Marat's Notes

Setting up KumoMTA: A High-Performance Email Server

Apr 1, 2024
3 minute read

KumoMTA is a modern, high-performance mail transfer agent (MTA) designed for high-volume email sending. This guide will walk you through the process of setting up and configuring KumoMTA for optimal performance and deliverability.

Prerequisites

Before beginning the installation, ensure you have:

  1. System Requirements:
    • Linux-based operating system (Ubuntu 20.04+ recommended)
    • Minimum 4GB RAM
    • 20GB+ disk space
    • Static IP address
    • Proper DNS configuration
  2. DNS Configuration:
    • Valid SPF record
    • DKIM setup
    • DMARC policy
    • Reverse DNS (PTR) record

Installation

1. System Preparation

First, update your system and install dependencies:

# Update system packages
sudo apt update && sudo apt upgrade -y

# Install required dependencies
sudo apt install -y \
    build-essential \
    libssl-dev \
    pkg-config \
    git \
    curl \
    wget

2. Installing KumoMTA

Download and install KumoMTA:

# Download the latest release
wget https://github.com/KumoCorp/kumomta/releases/latest/download/kumomta.deb

# Install the package
sudo dpkg -i kumomta.deb

Configuration

1. Basic Configuration

Create the main configuration file:

-- /opt/kumomta/etc/policy/init.lua
kumo.on('init', function()
  -- Configure logging
  kumo.configure_logging({
    level = 'INFO',
    format = 'json',
    destination = '/var/log/kumomta/main.log'
  })

  -- Configure SMTP listener
  kumo.start_esmtp_listener {
    listen = '0.0.0.0:25',
    hostname = 'mail.yourdomain.com',
    max_message_size = '50MB'
  }
end)

2. Queue Configuration

Set up the message queue:

-- /opt/kumomta/etc/policy/queue.lua
kumo.on('queue_message', function(msg)
  -- Set default queue parameters
  msg:set_meta('queue', 'default')
  msg:set_meta('retry_interval', '5m')
  msg:set_meta('max_retries', 3)
end)

3. DKIM Configuration

Configure DKIM signing:

-- /opt/kumomta/etc/policy/dkim.lua
kumo.on('smtp_server_message_received', function(msg)
  -- Load DKIM key
  local dkim_key = kumo.load_dkim_key {
    domain = 'yourdomain.com',
    selector = 'default',
    key_path = '/opt/kumomta/etc/dkim/private.key'
  }

  -- Sign the message
  msg:dkim_sign(dkim_key)
end)

Performance Tuning

1. Resource Allocation

Optimize system resources:

-- /opt/kumomta/etc/policy/performance.lua
kumo.on('init', function()
  -- Configure worker threads
  kumo.configure_workers {
    count = 4,  -- Adjust based on CPU cores
    max_connections = 1000
  }

  -- Configure memory limits
  kumo.configure_memory {
    max_heap_size = '2GB',
    max_message_size = '50MB'
  }
end)

2. Rate Limiting

Implement rate limiting:

-- /opt/kumomta/etc/policy/rate_limiting.lua
kumo.on('smtp_server_message_received', function(msg)
  -- Rate limit by domain
  local domain = msg:get_meta('domain')
  if not kumo.rate_limit(domain, {
    max_requests = 100,
    window = '1m'
  }) then
    return kumo.reject(550, 'Rate limit exceeded')
  end
end)

Monitoring and Logging

1. Log Configuration

Set up comprehensive logging:

-- /opt/kumomta/etc/policy/logging.lua
kumo.on('init', function()
  kumo.configure_logging {
    level = 'INFO',
    format = 'json',
    destination = '/var/log/kumomta/main.log',
    rotation = {
      max_size = '100MB',
      max_files = 10
    }
  }
end)

2. Metrics Collection

Configure metrics collection:

-- /opt/kumomta/etc/policy/metrics.lua
kumo.on('init', function()
  kumo.configure_metrics {
    destination = 'prometheus',
    port = 9090,
    path = '/metrics'
  }
end)

Security Configuration

1. TLS Configuration

Set up TLS for secure communication:

-- /opt/kumomta/etc/policy/tls.lua
kumo.on('init', function()
  kumo.configure_tls {
    certificate = '/opt/kumomta/etc/tls/cert.pem',
    private_key = '/opt/kumomta/etc/tls/key.pem',
    protocols = {'TLSv1.2', 'TLSv1.3'}
  }
end)

2. Access Control

Implement access control:

-- /opt/kumomta/etc/policy/access.lua
kumo.on('smtp_server_message_received', function(msg)
  local client_ip = msg:get_meta('client_ip')
  
  -- Check against allowlist
  if not kumo.is_allowed_ip(client_ip) then
    return kumo.reject(550, 'Access denied')
  end
end)

Testing and Validation

1. Basic Testing

Test the configuration:

# Check configuration syntax
sudo kumomta check-config

# Test SMTP connection
telnet localhost 25

# Send test email
echo "Subject: Test" | sendmail -f sender@yourdomain.com recipient@example.com

2. Monitoring Setup

Set up monitoring:

# Install monitoring tools
sudo apt install -y prometheus node-exporter

# Configure Prometheus
cat > /etc/prometheus/prometheus.yml << EOF
scrape_configs:
  - job_name: 'kumomta'
    static_configs:
      - targets: ['localhost:9090']
EOF

Troubleshooting

Common issues and solutions:

  1. Connection Issues:
    • Check firewall settings
    • Verify DNS configuration
    • Check network connectivity
  2. Delivery Problems:
    • Verify SPF/DKIM/DMARC records
    • Check IP reputation
    • Review bounce messages
  3. Performance Issues:
    • Monitor system resources
    • Check queue status
    • Review rate limits

Conclusion

Setting up KumoMTA requires careful attention to configuration, security, and performance tuning. By following this guide, you’ll have a robust, high-performance email server capable of handling high-volume email sending while maintaining good deliverability rates.

Remember to:

  1. Regularly monitor system performance
  2. Keep software updated
  3. Maintain security configurations
  4. Monitor email deliverability metrics
  5. Review and adjust rate limits as needed

With proper configuration and maintenance, KumoMTA can provide a reliable and scalable solution for your email sending needs.