What Is KumoMTA?
KumoMTA is an open-source, production-grade Mail Transfer Agent developed by Flying Circus / Prozesshell. It processes over 10 billion emails per month for enterprises worldwide and is rapidly becoming the default choice for organizations migrating from legacy MTAs like Postfix, Exim, Sendmail, and PowerMTA.
Key capabilities:
- Apache 2.0 open source license — no per-server fees, no per-volume pricing
- Rust-based architecture — memory-safe, high-performance, no garbage collection pauses
- AI-powered deployment assistant — automated configuration optimization
- Lua scripting — flexible per-tenant routing, traffic shaping, and custom logic
- Built-in Prometheus metrics — real-time monitoring and alerting
- Multi-tenant architecture — isolated sending environments per customer or brand
- Docker and Kubernetes native — deploy anywhere in your cloud
- TLS 1.3 and IPv6 — modern protocol support out of the box
KumoMTA Architecture Overview
Unlike legacy MTAs that evolved from 1980s Unix mail systems, KumoMTA was designed from scratch for 2026 internet infrastructure. This matters because:
No legacy包袱 (baggage): Postfix and Exim carry decades of backward-compatibility code that introduces security vulnerabilities and performance bottlenecks. KumoMTA has none.
Memory safety without GC: Rust's ownership model provides memory safety without garbage collection — critical for sustained high-throughput email processing.
Modern concurrency: KumoMTA's async architecture handles hundreds of thousands of concurrent connections efficiently.
┌─────────────────────────────────────────────────────┐
│ KumoMTA Architecture │
├─────────────────────────────────────────────────────┤
│ Inbound: SMTP (port 25/587) ← Traffic sources │
│ HTTP API ← Applications │
│ │
│ ┌──────────────┐ ┌──────────────────────────┐ │
│ │ Lua Policy │ → │ Queue Management │ │
│ │ Engine │ │ (per-tenant, per-domain) │ │
│ └──────────────┘ └──────────────────────────┘ │
│ ↓ │
│ ┌──────────────┐ ┌──────────────────────────┐ │
│ │ DKIM Signing │ │ Outbound Delivery │ │
│ │ Module │ │ (TLS 1.3, IPv6, retry) │ │
│ └──────────────┘ └──────────────────────────┘ │
│ │
│ Metrics: Prometheus ← Grafana dashboards │
└─────────────────────────────────────────────────────┘
Installing KumoMTA
Prerequisites
- Linux server (Ubuntu 22.04+ or RHEL 9+) — 4 cores minimum, 8GB RAM for moderate volume
- Domain name with DNS access for MX, SPF, DKIM, and DMARC records
- Dedicated IP addresses (2+ for warmup rotation)
- Optional: PostgreSQL for delivery tracking
Ubuntu/Debian Installation
# Add KumoMTA repository
curl -L https://install.kumomta.com | sudo bash
# Install KumoMTA
sudo apt-get install kumomta
# Start the service
sudo systemctl enable kumomta
sudo systemctl start kumomta
Docker Installation (Recommended)
docker pull ghcr.io/kumomta/kumomta:latest
docker run -d \
--name kumomta \
-p 25:2525 \
-p 587:2587 \
-v kumomta_config:/etc/kumomta \
-v kumomta_spool:/var/spool/kumomta \
ghcr.io/kumomta/kumomta:latest
Kubernetes Deployment
KumoMTA supports Helm charts for Kubernetes deployment. A production-grade Helm values file includes:
- Multi-replica deployment for high availability
- Persistent volume claims for spool storage
- ServiceMonitor for Prometheus scraping
- Horizontal pod autoscaling based on queue depth
KumoMTA Configuration
Basic Configuration File
-- /etc/kumomta/kumomta.conf
kumo.start_spool_listener {
listen = "[::]:25",
tenant = "default",
relay_hosts = { "10.0.0.0/8", "172.16.0.0/12" },
auth_require_tls = false, -- Enable for submission ports
}
-- DKIM signing
kumo.configure_dkim_signing {
domain = "example.com",
selector = "mail",
key_file = "/etc/kumomta/keys/example.com.pem",
}
-- Prometheus metrics
kumo.configure_metrics {
listen = "[::]:2000",
}
Lua Policy Configuration
KumoMTA's Lua integration is its most powerful feature. Use Lua to implement:
- Per-tenant traffic shaping and rate limiting
- Dynamic routing based on recipient domain
- Custom bounce processing and suppression
- Pre-send content filtering
-- Per-tenant rate limiting
kumo.on('smtp_server_greeting', function(domain, meta)
local tenant = meta.tenant
local limit = get_tenant_limit(tenant) -- custom function
kumo.limit_sending(tenant, limit)
end)
DKIM, SPF, and DMARC Authentication
Proper email authentication is non-negotiable for deliverability in 2026. Gmail, Yahoo, and Microsoft all require DKIM and SPF at minimum, with DMARC becoming mandatory for high-volume senders.
DKIM Setup with KumoMTA
- Generate your DKIM key pair:
openssl genrsa -2048 -out private.key 2048
openssl rsa -in private.key -pubout -out public.txt
- Add the public key to your DNS as a TXT record:
selector._domainkey.example.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA..."
- Configure KumoMTA to sign outgoing mail:
kumo.configure_dkim_signing {
domain = "example.com",
selector = "selector",
key_file = "/etc/kumomta/keys/example.com.pem",
}
SPF Configuration
Add an SPF record to your DNS:
v=spf1 ip4:203.0.113.0/24 include:_spf.example.com ~all
KumoMTA respects SPF during delivery — ensure your sending IPs are included in your SPF record.
DMARC Setup
Create a DMARC record:
_dmarc.example.com IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"
PostMTA's team can audit your current authentication setup and ensure full compliance with Gmail and Yahoo's 2024 sender requirements.
👉 Get a free authentication audit →
IP Warmup for KumoMTA
IP warmup is the process of gradually building sender reputation with ISPs when starting with new IP addresses. Skipping warmup is the #1 cause of poor inbox placement for new KumoMTA deployments.
Gmail Warmup Schedule (8-Week)
| Week | Daily Volume | Notes |
|---|---|---|
| 1 | 50-100 | Start with engaged recipients |
| 2 | 200-500 | Watch complaint rate |
| 3 | 1,000-2,000 | Monitor bounce rate |
| 4 | 5,000-10,000 | Check Postmaster Tools |
| 5 | 25,000-50,000 | Full engagement metrics |
| 6 | 100,000-200,000 | ISP trust building |
| 7 | 400,000-800,000 | Near full volume |
| 8 | Full volume | Continuous monitoring |
KumoMTA's Lua scripting makes automated warmup easy — configure traffic shaping per IP pool and let the MTA handle gradual volume increases.
For a complete warmup strategy, see our IP Warmup Strategies Guide.
KumoMTA vs PowerMTA
The most common migration in 2026 is from PowerMTA (PMTA) to KumoMTA. Here's the key comparison:
| Factor | KumoMTA | PowerMTA |
|---|---|---|
| License | Apache 2.0 (free) | Commercial (~$2,500+/server/year) |
| Architecture | Rust | Java |
| AI features | Built-in assistant | None |
| Kubernetes | Native | Containerized only |
| Learning curve | Moderate | Steep |
| Community | Growing | Established |
For full comparison, see our KumoMTA vs PowerMTA 2026 Guide.
KumoMTA vs SendGrid vs Amazon SES
| Factor | KumoMTA | SendGrid | Amazon SES |
|---|---|---|---|
| Control | Full self-hosted | API only | API/SMTP |
| Cost (10M/day) | ~$1,500/mo infra | ~$1,200/mo | ~$200/mo |
| AI optimization | Yes | Limited | No |
| Setup complexity | Medium | Low | Medium |
| Compliance control | Full | Limited | Limited |
For organizations sending over 2M emails/day, self-hosted KumoMTA delivers better economics and full control. Below that threshold, cloud services like SendGrid or Amazon SES may be simpler.
Monitoring and Observability
KumoMTA exposes Prometheus metrics out of the box. Key metrics to monitor:
-
kumomta_messages_total— Total messages processed -
kumomta_messages_delivered_total— Successfully delivered -
kumomta_messages_bounced_total— Bounces by type -
kumomta_queue_depth— Current queue size per tenant/domain -
kumomta_delivery_latency_seconds— End-to-end delivery time
Set up Grafana dashboards for real-time alerting on:
- Bounce rate exceeding 3%
- Queue depth growing beyond threshold
- Delivery latency spikes
- TLS failure rates
Common KumoMTA Issues and Troubleshooting
Issue: Messages queuing without delivery
Cause: Network connectivity, DNS resolution, or remote MX issues
Fix: Check KumoMTA logs (journalctl -u kumomta) and verify DNS resolution
Issue: High soft bounce rate
Cause: Recipient server throttling, temporary failures
Fix: Implement exponential backoff in Lua policy, monitor feedback loops
Issue: DKIM validation failures
Cause: Incorrect DKIM record, selector mismatch, key corruption
Fix: Verify DNS TXT record with dig TXT selector._domainkey.example.com
Issue: Slow delivery during high volume
Cause: Insufficient connection limits, network bottlenecks
Fix: Tune max_connections_per_domain and delivery_threads in config
FAQ: KumoMTA in 2026
Q: Is KumoMTA really free for commercial use?
A: Yes. KumoMTA is licensed under Apache 2.0, which permits commercial use, modification, and redistribution with no licensing fees. Your only costs are infrastructure and engineering.
Q: Can KumoMTA handle 100 million emails per day?
A: Yes. With proper horizontal scaling (multiple KumoMTA instances behind a load balancer) and sufficient infrastructure, KumoMTA handles 100M+ daily volume routinely.
Q: How does KumoMTA compare to Postfix?
A: Postfix is a general-purpose mail server designed for internal mail routing. KumoMTA is purpose-built for high-volume outbound email delivery with multi-tenant traffic shaping, AI-assisted configuration, and modern architecture. For sending over 100K emails/day, KumoMTA is the superior choice.
Q: Does KumoMTA support SMTP authentication?
A: Yes. KumoMTA supports AUTH on submission ports (587) with PLAIN, LOGIN, and CRAM-MD5 mechanisms, plus TLS encryption.
Q: What's the difference between KumoMTA and Kumomta Cloud?
A: KumoMTA is the open source software you install on your infrastructure. Kumomta Cloud (from Flying Circus) is a managed service offering. PostMTA offers independent consulting for both deployment models.
Next Steps
Ready to deploy KumoMTA for your organization? PostMTA's engineering team provides:
- KumoMTA Setup & Configuration — Production deployment with proper authentication
- PowerMTA to KumoMTA Migration — Zero-downtime migration with IP warmup continuity
- IP Warmup Management — Full warmup service until full volume
- Ongoing Monitoring — 24/7 infrastructure monitoring and alerting
This guide is part of the PostMTA Email Infrastructure Series. For related guides, see IP Warmup Strategies, Email Authentication Guide, and SMTP Relay Setup.
Top comments (0)