PowerMTA's Virtual MTA (vMTA) system is the architectural feature that separates it from general-purpose MTAs. Where Postfix routes all outbound mail through a single pool of resources, PowerMTA lets you define named virtual sending identities — each with its own IP address, its own delivery queues, its own per-ISP throttling rules, and its own bounce classification policies. Understanding how to structure vMTAs, configure the accounting system that drives bounce handling, and integrate feedback loop processing is the core operational knowledge for any PowerMTA deployment.

PowerMTA virtual MTA block — defines per-client sending identity
FBL
Feedback Loop — ISP reports of spam complaints forwarded to sender
ARF
Abuse Reporting Format — standard format for FBL complaint messages
IP pool
group of IPs assigned to a vMTA — automatically rotated by PowerMTA

Virtual MTA Architecture

A Virtual MTA in PowerMTA terminology is a sending identity — a logical container that bundles:

  • One or more source IP addresses the vMTA uses for outbound connections
  • A SMTP HELO/EHLO hostname
  • Per-destination delivery policies (concurrency limits, rate delays, message limits)
  • DKIM signing configuration
  • Bounce and feedback processing rules

The power of vMTAs comes from stream isolation. You define separate vMTAs for different sending streams — transactional email on one, marketing on another, cold outreach on a third — and each stream's reputation events (complaints, bounces, blocks) affect only that vMTA's IP pool, not your entire sending infrastructure.

Basic Virtual MTA Configuration

PowerMTA configuration lives in /etc/pmta/config (the path varies by installation; check your deployment documentation). A basic three-vMTA setup for stream isolation:

PowerMTA config.xml — vMTA with FBL and bounce processing
<virtual-mta name="client-alpha">
  <smtp-source-host>203.0.113.10 name="mail1.alpha-sends.com"</smtp-source-host>
  <domain-key name="alpha" domain="alpha.com" path="/etc/pmta/keys/alpha.pem"/>
  <max-smtp-out>10</max-smtp-out>
  <bounce-handling>
    <response match="5.1.1" action="delete" log-only="no"/>
    <response match="5.7.1" action="delete" log-only="yes"/>
    <response match="4.*" action="retry" retry-after="1h"/>
  </bounce-handling>
</virtual-mta>

<!-- FBL configuration -->
<fbl>
  <address>fbl@alpha.com</address>
  <virtual-mta>client-alpha</virtual-mta>
  <handler type="delete"/>
</fbl>
# /etc/pmta/config — Virtual MTA definitions

# ===== Transactional Stream =====

  smtp-source-ip 203.0.113.10
  ehlo-hostname mail-tx.yourdomain.com
  max-smtp-out 50
  smtp-retries-after-shutoff 5


# ===== Marketing Stream =====

  smtp-source-ip 203.0.113.11
  ehlo-hostname mail-mkt.yourdomain.com
  max-smtp-out 50
  smtp-retries-after-shutoff 3


# ===== Cold Outreach (separate IP pool) =====

  smtp-source-ip 203.0.113.20
  smtp-source-ip 203.0.113.21
  ehlo-hostname mail-cold.yourdomain.com
  max-smtp-out 30
  smtp-retries-after-shutoff 2

The smtp-source-ip directive specifies which IP address PowerMTA uses when making outbound SMTP connections from this vMTA. If you specify multiple IPs, PowerMTA rotates between them for connections from that vMTA. The ehlo-hostname is the hostname sent in the EHLO command — it should match the PTR record for each sending IP.

Virtual MTA Pools

PowerMTA's vMTA pool feature groups multiple vMTAs for load balancing and failover. The injecting application targets the pool name rather than individual vMTAs; PowerMTA selects the specific vMTA for each message based on configured weights or round-robin:

# Define a pool from multiple vMTAs

  virtual-mta vmta-mkt-01
  virtual-mta vmta-mkt-02
  virtual-mta vmta-mkt-03

Pool-level routing is specified in the domain blocks that control per-ISP delivery. Messages destined for Gmail, for example, can be routed to a specific pool with tailored concurrency settings for Gmail's rate preferences.

Per-ISP Delivery Policy with Domain Blocks

Domain blocks in PowerMTA configure delivery behaviour for specific receiving domains or MX patterns. This is where the per-ISP throttling that PowerMTA is known for is implemented:

# Gmail-specific delivery policy

  # Maximum concurrent connections to Gmail from any vMTA
  max-smtp-out 10
  # Delay between deliveries to the same Gmail MX (helps with throttle avoidance)
  smtp-pattern-list smtp-421-backoff "421 4.7.0"
  # Backoff on 421 responses — reduce concurrency temporarily
  retry-after 421 4.7.0 10m
  max-msg-per-connection 100


# Microsoft Outlook/Hotmail delivery policy  

  max-smtp-out 5
  max-msg-per-connection 50
  smtp-pattern-list smtp-421-backoff "421 4.7.650"
  retry-after 421 4.7.650 30m


# Yahoo delivery policy

  max-smtp-out 8
  max-msg-per-connection 100
  # Yahoo TS code rate limiting
  retry-after 421 4.7.0 TS01 60m


# Default policy for all other domains

  max-smtp-out 20
  max-msg-per-connection 200

The smtp-pattern-list and retry-after directives configure automatic backoff behaviour when PowerMTA receives throttle responses (421 codes). When Gmail returns a 421 4.7.0, PowerMTA reduces concurrency to that MX automatically and retries after the specified interval — without operator intervention.

Bounce Classification and Accounting

PowerMTA's bounce classification engine is one of its most valuable operational features. It categorises every delivery failure into named categories based on the SMTP response code and message text, then triggers configurable actions per category.

Built-in bounce categories

  • bad-mailbox: The specific mailbox doesn't exist (550 5.1.1 user unknown, etc.). Hard bounce — suppress immediately.
  • bad-domain: The domain has no MX records, doesn't exist, or NXDOMAIN. Hard bounce.
  • routing-errors: Misconfigured mail routing at the destination. Typically hard.
  • inactive-mailbox: Account is deactivated or suspended. Hard bounce.
  • quota-issues: Mailbox is full. Soft bounce — retry after a configured interval.
  • spam-related: Message was rejected due to spam filtering. Could be reputation, content, or authentication issues. Investigate the specific error.
  • policy-related: Rejected by policy (content filter, sender authentication requirement, etc.).
  • bad-connection: Temporary connection failure. Soft bounce — retry.
  • content-related: Content triggered rejection. Investigate message content, links, or tracking domains.

Accounting file configuration

PowerMTA writes delivery accounting data to CSV files that serve as the raw source for bounce processing, analytics, and list management:

# Bounce accounting — logs every bounce event

  move-interval 1h
  move-to /var/log/pmta/accounting/
  world-readable yes
  records b
  record-fields b timeLogged,bounceCat,vmta,orig,rcpt,srcMta,dlvSourceIp,jobId,dsnStatus,dsnMta,dsnDiag


# Full delivery accounting — logs every delivery attempt and outcome

  move-interval 24h
  move-to /var/log/pmta/accounting/
  world-readable yes
  records d
  record-fields d timeLogged,orig,rcpt,vmta,jobId,dlvStatus,dsnStatus,dsnDiag

The bounceCat field in the bounce accounting file contains PowerMTA's category classification for each bounce. A processing script reads this file and applies suppression or retry logic based on the category.

Automatic bounce suppression rules

PowerMTA can apply automatic actions at the point of bounce classification, without external processing:

# In pmta.conf — automatic bounce actions

  type permanent
  match bad-mailbox bad-domain routing-errors inactive-mailbox
  action suppress



  type transient
  match quota-issues bad-connection
  action retry
  retry-after 4h

The action suppress directive adds the recipient to PowerMTA's internal suppression list, preventing future delivery attempts to that address from any vMTA. The suppression list is a critical component of reputation management — hard bounced addresses must never be sent to again.

Feedback Loop (FBL) Integration

Feedback loops are the mechanism through which ISPs notify senders when recipients mark their email as spam. PowerMTA processes these reports and can automatically suppress complainants from future campaigns.

How FBLs work in PowerMTA

FBL reports arrive as email messages (in ARF — Abuse Reporting Format) to a configured mailbox. PowerMTA's FBL processor monitors this mailbox, parses each ARF report to extract the original recipient address, and can trigger suppression or custom scripts.

FBL registration

Before FBLs will work, you must register your sending IPs with each ISP's FBL programme:

  • Yahoo FBL: io.help.yahoo.com/contact (Yahoo Complaint Feedback Loop)
  • Microsoft SNDS / JMRP: postmaster.live.com (Microsoft Junk Mail Reporting Program)
  • Comcast: postmaster.comcast.net
  • AOL: postmaster.aol.com (FBL included with Yahoo registration since merger)

Gmail does not operate a traditional FBL — instead, Gmail complaint data is available through Gmail Postmaster Tools (spam rate dashboard) for domains that have been verified. This is the only way to monitor Gmail complaint rates.

FBL accounting configuration

# FBL accounting — logs complaint events

  move-interval 24h
  move-to /var/log/pmta/accounting/fbl/
  world-readable yes
  records feedback-loop
  record-fields f timeLogged,format,header_To,header_Return-Path,reportedDomain,header_X-FBLId

The header_X-FBLId field is only present if you inject custom FBL tracking headers into outbound mail. Adding a unique FBL tracking header (a hashed identifier for the campaign or recipient) allows you to map FBL reports back to specific campaigns, audiences, and list segments. This is essential at scale — knowing that a specific campaign generated elevated complaints, rather than just knowing complaints arrived, enables targeted list quality improvements.

Monitoring PowerMTA Operations

Web monitoring interface

PowerMTA includes a built-in web interface (typically port 8080) showing real-time delivery metrics, queue depths, per-vMTA performance, and error conditions. Enable it in the configuration:


  port 8080
  address 127.0.0.1  # Restrict to localhost; use SSH tunnel for remote access
  access-file /etc/pmta/access.json

Command-line management

# Check overall queue status
pmta status

# Show queue depth per vMTA
pmta show status detail

# Show per-domain delivery statistics
pmta show domain gmail.com

# Flush deferred messages (use carefully — may cause rate-limit cascades)
pmta resume domain gmail.com

# Check suppression list entry
pmta show suppressed address@example.com

Accounting file analysis

The bounce.csv and acct.csv files are the primary data source for deliverability analysis. A properly configured PowerMTA deployment pipes these files into a monitoring system — Elasticsearch/Kibana, a custom dashboard, or a third-party analytics platform — to enable real-time visibility into bounce rates by category, delivery rates by vMTA and destination domain, and complaint rates from FBL data.

Minimum monitoring thresholds that should generate alerts:

  • Bad-mailbox bounce rate above 0.5% for any campaign or sending stream
  • Spam-related bounce rate above 0.2% — indicates reputation issues
  • Any FBL complaint rate above 0.1% — triggers Gmail/Yahoo enforced filtering
  • Active Spamhaus ZEN listing for any sending IP (check daily)