Contents
A sudden delivery rate drop in PowerMTA requires systematic diagnosis rather than reactive configuration changes. The cause determines the correct response — increasing connections when the problem is reputation worsens the situation. This guide provides the complete triage and diagnosis protocol for PowerMTA delivery rate drops, covering blacklisting, reputation events, configuration changes, and authentication failures.
First 15 Minutes: Triage Protocol
The first priority is scoping: is this affecting one ISP or all? One IP or the entire pool? Did it start with a specific campaign or gradually over hours? These answers determine which root cause category to investigate first.
# 1. Check overall status
pmta show status | grep -E "queue|delivered|deferred"
# 2. Identify which ISP is accumulating queue
pmta show queue --all | sort -k3 -rn | head -10
# 3. Check recent error patterns
tail -2000 /var/log/pmta/accounting.csv | \
awk -F, '$1 ~ /[tb]/ {print substr($10,1,60)}' | sort | uniq -c | sort -rn | head -10
# 4. Find when the drop started
awk -F, 'NR>1 && $1=="d" {hour=substr($2,1,13); count[hour]++} END {
for(h in count) print h, count[h]
}' /var/log/pmta/accounting.csv | sort | tail -12
Identify Scope by ISP and IP
# Per-ISP delivery rate (last 2 hours)
awk -F, -v cutoff="$(date -d '2 hours ago' '+%Y-%m-%dT%H:%M')" '
NR>1 && $2>=cutoff {
split($6,a,"@"); d=a[2]
if($1=="d") del[d]++; if($1=="t") def[d]++
} END {
for(d in del) {
t=del[d]+def[d]
if(t>50) printf "%s: %.0f%% delivered (%d total)\n", d, del[d]/t*100, t
}
}' /var/log/pmta/accounting.csv | sort -t: -k2 -n
# Per source-IP delivery rate
awk -F, 'NR>1 {
if($1=="d") del[$15]++; if($1=="t") def[$15]++
} END {
for(ip in del) printf "%s: %.0f%% delivered\n", ip, del[ip]/(del[ip]+def[ip])*100
}' /var/log/pmta/accounting.csv | sort -t: -k2 -n
Check for IP Blacklisting
# DNS blacklist checks for each sending IP
for IP in 185.x.x.10 185.x.x.11 185.x.x.12; do
echo "=== $IP ==="
# Reverse octets for DNS query
REV=$(echo $IP | awk -F. '{print $4"."$3"."$2"."$1}')
# Spamhaus ZEN (covers SBL, XBL, PBL)
dig +short $REV.zen.spamhaus.org 2>/dev/null
# Spamhaus CSS (specific to spam sources)
dig +short $REV.sbl.spamhaus.org 2>/dev/null
# Barracuda
dig +short $REV.b.barracudacentral.org 2>/dev/null
done
# Blacklist indicators in accounting log format:
grep -iE "blacklist|dnsbl|listed|blocked" /var/log/pmta/accounting.csv | \
awk -F, '{print substr($10,1,80)}' | sort | uniq -c | sort -rn | head -10
# If listed: submit delisting requests immediately
# Spamhaus: https://check.spamhaus.org
# Barracuda: https://www.barracudacentral.org/rbl/removal-request
Check Reputation Data by Provider
| Provider | Tool | URL | Data Lag |
|---|---|---|---|
| Gmail | Google Google Postmaster Tools integration | postmaster.google.com | 24-72 hours |
| Microsoft | Microsoft SNDS | sendersupport.olc.protection.outlook.com/snds | 24-48 hours |
| Yahoo | Yahoo Postmaster | senders.yahooinc.com | 24-48 hours |
# While waiting for reputation tools to update, read accounting log signals:
# Gmail reputation 421 pattern:
grep "gmail.com" /var/log/pmta/accounting.csv | \
awk -F, '$1=="t" && $10~/4.7.0/ {count++} END {print "Reputation deferrals:", count}'
# Microsoft RP block pattern:
grep "outlook.com" /var/log/pmta/accounting.csv | \
awk -F, '$1=="t" && $10~/RP-00/ {print substr($10,1,40)}' | sort | uniq -c
Check Recent Configuration Changes
# Config file modification time ls -la /etc/pmta/config /etc/pmta/*.conf 2>/dev/null # Recent config reload events grep "reload\|restart\|config loaded" /var/log/pmta/pmta.log | tail -10 # DKIM key validation pmta check-dkim --domain=yourdomain.com --selector=s1 2>/dev/null || \ echo "DKIM check failed — verify key files and DNS record" # DNS record spot-check dig TXT yourdomain.com | grep "v=spf1" dig TXT _dmarc.yourdomain.com | grep "v=DMARC1" dig TXT s1._domainkey.yourdomain.com | grep "v=DKIM1"
Authentication Verification
# Send a test message and verify headers in receiving mailbox # Check for in Gmail received headers: # Authentication-Results: mx.google.com; # dkim=pass header.i=@yourdomain.com header.s=s1 # spf=pass (google.com: domain of bounce@mail.yourdomain.com) # dmarc=pass (p=REJECT header.from=yourdomain.com) # Authentication failures in accounting log (550 5.7.26 = DMARC failure): grep "550 5.7.26\|dmarc\|DMARC" /var/log/pmta/accounting.csv | wc -l # Any count above 0 requires immediate authentication debugging
Recovery Protocol by Root Cause
| Root Cause | Recovery Steps | Timeline |
|---|---|---|
| Blacklisted IP | Submit delisting; route traffic to clean IPs; improve list quality | 24-72h per BL |
| Gmail reputation drop | Reduce volume 50%; pause non-transactional; monitor Postmaster recovery | 1-3 weeks |
| Microsoft RP block | Stop from blocked IP; SNDS monitoring; resume clean after 48h | 2-5 days |
| Configuration error | Revert change; pmta reload; verify with test message | Minutes |
| Authentication failure | Fix DKIM/SPF/DMARC; pmta reload; verify authentication headers | Minutes to 1h |
Frequently Asked Questions
Operational Reference: Delivery Rate Suddenly Dropped
The PowerMTA configuration for delivery rate suddenly dropped represents one component of a broader infrastructure management discipline. The specific parameter values and monitoring thresholds that apply to your environment depend on your current IP reputation tier, sending volume per ISP, and list engagement characteristics. Review these configurations during your monthly infrastructure audit and adjust based on observed delivery rate trends and ISP-specific deferral patterns.
Operating PowerMTA at production volume?
We manage PowerMTA environments for high-volume senders — configuration, IP warming schedule, daily reputation monitoring, and operational response. Fully managed. No self-service.
