KumoMTA & Migration
Open source has no support line. We are the team you call.
Managed KumoMTA is the ongoing operation of your KumoMTA estate by an outside team: monitoring, Traffic Shaping Automation, Lua configuration changes, warmup, deliverability work and incident response. It exists because open-source software has no vendor to call when something breaks at 2am — the engine is free, but running it well is not automatic.
Managed KumoMTA is the ongoing operation of your KumoMTA estate by an outside team: round-the-clock monitoring of queues, deferrals, bounces and reputation; Traffic Shaping Automation tuning; Lua configuration maintenance as version-controlled code; warm-up design; deliverability work; version upgrades; and incident response. KumoMTA is free under Apache 2.0, but the engine ships no support line and no web console, so the licence saving is real while the operational work it leaves behind is not optional.
In short
- → KumoMTA is free under Apache 2.0; what is not free is operating it well — a forum is not an on-call team and a GitHub issue does not unblock your queue at 2am.
- → KumoMTA ships no web console, so the 100+ Prometheus metrics and Grafana dashboards have to be stood up and watched, or you operate blind.
- → Traffic Shaping Automation handles the minute-to-minute, but the rules and thresholds it follows still have to be designed and monitored by someone.
- → Everything is run as configuration-as-code in version control, so an in-house team can later inherit a readable estate rather than a black box.
- → Your IPs and domains stay yours; managed operation runs the engine on assets you control, whether on your infrastructure or one we provision.
KumoMTA removes the part of PowerMTA that senders complained about most: the annual licence and the vendor relationship that stopped delivering value. What it does not remove is the work. A free, open-source engine still has to be operated, watched, tuned and rescued when a provider turns hostile, and there is no support contract behind it to make that someone else’s job. The community is genuinely active and the documentation is good, but a forum thread is not an on-call engineer and a GitHub issue does not unblock your queue while a campaign is going out.
That gap is exactly what managed KumoMTA fills. The license savings are real; the operational need they leave behind is also real, and it does not go away because the software is free. Run well, KumoMTA becomes the quietest part of a sending stack — one operator describes it as the piece of their infrastructure they now spend the least time on, because it simply does its job. Getting to that quiet takes deliberate operation. This is what that operation involves, and what we take off your team’s plate.
If KumoMTA is free, why pay to have it managed?
The make-or-buy decision for KumoMTA is sharper than it looks. Buying a managed ESP means paying per message and accepting shared infrastructure. Running KumoMTA yourself means owning the engine, the IPs and the reputation outright — and owning every operational responsibility that comes with them. There is no middle option where the software is free and the operation is automatic.
In-house operation means a person, or more honestly a team, who understands MTAs, Lua, deliverability and the modern observability stack, on call when sending breaks. That is a rare and expensive skill set to hire, and a risky one to depend on a single person for. Managed operation is the third path: the ownership and economics of self-hosting, without staffing a specialist function to keep it alive. You keep the IPs, the domains and the control; we supply the expertise and the on-call. For most senders moving off a commercial MTA precisely to regain control, that combination is the point — control without the operational burden that usually comes attached to it.
There is a security dimension the licence-versus-free framing tends to hide. A self-hosted MTA is internet-facing infrastructure, and an unpatched or misconfigured one is a liability — an open relay or a compromised node lands you on Spamhaus faster than any content mistake, and an engine that releases often has to be kept current to stay safe. With a commercial product some of that responsibility sat, at least nominally, with a vendor. With open source it sits squarely with whoever operates the estate. Managed operation makes that someone us: the engine patched on a controlled schedule, the install hardened to the surface it actually needs, and the whole thing watched, so security is a standing condition rather than a thing you remember after an incident has already taught you to.
What does running KumoMTA in production actually involve?
It helps to be concrete about the work, because “managed” is a vague word until you see what it covers. KumoMTA is a modern engine, and modern brings both capability and operational surface. These are the things that have to be running and healthy every day.
| Area | What it takes to operate |
|---|---|
| The TSA daemon | Traffic Shaping Automation runs as its own service, watching provider responses and adjusting shaping in real time. It has to be configured, kept healthy and tuned — and in a cluster, wired so every node talks to every daemon. |
| Configuration as code | Every change is a change to Lua policy, which means version control, review and testing rather than editing a live file and hoping. Concurrency and policy structure are real engineering decisions. |
| Observability | KumoMTA ships no web console. The 100+ Prometheus metrics and Grafana dashboards have to be stood up, watched and alerted on, or you are operating blind. |
| Warmup and reputation | Warmup logic can be encoded, but schedules still need designing and results still need watching. Reputation work does not stop after launch. |
| Upgrades and patching | An actively developed open-source engine releases often. Staying current — safely, without breaking a working config — is ongoing work, not a one-time install. |
| Scaling and clustering | Growth means more nodes, container orchestration and clustered traffic shaping, each of which adds operational surface to monitor and maintain. |
How do you operate KumoMTA with no web console?
KumoMTA ships no web console, and that is a deliberate design choice rather than an oversight: the project exposes data and leaves the interface to operators, on the reasoning that every team wants something different. For a team arriving from PowerMTA’s built-in monitor, that is a real gap on day one — the queue view, the VirtualMTA status, the at-a-glance health they were used to is simply not there out of the box.
What is there is better raw material. KumoMTA exports more than a hundred Prometheus metrics natively, at standard endpoints, covering queue depths, delivery and bounce rates, latency percentiles and system health, and there are pre-built Grafana dashboards ready to consume them. For a team already running Prometheus and Grafana, the monitoring is close to zero-configuration; for everyone else, that endpoint is a universal integration point into whatever observability platform they prefer. Closing the interface gap is one of the first things we do: we stand up the dashboards, define the alerts that matter, and where a client wants a managed view rather than a Grafana login, an optional control panel. The result is that moving to a more capable engine does not cost you visibility — you trade a bundled monitor for observability that is genuinely deeper, without having to build it yourself.
Does Traffic Shaping Automation mean KumoMTA runs itself?
The feature that most defines operating KumoMTA is Traffic Shaping Automation, the TSA daemon. It runs as its own service alongside the main engine, watching the responses providers send back — the temporary deferrals and permanent rejections — and adjusting the engine’s traffic-shaping rules in real time to stay within what each mailbox provider will tolerate. It is the difference between a static throttle that is wrong the moment a provider changes behaviour and a shaping policy that follows the provider as it moves.
That power comes with operational weight. TSA is configured across the engine’s init policy and the daemon’s own configuration, it merges a community-maintained shaping dataset with custom rules you define for your specific senders, and in a clustered deployment every node has to publish to and subscribe from the daemons correctly, with fault tolerance designed in. Run well, it is a genuine advantage that reacts faster than any human could. Run carelessly — a daemon that silently stopped, community rules that do not fit your sending, a cluster wired so one node is shaping blind — and it becomes a source of problems rather than a solution to them. Operating it properly means keeping the daemon healthy, layering shaping rules that match your actual traffic, and confirming through monitoring that it is reacting the way it should.
# Is the TSA daemon alive and reacting? (a silent daemon is a hidden outage)
$ systemctl is-active kumo-tsa-daemon && kcli tsa-status --summary
active · 3 rules firing · last adjustment 40s ago · cluster: 3/3 nodes subscribed
# Are queues draining and reputation holding across providers?
$ kcli queue-summary --by-site --top 3
gmail.com D 41920 Q 18 deferral-rate 0.4% OK
outlook.com D 28110 Q 0 deferral-rate 0.1% OK
yahoo.com D 15044 Q 6 deferral-rate 0.3% OK
# Alerting fires before you would ever notice — this is the quiet you pay forClustering and scale, operated
KumoMTA handles millions of messages an hour on a single server, so many senders never need more than one well-run node. When volume does outgrow that, the engine scales horizontally — more nodes, orchestrated with Docker or Kubernetes — and the operational picture changes with it. A cluster is not just several copies of one server; it is a system whose parts have to coordinate, and the coordination is where careful operation earns its place.
Traffic Shaping Automation is the clearest example. On a single node the daemon watches one engine and adjusts it. In a cluster, every node has to publish its provider responses to the daemons and subscribe to the shaping decisions that come back, so the whole estate shapes traffic as one coordinated sender rather than as a handful of nodes each guessing independently. Get that wiring wrong and one node shapes blind, sending into a provider the rest of the cluster already knows is deferring. We design the topology — a daemon per node or shared daemons, with a load balancer in front for fault tolerance so losing one daemon does not stop the cluster shaping — and operate it as a unit. Scaling, in other words, is not just adding machines; it is keeping a growing number of moving parts behaving like a single, coherent estate, which is operational work rather than a one-time architecture decision.
Integrations and the data pipeline
One of KumoMTA’s strengths is how openly it connects to the rest of a stack. Delivery and engagement events can flow out through webhooks, AMQP or Kafka into whatever data pipeline you already run, and policy can read directly from your databases, a secrets store like Vault, or other live sources through Lua hooks. For a data-driven sender that means the MTA stops being a black box at the edge of the system and becomes a participant in it — bounces, complaints and deliveries landing in the same warehouse as everything else, in close to real time.
Those integrations are powerful, and they are also moving parts that break quietly when a schema changes or an endpoint moves. Part of operating the estate is keeping them wired correctly and confirming the events are actually flowing, so the dashboards and downstream systems that depend on them are not silently working from stale data. We build the connections a sender needs and keep them honest, rather than leaving a feed that worked on launch day to rot.
Configuration as code is a discipline
KumoMTA’s configuration-as-code model is one of its real strengths and one of its real demands. Because policy is written in Lua rather than set in a static file, a change to how mail is routed, throttled or signed is a change to code — and it deserves the discipline code gets. We keep configuration in version control, review changes before they ship, and test them away from production rather than editing a live policy and watching what happens.
The reason is not bureaucracy; it is that Lua gives you enough power to cause real damage. Concurrency handled wrongly, a policy structured badly, a hook that reaches into a database without care — these are bugs, and on a production MTA a bug is a deliverability incident. Treating configuration as software, with the safeguards software has earned over decades, is what keeps that power an asset. A team operating KumoMTA by editing files directly on the box is one typo away from an outage; an estate operated as code is not.
Warmup and reputation, semi-automated
One of KumoMTA’s nicer properties is that warmup logic can be written into the configuration itself, adjusting sending volumes by IP age, historical performance, or whatever criteria you define, and combined with the TSA daemon’s real-time response to provider signals, warmup becomes substantially automated. That is a meaningful improvement over manually editing a config file every day of a ramp.
It is not, and we will not pretend it is, push-button simple. You still have to understand warmup principles, design schedules that fit the volume you genuinely have, and watch the results against real placement rather than trusting the automation blindly. Reputation is still earned slowly and lost quickly, and the automation executes a strategy — it does not invent one. So warmup under management is the encoded ramp doing the repetitive work, with an experienced eye setting the policy and watching the outcome. The automation removes the tedium; it does not remove the need for someone who knows what good looks like.
Can you take over a KumoMTA estate someone else set up?
Not every managed engagement starts from a migration we ran. A common one is taking over a KumoMTA estate someone else built — an in-house team that has moved on, a previous contractor, an install that worked at launch and has drifted since. We start these the same way every time: with an audit before any change. We read the existing Lua configuration, the TSA setup, whatever monitoring exists and the current reputation, so we understand exactly what we are inheriting rather than assuming it matches the documentation, if there is any.
What the audit turns up is fairly predictable. The install usually works, but it is often under-observed — metrics exposed and nobody watching them — or it carries a configuration translated literally from an old PowerMTA setup and never adapted to how KumoMTA actually wants to run. Sometimes the TSA daemon is misconfigured or quietly stopped, and the estate has been shaping traffic with stale rules for weeks. We stabilise first, bringing observation and shaping back to a healthy baseline, then improve from there in reviewed, version-controlled steps rather than rebuilding for its own sake. The goal of an onboarding is that the estate becomes legible and reliable, not that it becomes ours; an estate we could not hand back cleanly is one we operated badly.
What does managed KumoMTA operation include?
Pulling it together, this is the scope of a managed KumoMTA engagement. Not every client needs every item from day one, but each is part of what keeping a KumoMTA estate healthy actually requires.
- Monitoring and alerting on queues, delivery, deferrals, bounces and reputation, around the clock
- Configuration maintenance — Lua policy changes, reviewed and tested before they reach production
- Traffic Shaping Automation tuning, including custom rules layered over the community shaping data
- Warmup design and execution for new IPs and domains, measured against placement
- Authentication upkeep — DKIM, SPF, DMARC and the DNS that supports them
- Deliverability work: placement testing, provider relationships, reputation recovery
- Version upgrades and security patching on a controlled schedule
- Incident response when a provider blocks, a queue backs up or a listing appears
- Scaling support as volume grows, from a single node to a monitored cluster
The goal is an estate that runs quietly
The measure of managed operation done well is how little you have to think about it. The aim is not a flurry of visible activity; it is an estate that sends what it should, lands where it should, and rarely demands your attention — the state where the MTA becomes the part of the stack the team spends the least time on, because it quietly works. When something does go wrong, an experienced team is already watching and already responding, often before it reaches your inbox as a problem. Open-source software gives you the engine and the freedom. Managed operation gives you the quiet that makes that freedom worth having.
Because problems do not keep office hours, neither does the operation. Our team spans European, North American and Latin American time zones, so an alert that fires overnight reaches someone who can act on it rather than a queue that waits until morning — which, with reputation, is the difference between a non-event and an incident. The point of paying for operation rather than software is exactly this: that there is always someone whose job it is to be watching, and to move before a wobble becomes a problem you hear about from your own customers. There is a quieter economic argument underneath all of this, too. The licence fee that open source removes was always the visible cost; the invisible one is the senior engineering time a capable in-house operator would spend on call, on upgrades and on deliverability firefighting, time that rarely shows up on a budget line until an incident makes it impossible to ignore. Managed operation converts that unpredictable, lumpy cost into a known one, and frees the engineers you already employ to work on the product rather than on keeping the mail flowing.
FAQ
Managed KumoMTA questions
If KumoMTA is free, what am I paying you for?
For the operation, which is the part that is not free. Open source removes the licence fee; it does not remove the need to run the engine well, watch it around the clock, keep its configuration sound and respond when something breaks. The community is active and helpful, but a forum is not an on-call team, and a GitHub issue does not fix your queue at 2am. Managed KumoMTA is that team and that on-call, so your savings on licensing do not turn into a hidden cost in engineering hours and incidents.
Do you host KumoMTA, or just operate ours?
Either. We can run KumoMTA on infrastructure you own, on your cloud account, or on infrastructure we provision — whichever keeps your IPs and reputation where you want them. What stays constant is that the IPs and domains remain yours; we operate the engine on top of assets you control rather than locking you into ours.
Can you take over a KumoMTA estate someone else set up?
Yes, and it is a common starting point. We begin with an audit of the existing configuration, the TSA setup, the monitoring and the reputation, so we understand what we are inheriting before we change anything. Often the install works but is under-observed or carries a literal translation of an old PowerMTA config; we stabilise first, then improve, rather than rebuilding for the sake of it.
KumoMTA offers commercial support. Why not just buy that?
They are different things, and they can coexist. Commercial support from the project answers questions about the software; managed operation runs your specific estate — your IPs, your streams, your warmup, your incidents — day to day. Support tells you how a feature works; management makes sure your sending actually lands. Some clients keep a project support relationship alongside us, and that is fine.
Does Traffic Shaping Automation mean it runs itself?
Partly, and that is the honest answer. TSA reacts to provider signals in real time and adjusts shaping automatically, which removes a great deal of manual tuning. But it works from rules and thresholds someone has to design, it needs custom shaping layered over the community defaults for your specific senders, and it has to be monitored to confirm it is reacting correctly. Automation handles the minute-to-minute; judgement still sets the policy it follows.
What if we want to bring operation in-house later?
That is a legitimate goal and we support it. Because everything we run is configuration as code in version control, with documentation and the monitoring we stood up, an in-house team inherits a clear, readable estate rather than a black box. We would rather hand over something your team can run than build dependence on us — a managed relationship should be a choice you keep making, not a trap.
Single server or a cluster — does it matter for managing it?
It changes the operational picture. A single node is simpler; a cluster brings container orchestration and clustered traffic shaping, where every node must communicate with the TSA daemons and failover has to be designed. KumoMTA scales to millions of messages an hour on one server and horizontally beyond that, so we size the architecture to your volume and operate whichever shape it takes.
Start with the audit.
Twenty-five points across authentication, reputation, infrastructure and compliance — a written assessment, no charge and no obligation. It tells both of us exactly what we are working with.