Contents
Installing PowerMTA on CentOS 7, CentOS 8, or RHEL requires correct system preparation before the software is installed. Skipping pre-installation steps — file descriptor limits, hostname setup, spool directory performance — produces operational problems that are harder to diagnose after the fact. This guide covers the complete installation sequence for a production-ready PowerMTA environment from a clean server.
System Preparation Before Installation
Before installing PowerMTA, the server must have a valid reverse-resolvable hostname, sufficient system resources, and no conflicting SMTP service running on port 25.
# Set a hostname that resolves to your primary sending IP hostnamectl set-hostname mail1.yourdomain.com # Verify hostname resolves hostname -f # Should return: mail1.yourdomain.com # Verify reverse DNS (PTR) points to this hostname dig -x [YOUR_SENDING_IP] # Should return: mail1.yourdomain.com. # Update the system yum update -y && yum install -y openssl perl-core net-tools # CentOS 7 dnf update -y # CentOS 8 # Stop and disable conflicting mail services systemctl stop sendmail postfix exim 2>/dev/null systemctl disable sendmail postfix exim 2>/dev/null # Verify port 25 is free ss -tlnp | grep :25 # Should return nothing
RPM Package Installation
PowerMTA is distributed as an RPM package provided by Port25 Solutions upon license purchase. Upload the RPM to your server and install it with yum (CentOS 7) or dnf (CentOS 8). The RPM installs all required components and registers a systemd service.
# Transfer RPM to server scp powermta-6.x.x-1.el7.x86_64.rpm user@yourserver:/tmp/ # Install (CentOS 7) rpm -ivh /tmp/powermta-6.x.x-1.el7.x86_64.rpm # Install (CentOS 8 / RHEL 8) dnf install /tmp/powermta-6.x.x-1.el8.x86_64.rpm # Verify installation rpm -qa | grep powermta # Installed file locations: # Binary: /usr/sbin/pmta # Config: /etc/pmta/config # License: /etc/pmta/license (place here before starting) # Spool: /var/spool/pmta # Logs: /var/log/pmta/ # Do NOT start the service yet — license and config must be set first
License File Configuration
The PowerMTA license is tied to the MAC address of the server's primary network interface. Provide your MAC address to Port25 to receive the license file. Place it at /etc/pmta/license with correct ownership and permissions.
# Get MAC address for license request ip link show eth0 | grep "link/ether" # Returns: link/ether aa:bb:cc:dd:ee:ff # Place license file at correct path cat /etc/pmta/license # Mac-Address: aa:bb:cc:dd:ee:ff # Expiration: 2026-12-31 # Type: Enterprise # Set permissions chmod 640 /etc/pmta/license chown root:pmta /etc/pmta/license # Validate license pmta check-license # Output: License OK — valid through 2026-12-31 # Common errors: # "MAC address mismatch" — wrong server, request new license # "License expired" — renewal required from Port25 # "License not found" — wrong path or permissions
Initial Configuration File
The default /etc/pmta/config installed by the RPM is a minimal stub. It must be configured before the service can handle production traffic. The minimum viable configuration defines a hostname, SMTP listener, spool path, logging, accounting, and at least one virtual MTA.
# /etc/pmta/config — minimal production starting point
hostname mail1.yourdomain.com
# Injection listener (from your application)
smtp-listener 127.0.0.1:25 {{
allow-unencrypted-plain-auth yes
default-virtual-mta default-mta
}}
spool-dir /var/spool/pmta # Use SSD storage
file /var/log/pmta/pmta.log
size 50m
rotate-period daily
max-files 14
path /var/log/pmta/accounting
format csv
records received,delivered,failed,deferred,bounced
rotate-period daily
max-files 30
smtp-source-host 185.x.x.10 mail1.yourdomain.com
dkim-sign domain="yourdomain.com" \
key-file="/etc/pmta/dkim/yourdomain.private" \
selector="s1"
Starting and Verifying the Service
systemctl start pmta systemctl enable pmta systemctl status pmta # Active: active (running) since... pmta show status # queue depth monitoring, active connections, msgs/sec pmta show domain gmail.com # Verify domain block loaded pmta show queue # Messages queued by domain tail -50 /var/log/pmta/pmta.log # Check for startup errors # Test injection echo "Subject: Test" | sendmail test@gmail.com # Then: pmta show queue — should show the message queued
Firewall and Port 25 Configuration
# Open outbound port 25 (firewalld — CentOS 7/8) firewall-cmd --permanent --add-port=25/tcp firewall-cmd --reload # Verify outbound port 25 is not blocked by your provider telnet gmail-smtp-in.l.google.com 25 # Should respond: 220 mx.google.com ESMTP # Cloud provider port 25 situations: # AWS: Request outbound port 25 removal via support ticket # GCP: Port 25 blocked by default — use GCP SMTP relay or request unblocking # Azure: Requires support escalation to remove port 25 restriction # Bare metal / colo: Typically open by default
System Limits (ulimits) for Production
PowerMTA opens one file descriptor per active SMTP connection, plus additional descriptors for spool files and logs. The default Linux limit of 1024 is critically insufficient. Production environments need at minimum 65535.
# /etc/security/limits.conf pmta soft nofile 65535 pmta hard nofile 65535 root soft nofile 65535 root hard nofile 65535 # systemd unit override mkdir -p /etc/systemd/system/pmta.service.d/ cat > /etc/systemd/system/pmta.service.d/limits.conf << EOF [Service] LimitNOFILE=65535 EOF systemctl daemon-reload && systemctl restart pmta # Verify cat /proc/$(pgrep pmta | head -1)/limits | grep "open files" # Should show Max open files: 65535 # Kernel parameters for high-volume sending cat >> /etc/sysctl.conf << EOF net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_fin_timeout = 15 net.core.somaxconn = 65535 EOF sysctl -p
Frequently Asked Questions
Operating PowerMTA at production volume?
We manage PowerMTA environments for high-volume senders — configuration, IP warming schedule, daily reputation monitoring, and operational response. Fully managed. No self-service.
