no

 </domain>

############################################################################

# BEGIN: BACKOFF RULES

#<pattern-list myList>

#mail-from /admin@nicholashillmail.com/ virtual-mta=pmta-vmta19

#header from /admin@nicholashillmail.com/ virtual-mta=pmta-vmta19

#mail-from /admin@mx2.nicholashill.eu/ virtual-mta=pmta-vmta3

#header from /admin@mx2.nicholashill.eu/ virtual-mta=pmta-vmta3

#mail-from /admin@mx3.nicholashill.eu/ virtual-mta=pmta-vmta4

#header from /admin@mx3.nicholashill.eu/ virtual-mta=pmta-vmta4

#mail-from /admin@mx4.nicholashill.eu/ virtual-mta=pmta-vmta5

#header from /admin@mx4.nicholashill.eu/ virtual-mta=pmta-vmta5

#mail-from /admin@mx5.nicholashill.eu/ virtual-mta=pmta-vmta6

#header from /admin@mx5.nicholashill.eu/ virtual-mta=pmta-vmta6

#mail-from /admin@mx6.nicholashillmail.com/ virtual-mta=pmta-vmta7

#header from /admin@mx6.nicholashillmail.com/ virtual-mta=pmta-vmta7

#mail-from /admin@mx5.nicholashillmail.com/ virtual-mta=pmta-vmta8

#header from /admin@mx5.nicholashillmail.com/ virtual-mta=pmta-vmta8

#mail-from /admin@mx4.nicholashillmail.com/ virtual-mta=pmta-vmta9

#header from /admin@mx4.nicholashillmail.com/ virtual-mta=pmta-vmta9

#mail-from /admin@mx3.nicholashillmail.com/ virtual-mta=pmta-vmta10

#header from /admin@mx3.nicholashillmail.com/ virtual-mta=pmta-vmta10

#mail-from /admin@mx2.nicholashillmail.com/ virtual-mta=pmta-vmta11

#header from /admin@mx2.nicholashillmail.com/ virtual-mta=pmta-vmta11

#mail-from /admin@mx1.nicholashillmail.com/ virtual-mta=pmta-vmta12

#header from /admin@mx1.nicholashillmail.com/ virtual-mta=pmta-vmta12

#mail-from /admin@mx5.nicholashillnews.com/ virtual-mta=pmta-vmta13

#header from /admin@mx5.nicholashillnews.com/ virtual-mta=pmta-vmta13

#mail-from /admin@mx4.nicholashillnews.com/ virtual-mta=pmta-vmta14

#header from /admin@mx4.nicholashillnews.com/ virtual-mta=pmta-vmta14

#mail-from /admin@mx3.nicholashillnews.com/ virtual-mta=pmta-vmta15

#header from /admin@mx3.nicholashillnews.com/ virtual-mta=pmta-vmta15

#mail-from /admin@mx2.nicholashillnews.com/ virtual-mta=pmta-vmta16

#header from /admin@mx2.nicholashillnews.com/ virtual-mta=pmta-vmta16

#mail-from /admin@mx1.nicholashillnews.com/ virtual-mta=pmta-vmta17

#header from /admin@mx1.nicholashillnews.com/ virtual-mta=pmta-vmta17

#mail-from /admin@nicholashillnews.com/ virtual-mta=pmta-vmta18

#header from /admin@nicholashillnews.com/ virtual-mta=pmta-vmta18

#mail-from /admin@nicholashill.eu/ virtual-mta=pmta-vmta1

#header from /admin@nicholashill.eu/ virtual-mta=pmta-vmta1

#mail-from /admin@mx1.nicholashill.eu/ virtual-mta=pmta-vmta2

#header from /admin@mx1.nicholashill.eu/ virtual-mta=pmta-vmta2

#</pattern-list>



#<source 127.0.0.1>

#pattern-list myList # this selects the pattern list for messages

#always-allow-relaying yes

#</source>


#<pattern-list myList>

#header from /admin@mx3.nicholashillmail.com/ virtual-mta=pmta-vmta10

#mail-from /admin@mx3.nicholashillmail.com/ virtual-mta=pmta-vmta10

#header from /admin@mx4.nicholashillmail.com/ virtual-mta=pmta-vmta9

#mail-from /admin@mx4.nicholashillmail.com/ virtual-mta=pmta-vmta9

#</pattern-list>

#<source 127.0.0.1>

#pattern-list myList # this selects the pattern list for messages

#</source>


# default domain settings

<domain *>

    max-smtp-out 2 # default be nice on concurrent connections

    max-msg-per-connection 100 # max 500 mails in one session

    max-errors-per-connection 10 # avoid 'too long without data command' error

    max-msg-rate 1000/h

    bounce-upon-no-mx yes # proper mail domains should have mx

    assume-delivery-upon-data-termination-timeout yes # avoid duplicate deliveries

    retry-after 10m # typical greylisting period

    bounce-after 24h # default 4d12h

    smtp-pattern-list blocking-errors

    backoff-max-msg-rate 1/m # send only regular tries during backoff (default unlimited)

    backoff-retry-after 20m # retry at least every 20m (default 1h)

    backoff-notify "" # disable backoff notifications

    backoff-to-normal-after-delivery yes # revert to normal asap (default no)

    backoff-to-normal-after 1h # always revert to normal after 1h (default never)

    dk-sign yes

    dkim-sign yes

</domain>


############################################################################

# END: ISP rules

############################################################################


############################################################################


<smtp-pattern-list common-errors>

  reply /generating high volumes of.* complaints from AOL/    mode=backoff

  reply /Excessive unknown recipients - possible Open Relay/  mode=backoff

  reply /^421 .* too many errors/                             mode=backoff

  reply /blocked.*spamhaus/                                   mode=backoff

  reply /451 Rejected/                                        mode=backoff

</smtp-pattern-list>


<smtp-pattern-list blocking-errors>

    #

    # A QUEUE IN BACKOFF MODE WILL SEND MORE SLOWLY

    # To place a queue back into normal mode, a command similar

    # to one of the following will need to be run:

    # pmta set queue --mode=normal yahoo.com

    # or

    # pmta set queue --mode=normal yahoo.com/vmta1

    #

    # To use backoff mode, uncomment individual <domain> directives

    #

    #AOL Errors

    reply /421 .* SERVICE NOT AVAILABLE/ mode=backoff

    reply /generating high volumes of.* complaints from AOL/ mode=backoff

    reply /554 .*aol.com/ mode=backoff

    reply /421dynt1/ mode=backoff

    reply /HVU:B1/ mode=backoff

    reply /DNS:NR/ mode=backoff

    reply /RLY:NW/ mode=backoff

    reply /DYN:T1/ mode=backoff

    reply /RLY:BD/ mode=backoff

    reply /RLY:CH2/ mode=backoff

    #

    #Yahoo Errors

    reply /421 .* Please try again later/ mode=backoff

    reply /421 Message temporarily deferred/ mode=backoff

    reply /VS3-IP5 Excessive unknown recipients/ mode=backoff

    reply /VSS-IP Excessive unknown recipients/ mode=backoff

    #

    # The following 4 Yahoo errors may be very common

    # Using them may result in high use of backoff mode

    #

    reply /\[GL01\] Message from/ mode=backoff

    reply /\[TS01\] Messages from/ mode=backoff

    reply /\[TS02\] Messages from/ mode=backoff

    reply /\[TS03\] All messages from/ mode=backoff

    #

    #Hotmail Errors

    reply /exceeded the rate limit/ mode=backoff

    reply /exceeded the connection limit/ mode=backoff

    reply /Mail rejected by Windows Live Hotmail for policy reasons/ mode=backoff

    reply /mail.live.com\/mail\/troubleshooting.aspx/ mode=backoff

    #

    #Adelphia Errors

    reply /421 Message Rejected/ mode=backoff

    reply /Client host rejected/ mode=backoff

    reply /blocked using UCEProtect/ mode=backoff

    #

    #Road Runner Errors

    reply /Mail Refused/ mode=backoff

    reply /421 Exceeded allowable connection time/ mode=backoff

    reply /amIBlockedByRR/ mode=backoff

    reply /block-lookup/ mode=backoff

    reply /Too many concurrent connections from source IP/ mode=backoff

    #

    #General Errors

    reply /too many/ mode=backoff

    reply /Exceeded allowable connection time/ mode=backoff

    reply /Connection rate limit exceeded/ mode=backoff

    reply /refused your connection/ mode=backoff

    reply /try again later/ mode=backoff

    reply /try later/ mode=backoff

    reply /550 RBL/ mode=backoff

    reply /TDC internal RBL/ mode=backoff

    reply /connection refused/ mode=backoff

    reply /please see www.spamhaus.org/ mode=backoff

    reply /Message Rejected/ mode=backoff

    reply /refused by antispam/ mode=backoff

    reply /Service not available/ mode=backoff

    reply /currently blocked/ mode=backoff

    reply /locally blacklisted/ mode=backoff

    reply /not currently accepting mail from your ip/ mode=backoff

    reply /421.*closing connection/ mode=backoff

    reply /421.*Lost connection/ mode=backoff

    reply /476 connections from your host are denied/ mode=backoff

    reply /421 Connection cannot be established/ mode=backoff

    reply /421 temporary envelope failure/ mode=backoff

    reply /421 4.4.2 Timeout while waiting for command/ mode=backoff

    reply /450 Requested action aborted/ mode=backoff

    reply /550 Access denied/ mode=backoff

    reply /exceeded the rate limit/ mode=backoff  # hotmail rate limit

  reply /421rlynw/ mode=backoff  # aol rate limit

  reply /permanently deferred/ mode=backoff  # yahoo

  reply /\d+\.\d+\.\d+\.\d+ blocked/ mode=backoff  # at&t, cox

  reply /generating high volumes of.* complaints from AOL/    mode=backoff

  reply /Excessive unknown recipients - possible Open Relay/  mode=backoff

  reply /^421 .* too many errors/                             mode=backoff

  reply /blocked.*spamhaus/                                   mode=backoff

  reply /451 Rejected/                                        mode=backoff

</smtp-pattern-list>


############################################################################

# END: BACKOFF RULES

############################################################################



############################################################################

# BEGIN: BOUNCE RULES

############################################################################


<bounce-category-patterns>

    /spam/ spam-related

    /junk mail/ spam-related

    /blacklist/ spam-related

    /blocked/ spam-related

    /\bU\.?C\.?E\.?\b/ spam-related

    /\bAdv(ertisements?)?\b/ spam-related

    /unsolicited/ spam-related

    /\b(open)?RBL\b/ spam-related

    /realtime blackhole/ spam-related

    /http:\/\/basic.wirehub.nl\/blackholes.html/ spam-related

    /\bvirus\b/ virus-related

    /message +content/ content-related

    /content +rejected/ content-related

    /quota/ quota-issues

    /limit exceeded/ quota-issues

    /mailbox +(is +)?full/ quota-issues

    /sender ((verify|verification) failed|could not be verified|address rejected|domain must exist)/ invalid-sender

    /unable to verify sender/ invalid-sender

    /requires valid sender domain/ invalid-sender

    /bad sender's system address/ invalid-sender

    /No MX for envelope sender domain/ invalid-sender

    /^[45]\.4\.4/ routing-errors

    /no mail hosts for domain/ invalid-sender

    /Your domain has no(t)? DNS\/MX entries/ invalid-sender

    /REQUESTED ACTION NOT TAKEN: DNS FAILURE/ invalid-sender

    /Domain of sender address/ invalid-sender

    /return MX does not exist/ invalid-sender

    /Invalid sender domain/ invalid-sender

    /Verification failed/ invalid-sender

    /\bstorage\b/ quota-issues

    /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)

    (has|has been|is)? *(currently|temporarily+)?(disabled|expired|inactive|not activated)

    / inactive-mailbox

    /(conta|usu.rio) inativ(a|o)

    / inactive-mailbox

    /Too many (bad|invalid|unknown|illegal|unavailable) (user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)/other

    /(No such|bad|invalid|unknown|illegal|unavailable) (local +)?(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee)

    / bad-mailbox

    /(user|mailbox|recipient|rcpt|local part|address|account|mail drop|ad(d?)ressee) +(\S+@\S+ +)?(not (a +)?valid|not known|not here|not

    found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox

    /\S+@\S+ +(is +)?(not (a +)?valid|not known|not here|not found|does not exist|bad|invalid|unknown|illegal|unavailable)/ bad-mailbox

    /no mailbox here by that name/ bad-mailbox

    /my badrcptto list/ bad-mailbox

    /not our customer/ bad-mailbox

    /no longer (valid|available)/ bad-mailbox

    /have a \S+ account/ bad-mailbox

    /\brelay(ing)?/ relaying-issues

    /domain (retired|bad|invalid|unknown|illegal|unavailable)/ bad-domain

    /domain no longer in use/ bad-domain

    /domain (\S+ +)?(is +)?obsolete/ bad-domain

    /denied/ policy-related

    /prohibit/ policy-related

    /refused/ policy-related

    /allowed/ policy-related

    /banned/ policy-related

    /policy/ policy-related

    /suspicious activity/ policy-related

    /bad sequence/ protocol-errors

    /syntax error/ protocol-errors

    /\bsmtp-hosts\b/ routing-errors

    /\bunroutable\b/ routing-errors

    /\bunsmtp-hostsable\b/ routing-errors

#additions by krish

    /Recipient address rejected/ invalid-mailbox

    /DYN:T1/ ploicy-related

    /Service unavailable/ ploicy-related

    /DNSBL/ spam-related

    /ccount has been disabled or discontinued/ bad-mailbox

    /oo many recip/ policy-related

    /no valid recipie/ invalid-mailbox

    /Account Inactive/ invalid-mailbox

    /service provider since part of their network is on our block list/ spam-related


    /Invalid 7bit DATA/ content-related

    /^2.\d+.\d+;/ success

    /^[45]\.1\.[1346];/ bad-mailbox

    /^[45]\.1\.2/ bad-domain

    /^[45]\.1\.[78];/ invalid-sender

    /^[45]\.2\.0;/ bad-mailbox

    /^[45]\.2\.1;/ inactive-mailbox

    /^[45]\.2\.2;/ quota-issues

    /^[45]\.3\.3;/ content-related

    /^[45]\.3\.5;/ bad-configuration

    /^[45]\.4\.1;/ no-answer-from-host

    /^[45]\.4\.2;/ bad-connection

    /^[45]\.4\.[36];/ routing-errors

    /^[45]\.4\.7;/ message-expired

    /^[45]\.5\.3;/ policy-related

    /^[45]\.5\.\d+;/ protocol-errors

    /^[45]\.6\.\d+;/ content-related

    /^[45]\.7\.[012];/ policy-related

    /^[45]\.7\.7;/ content-related

    // other    # catch-all

</bounce-category-patterns>



############################################################################

# END: BOUNCE RULES

############################################################################






############################################################################

# BEGIN: OTHER OPTIONS

############################################################################


#smtp-port 2525

<source 0/0>

log-connections yes

log-commands    yes      # WARNING: verbose!

  allow-unencrypted-plain-auth yes

</source>

sync-msg-create false

sync-msg-update false

run-as-root no

log-file /var/log/pmta/log        # logrotate is used for rotation


<acct-file /var/log/pmta/acct.csv>

#    move-to /opt/myapp/pmta-acct   # configure as fit for your application

#    move-interval 5m


    max-size 50M

</acct-file>


# transient errors (soft bounces)

<acct-file /var/log/pmta/diag.csv>

  move-interval 1d

  delete-after never

  records t

</acct-file>


#

# spool directories

#


spool /var/spool/pmta


http-mgmt-port 1983

http-access 127.0.0.1 admin

http-access 0/0 monitor

http-access 176.283.454.55 admin


############################################################################

# END: OTHER OPTIONS

############################################################################


################################################ ############################

# BEGIN: USERS/VIRTUAL-MTA / VIRTUAL-MTA-POOL /  VIRTUAL-PMTA-PATTERN

################################################ ############################

#<spool /var/spool/pmta>

#</spool>

<smtp-user user>

password passwd

source {smtpuser-auth}

</smtp-user>

<source {smtpuser-auth}>

smtp-service yes

always-allow-relaying yes

require-auth true

process-x-virtual-mta yes

default-virtual-mta pmta-pool

remove-received-headers true

add-received-header false

hide-message-source true

</source>


smtp-listener 176.283.454.55:2525


#BEGIN VIRTUAL MTAS 

<virtual-mta pmta-vmta1> 

smtp-source-host 176.283.454.55 mta1.domain.com 

domain-key mailer,*,/etc/pmta.key 

#domain-key default,*,/var/cpanel/domain_keys/private/domain.com 

<domain *> 

max-msg-rate 400/h 

</domain> 

</virtual-mta> <domain domain.com> 

smtp-hosts [127.0.0.1]:2525 

</domain> 

#END VIRTUAL MTAS



<virtual-mta-pool pmta-pool>

#virtual-mta pmta-vmta1

</virtual-mta-pool>

################################################ ############################

# END: USERS/VIRTUAL-MTA / VIRTUAL-MTA-POOL /  VIRTUAL-PMTA-PATTERN

################################################ ############################

<source 127.0.0.1>

    always-allow-api-submission yes

    add-message-id-header yes

    retain-x-job yes

    retain-x-virtual-mta yes

    verp-default yes

    process-x-envid yes

    process-x-job yes

    jobid-header X-Mailer-RecptId

    process-x-virtual-mta yes

</source>


#<domain *>

#smtp-hosts [127.0.0.1]:2525

#</domain>


PowerMTA Multiple Virtual PMTA config file

# $Id: config 2015-03-24 16:00:00 Jack $
# Sample PowerMTA configuration file
# PowerMTA Multiple Virtual PMTA config file sample

#
# E-mail address for mailer's administrator (please specify!)
#
postmaster admin@mydomain.com
domain-key my-domain,*,/etc/dkim.key

#
# Settings per source IP address (for incoming SMTP connections)
#
<source 127.0.0.1>
always-allow-relaying yes # allow feeding from 127.0.0.1
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
allow-mailmerge yes
</source>

<source 23.45.67.100> # phplist or oempro installed
always-allow-relaying yes # allow feeding from mailer.mydomain.com
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
allow-mailmerge yes
</source>

<source 102.202.33.2>
always-allow-relaying yes # allow feeding from 102.202.33.2
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
</source>

<source 102.202.33.3>
always-allow-relaying yes # allow feeding from 102.202.33.3
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
</source>

<source 102.202.33.4>
always-allow-relaying yes # allow feeding from 102.202.33.4
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
</source>

<source 102.202.33.5>
always-allow-relaying yes # allow feeding from 102.202.33.5
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
</source>

<source 102.202.33.6>
always-allow-relaying yes # allow feeding from 102.202.33.6
process-x-virtual-mta yes # allow selection of a virtual MTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
hide-message-source true
remove-header Received
</source>

<source 0/0> # matches all
log-connections no
log-commands no # WARNING: verbose!
log-data no # WARNING: even more verbose!
allow-unencrypted-plain-auth no
default-virtual-mta mta-pool
process-x-virtual-mta yes
smtp-service yes
always-allow-api-submission yes
</source>

<virtual-mta mta1>
auto-cold-virtual-mta 23.45.68.200 mpta.mydomain.com # MPTA installed
<domain *>
max-cold-virtual-mta-msg 100/day
</domain>
smtp-source-host 23.45.68.200 mpta.mydomain.com # MPTA installed
</virtual-mta>

<virtual-mta mta2>
auto-cold-virtual-mta 102.202.33.2 name2.newdomain.com # config multiple domains/IPs
domain-key edm-mail,*,/etc/dkim.key
<domain *>
max-cold-virtual-mta-msg 100/day
dkim-sign yes
dkim-identity @mydomain.com
</domain>
smtp-source-host 102.202.33.2 name2.newdomain.com
</virtual-mta>

<virtual-mta mta3>
auto-cold-virtual-mta 102.202.33.3 name3.newdomain.com # config multiple domains/IPs
domain-key edm-mail,*,/etc/dkim.key
<domain *>
max-cold-virtual-mta-msg 100/day
dkim-sign yes
dkim-identity @mydomain.com
</domain>
smtp-source-host 102.202.33.3 name3.newdomain.com
</virtual-mta>

<virtual-mta mta4>
auto-cold-virtual-mta 102.202.33.4 name4.newdomain.com # config multiple domains/IPs
domain-key edm-mail,*,/etc/dkim.key
<domain *>
max-cold-virtual-mta-msg 100/day
dkim-sign yes
dkim-identity @mydomain.com
</domain>
smtp-source-host 102.202.33.4 name4.newdomain.com
</virtual-mta>

<virtual-mta mta5>
auto-cold-virtual-mta 102.202.33.5 name5.newdomain.com # config multiple domains/IPs
domain-key edm-mail,*,/etc/dkim.key
<domain *>
max-cold-virtual-mta-msg 100/day
dkim-sign yes
dkim-identity @mydomain.com
</domain>
smtp-source-host 102.202.33.5 name5.newdomain.com
</virtual-mta>

<virtual-mta mta6>
auto-cold-virtual-mta 102.202.33.6 name6.newdomain.com # config multiple domains/IPs
domain-key edm-mail,*,/etc/dkim.key
<domain *>
max-cold-virtual-mta-msg 100/day
dkim-sign yes
dkim-identity @mydomain.com
</domain>
smtp-source-host 102.202.33.6 name6.newdomain.com
</virtual-mta>


<virtual-mta-pool mta-pool>
virtual-mta mta2
virtual-mta mta3
virtual-mta mta4
virtual-mta mta5
virtual-mta mta6
</virtual-mta-pool>

#
# SMTP users (authenticated via SMTP AUTH)
#
#<smtp-user API>
# password "changeme"
#</smtp-user>

<smtp-user user1>
password R45eoDwZ
source {auth}
</smtp-user>
<smtp-user user2>
password R45eoDwZ
source {auth}
</smtp-user>

<source {auth}>
always-allow-relaying yes # allow feeding for defined users
process-x-virtual-mta yes # allow selection of a VirtualMTA
max-message-size 0 # 0 implies no cap, in bytes
smtp-service yes # allow SMTP service
require-auth true
default-virtual-mta mta-pool
</source>

#
# Settings per outgoing domain
#
#<domain discard.port25.com>
# max-smtp-out 800
# route [192.168.0.1]:2525 # bypasses DNS resolution
#</domain>
#
#<domain test.port25.com>
# max-smtp-out 1
# log-connections yes
# log-commands yes # WARNING: verbose!
# log-resolution no # WARNING: verbose!
# log-data no # WARNING: even more verbose!
#</domain>

#
# "{gmImprinter}" is a special queue used for imprinting Goodmail tokens.
#
<domain {gmImprinter}>
max-events-recorded 150
log-messages yes
log-data no # extremely verbose, for debugging only
retry-after 15s
</domain>

<domain *>
max-smtp-out 2 # max. connections *per domain*
bounce-after 4d12h # 4 days, 12 hours
retry-after 60m # 10 minutes
max-msg-rate 100/h
max-msg-per-connection 20
max-errors-per-connection 10
smtp-greeting-timeout 1m # added in v3.2r17
bounce-upon-no-mx yes
mx-connection-attempts 3 # added in v3.2r16
smtp-pattern-list backoff
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 50/h # Use with PowerMTA 3.5
backoff-retry-after 90m
dk-sign yes
dkim-sign yes
</domain>

#
# Goodmail imprinter configuration
#
#<gm-imprinter>
# account-id ID # replace with value from mailcenter
# imprinter-id ID # replace with value from mailcenter
# imprinter-password PW # replace with value from mailcenter
#
# # If the directives below are not specified, defaults are picked as
# # described in the Goodmail documentation
#
# default-token-class 1 # optionally set as appropriate
# default-content-type 1 # optionally set as appropriate
# default-payer-id ID # optionally set as appropriate
# default-obo-id ID # optionally set as appropriate
#</gm-imprinter>


#
# Port used for HTTP management interface
#
http-mgmt-port 8080

#
# IP addresses allowed to access the HTTP management interface, one
# per line
#
http-access 127.0.0.1 monitor
#http-access 10.1.0.10 none
#http-access 10.1.0/24 admin
http-access 21.34.56.78 admin


#
# Synchronize I/O to disk after receiving the message. 'false' yields
# higher performance, but the message may be lost if the system crashes
# before it can write the data to disk.
#
sync-msg-create false

#
# Synchronize I/O to disk after updating the message (e.g., to mark recipients
# handled). 'false' yields higher performance, but if the system crashes
# before it can write the data to disk, some recipients may receive multiple
# copies of a message.
#
sync-msg-update false

#
# Whether to run the PowerMTA deamon as root
#
run-as-root no

#
# WARNING -- changing the settings below will probably break
# RPM installation, logrotate, etc.

#
# Logging file name
#
log-file /var/log/pmta/log # logrotate is used for rotation

#
# Accounting file(s)
#
<acct-file /var/log/pmta/acct.csv>
# move-to /opt/myapp/pmta-acct # configure as fit for your application
move-interval 5m
max-size 50M
</acct-file>

#
# Spool directories
#
spool /var/spool/pmta

# EOF

<smtp-pattern-list backoff>
#
# A QUEUE IN BACKOFF MODE WILL SEND MORE SLOWLY
# To place a queue back into normal mode, a command similar
# to one of the following will need to be run:
# pmta set queue mode=normal yahoo.com
# or
# pmta set queue mode=normal yahoo.com/vmta1
#
# To use backoff mode, uncomment individual <domain> directives
#
#Yahoo Errors
reply /421 .* Please try again later/ mode=backoff
reply /421 Message temporarily deferred/ mode=backoff
reply /VS3-IP5 Excessive unknown recipients/ mode=backoff
reply /VSS-IP Excessive unknown recipients/ mode=backoff
#
# The following 4 Yahoo errors may be very common
# Using them may result in high use of backoff mode
#
reply /[GL01] Message from/ mode=backoff
reply /[TS01] Messages from/ mode=backoff
reply /[TS02] Messages from/ mode=backoff
reply /[TS03] All messages from/ mode=backoff
#
#Hotmail Errors
reply /exceeded the rate limit/ mode=backoff
reply /exceeded the connection limit/ mode=backoff
reply /Mail rejected by Windows Live Hotmail for policy reasons/ mode=backoff
#
#Adelphia Errors
reply /421 Message Rejected/ mode=backoff
reply /Client host rejected/ mode=backoff
reply /blocked using UCEProtect/ mode=backoff
#
#Road Runner Errors
reply /Mail Refused/ mode=backoff
reply /421 Exceeded allowable connection time/ mode=backoff
reply /amIBlockedByRR/ mode=backoff
reply /block-lookup/ mode=backoff
reply /Too many concurrent connections from source IP/ mode=backoff
#
#General Errors
reply /too many/ mode=backoff
reply /Exceeded allowable connection time/ mode=backoff
reply /Connection rate limit exceeded/ mode=backoff
reply /refused your connection/ mode=backoff
reply /try again later/ mode=backoff
reply /try later/ mode=backoff
reply /550 RBL/ mode=backoff
reply /TDC internal RBL/ mode=backoff
reply /connection refused/ mode=backoff
reply /please see www.spamhaus.org/ mode=backoff
reply /Message Rejected/ mode=backoff
reply /refused by antispam/ mode=backoff
reply /Service not available/ mode=backoff
reply /currently blocked/ mode=backoff
reply /locally blacklisted/ mode=backoff
reply /not currently accepting mail from your ip/ mode=backoff
reply /421.*closing connection/ mode=backoff
reply /421.*Lost connection/ mode=backoff
reply /421 *connection limit exceeded/ mode=backoff
reply /476 connections from your host are denied/ mode=backoff
reply /421 Connection cannot be established/ mode=backoff
reply /421 temporary envelope failure/ mode=backoff
reply /421 4.4.2 Timeout while waiting for command/ mode=backoff
reply /450 Requested action aborted/ mode=backoff
reply /550 Access denied/ mode=backoff
</smtp-pattern-list>

#
# http://postmaster.info.aol.com/
<domain aol.com>
max-smtp-out 3
max-msg-per-connection 20
smtp-pattern-list backoff
421-means-mx-unavailable yes
backoff-to-normal-after 4h # added in v3.5
# backoff-notify admin@mydomain.com
backoff-max-msg-rate 20/h # Use with PowerMTA 3.5
backoff-retry-after 120m
dk-sign yes
dkim-sign yes
</domain>
#
<domain tom.com>
max-smtp-out 3
max-msg-per-connection 20
smtp-pattern-list backoff
421-means-mx-unavailable yes
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 20/h # Use with PowerMTA 3.5
backoff-retry-after 120m
# backoff-notify admin@mydomain.com
dk-sign yes
dkim-sign yes
</domain>
#
<domain yahoo.com>
max-smtp-out 3
max-msg-per-connection 20
smtp-greeting-timeout 1m # added in v3.2r17
mx-connection-attempts 5 # added in v3.2r16
smtp-pattern-list backoff
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 50/h # Use with PowerMTA 3.5
backoff-retry-after 90m
# backoff-notify admin@mydomain.com
dk-sign yes
dkim-sign yes
</domain>
#
<domain gmail.com>
max-smtp-out 3
max-msg-per-connection 50
smtp-greeting-timeout 1m # added in v3.2r17
mx-connection-attempts 5 # added in v3.2r16
smtp-pattern-list backoff
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 50/h # Use with PowerMTA 3.5
backoff-retry-after 90m
# backoff-notify admin@mydomain.com
dk-sign yes
dkim-sign yes
</domain>
#
<domain hotmail.com>
max-smtp-out 3
max-msg-per-connection 50
421-means-mx-unavailable yes
smtp-pattern-list backoff
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 50/h # Use with PowerMTA 3.5
backoff-retry-after 90m
# backoff-notify admin@mydomain.com
dk-sign yes
dkim-sign yes
</domain>
#
<domain msn.com>
max-smtp-out 3
max-msg-per-connection 50
smtp-pattern-list backoff
backoff-to-normal-after 2h # added in v3.5
backoff-max-msg-rate 50/h # Use with PowerMTA 3.5
backoff-retry-after 90m
# backoff-notify admin@mydomain.com
dk-sign yes
dkim-sign yes
</domain>
#
<domain att.net>
max-smtp-out 2
dk-sign yes
dkim-sign yes
</domain>
#
# may be outdated ?http://security.comcast.net/get-help/comcast-post-master-page.aspx
# recommended usage ?http://postmaster.comcast.net/avoidblocks.html
# http://feedback.comcast.net/
<domain comcast.net>
dk-sign yes
dkim-sign yes
max-smtp-out 2
max-msg-per-connection 20
</domain>
#
#
# Excite
#
# We have heard reports that Excite.com limits senders to 1,000 emails in a 10 minute period per IP during the day, but is unlimited between 1:00am to 5:00am MDT. While we cannot confirm these reports, here is what can be done in PowerMTA if you are having trouble sending to excite.com. Use the following settings:
#
#
<domain excite.com>
dk-sign yes
dkim-sign yes
backoff-max-msg-rate 100/h # Use with PowerMTA 3.5
</domain>

#
#The setting backoff-max-msg-per-hour will cause PowerMTA to take the total amount, divide it by 12, and send no more than that amount in 5 minute intervals over the hour. The number of recent delivery attempts is not kept in persistent storage, so re-starting PowerMTA resets the limit, possibly causing it to actually be exceeded. You may want to set it a little lower than 6000 to give yourself a buffer.
##Now for the tricky part.
#You will need to set the server to run the command pmta set queue mode=normal excite.com/* every night at 1am MDT (cron job in Linux or scheduled task in Windows). This will cause PowerMTA to go into normal mode, and send email in an unrestricted manner. At 5am MDT, schedule the command pmta set queue mode=backoff excite.com/* to run. This will put all excite.com email in backoff mode, and the above settings will go back into place.
#
# Comcast
#
#From the following page:
#http://customer.comcast.com/Pages/FAQViewer.aspx?seoid=RL000001
#It seems that Comcast has added some rate limiting based on your SenderScore (https://www.senderscore.org/).
#As such, The following configuration can be used (in conjunction with max-msg-per-connection and max-smtp-out from above), changing the rate based on your score and the data from Comcast抯 site:
#
<domain comcast.net>
dk-sign yes
dkim-sign yes
max-msg-rate 100/h
</domain>
<domain dkimvalidator.com>
dk-sign yes
dkim-sign yes
max-msg-rate 50/h
</domain>

How to install SSL on CWP hostname?

1 - Check that you should have an A record for the hostname. For example if your server hostname is cp.hostinpk.com, then you should have a...