Client Portal
December 2025 · POWERMTA TECHNICAL REFERENCE

PowerMTA Virtual MTA Configuration — Multiple IPs, Pool Setup, and Traffic Isolation

December 2025 PowerMTA 6.x PowerMTA Virtual MTA Configuration

Contents

  1. Virtual MTA Basics
  2. Single IP Configuration
  3. Multiple IP Pool Configuration
  4. Traffic Type Isolation
  5. Per-Virtual-MTA DKIM Signing
  6. Message Routing to Virtual MTAs
  7. Per-IP Monitoring
  8. FAQ

Virtual MTA (vMTA) configuration is the mechanism through which PowerMTA maps outbound sending activity to specific IP addresses. In production environments, IP address allocation and isolation are the primary tools for reputation management — transactional email, marketing campaigns, and cold outreach must operate from separate IP pools to prevent reputation events in one traffic type from affecting others. This reference covers the complete virtual MTA and pool configuration for multi-IP production environments.

Section 1

Virtual MTA Architecture

A virtual-mta block defines a sending identity: the source IP PowerMTA binds for outbound SMTP connections and the hostname presented in the EHLO/HELO command. Each virtual-mta corresponds to exactly one source IP. Multiple virtual-MTAs are grouped into virtual-mta-pools, and pools are referenced in domain blocks to route traffic for specific destination ISPs.

# Architecture overview:
# virtual-mta (1 per IP)
#     ↓ grouped into
# virtual-mta-pool (IP group for load distribution)
#     ↓ referenced by
# domain block (per-ISP delivery configuration)
#
# Example: 3 IPs dedicated to Gmail

    smtp-source-host 185.x.x.10 mail1.yourdomain.com


    smtp-source-host 185.x.x.11 mail2.yourdomain.com


    smtp-source-host 185.x.x.12 mail3.yourdomain.com


    virtual-mta gmail-ip-1
    virtual-mta gmail-ip-2
    virtual-mta gmail-ip-3


    virtual-mta-pool gmail-pool
    max-smtp-out tuning 8
    mx-rollup gmail.com
Section 2

Single IP Virtual MTA Configuration

For environments with a single sending IP, the virtual MTA configuration is straightforward. One virtual-mta block, a single-member pool, and domain blocks referencing that pool. This is the starting configuration for new IP warming schedule — before adding additional IPs to the pool.


    smtp-source-host 185.x.x.10 mail1.yourdomain.com
    dkim-sign domain="yourdomain.com" \
              key-file="/etc/pmta/dkim/yourdomain.private" \
              selector="s1"



    virtual-mta primary-mta


# During IP warming — keep connection limits conservative

    virtual-mta-pool primary-pool
    max-smtp-out 3           # Low during warming phase
    max-msg-rate 500/d       # Start at 500/day, increase weekly
    retry-after 15m
    mx-rollup gmail.com
Section 3

Multiple IP Pool Configuration

When multiple IPs are available, they should be allocated to pools based on destination ISP, not mixed arbitrarily. Gmail traffic should go to Gmail-optimized IPs (with Gmail-specific warming history), Microsoft traffic to Microsoft-optimized IPs, etc. Mixing traffic from multiple ISPs across the same IP pool creates competing reputation signals.

# ISP-separated IP pool architecture

# Gmail pool — IPs with Gmail warming history

    virtual-mta gmail-ip-1   # 185.x.x.10
    virtual-mta gmail-ip-2   # 185.x.x.11
    virtual-mta gmail-ip-3   # 185.x.x.12


# Microsoft pool — IPs with Outlook warming history

    virtual-mta ms-ip-1      # 185.x.x.20
    virtual-mta ms-ip-2      # 185.x.x.21


# EU ISP pool — IPs configured for GMX, T-Online, Orange

    virtual-mta eu-ip-1      # 185.x.x.30
    virtual-mta eu-ip-2      # 185.x.x.31


# Transactional — protected pool, minimal volume

    virtual-mta trans-ip-1   # 185.x.x.40
Section 4

Traffic Type Isolation: Transactional vs Marketing vs Cold

The most critical isolation decision is separating transactional email (2FA codes, receipts, account notifications) from marketing (campaigns, newsletters) and cold outreach. Transactional email must never share IPs with marketing or cold email — a complaint rate event on a marketing campaign must not affect transactional delivery.

# Traffic type isolation architecture


    smtp-source-host 185.x.x.40 trans1.yourdomain.com
    dkim-sign domain="yourdomain.com" key-file="/etc/pmta/dkim/trans.private" selector="trans"


    virtual-mta trans-ip-1



    smtp-source-host 185.x.x.50 mkt1.yourdomain.com


    virtual-mta mkt-ip-1
    virtual-mta mkt-ip-2


# Routing: two injection listeners for two traffic types
smtp-listener 127.0.0.1:2525 {{ default-virtual-mta trans-ip-1 }}    # Transactional
smtp-listener 127.0.0.1:2526 {{ default-virtual-mta mkt-ip-1 }}       # Marketing

# Your application sends to port 2525 for transactional, 2526 for marketing
Section 5

Per-Virtual-MTA DKIM Signing Configuration

# DKIM signing can be set globally in virtual-mta or per-domain in domain block
# Best practice: set in virtual-mta for global signing, override in domain block if needed


    smtp-source-host 185.x.x.10 mail1.yourdomain.com
    # Sign with main domain key
    dkim-sign domain="yourdomain.com" \
              key-file="/etc/pmta/dkim/yourdomain.private" \
              selector="s1" \
              header-list="From:To:Subject:Date:Message-ID:Content-Type:MIME-Version"


# For multi-brand deployments: per-brand DKIM keys

    smtp-source-host 185.x.x.60 brand-a-mail1.com
    dkim-sign domain="brand-a.com" \
              key-file="/etc/pmta/dkim/brand-a.private" \
              selector="s1"
Section 6

Per-IP Accounting and Monitoring

# Monitor delivery statistics per virtual MTA
pmta show vmta gmail-ip-1
pmta show vmta gmail-ip-2

# accounting log format analysis by source IP
# The dlvSourceIp field in CSV accounting log shows the source IP per delivery
grep "185.x.x.10" /var/log/pmta/accounting-YYYYMMDD.csv | \
  awk -F, '$8 == "250" {{delivered++}} $8 ~ /^4/ {{deferred++}} $8 ~ /^5/ {{bounced++}} \
  END {{print "IP 185.x.x.10 — delivered:", delivered, "deferred:", deferred, "bounced:", bounced}}'
IP-level monitoring principleMonitor each IP's high deferral rate diagnosis independently. A pool-level view masks individual IP problems — one IP with a high deferral rate can be identified and taken out of rotation while the pool continues delivering from remaining IPs. Per-IP accounting log analysis should be part of daily operational monitoring.
FAQ

Frequently Asked Questions

How many virtual MTAs can I configure in PowerMTA? +
Can two virtual MTAs share the same source IP? +
How do I route different traffic types to different virtual MTAs? +
What is the difference between virtual-mta and virtual-mta-pool? +
How does PowerMTA distribute connections across a pool? +

Operating PowerMTA at production volume?

We manage PowerMTA environments for high-volume senders — configuration, IP warming, daily reputation monitoring, and operational response. Fully managed. No self-service.

Request Technical Assessment
Need a Managed PowerMTA Environment?

Cloud Server for Email operates fully managed PowerMTA infrastructure from EU-based dedicated servers. Daily monitoring, per-ISP domain block optimization, IP warming management, and incident response included.

Infrastructure Services

Technical References

Related Articles

Virtual Mta Pool Round Robin Weighted
Api Http Interface Configuration
Bounce Processing Configuration

Need PowerMTA support?

Our team works with PowerMTA daily. Contact us for a technical consultation on your specific configuration.

Contact Us
Cloud Server for Email

Dedicated email infrastructure engineered for high-volume outbound operations.

INFRASTRUCTURE

POWERMTA

PowerMTA Technical FAQ

Contact

© All Copyright 2015–2026 by Cloud Server for Email