PowerMTA or KumoMTA · parallel delivery · vendor-neutral selection

From legacy Postfix with house scripts to enterprise MTA, without losing a message.

B2B operations that grew for years on Postfix with modified master.cf, custom transport maps, elaborate header_checks regexes, milters written in C or Python, bounce processing scripts that feed downstream systems, and rate limiting via custom queue manipulation. It works, but the scale-up accumulates unmanageable complexity: the team that wrote the scripting is no longer at the company, operational runbooks were never documented, observability is grep across log files. The upgrade to PowerMTA or KumoMTA recovers functional parity with native observability, documented runbooks, managed multi-IP rotation, robust persistent queue, per-ISP throttling, advanced bounce classification, automated feedback loop processor. The Jobtome case study from Postmastery documents replacing 30 Postfix instances with a single PowerMTA at 2.5 million emails per peak hour and 7 minute average delivery time. No lock-in between PowerMTA and KumoMTA: the decision is based on customer variables (volume profile, multi-tenancy, compliance, in-house engineering depth, budget) rather than EMP commercial interests. Approximately 55 percent of EMP migrations route to PowerMTA, 45 percent route to KumoMTA, with the split shifting toward KumoMTA over 2024-2026 as the open-source option matured.

2.5Mpeak hour rate single PowerMTA
Jobtome / Postmastery case
500Kdaily Postfix ceiling
Tuned hardware realistic
2-4wkparallel delivery period
Validation before cutover
284dPowerMTA avg uptime
Without restart, Port25 data
Start migration See the 4 scale signals
The four scale signals that justify migration · any one is sufficient, two or more make it inevitable

When Postfix stops being the right answer.

Postfix handles 500,000 to 1 million messages per day on tuned hardware before structural limitations appear. Below that volume Postfix is the right answer for most B2B and SaaS operations because the operational simplicity outweighs the additional capabilities of commercial MTAs. Above that volume the four signals below become visible; any one signal justifies migration consideration; two or more signals make migration the right answer for the program.

Signal 01

Volume above ceiling

Monthly volume above 5 million suggests daily peaks above 500K. Postfix queue management struggles under sustained load; deferrals accumulate at receivers without aggregated visibility.

Threshold: 5M+ monthly
Signal 02

Multi-IP pool needs

More than 4 IPs requiring per-ISP traffic shaping, reputation segmentation between streams. Postfix orchestration via external scripts becomes unmaintainable as pool grows.

Threshold: 4+ IPs
Signal 03

Stream isolation

Dedicated transactional vs marketing stream separation requiring isolated reputation surfaces, per-stream throttling, per-stream FBL processing.

Threshold: 2+ streams
Signal 04

Multi-tenant platform

Platform sending on behalf of clients requiring per-tenant configuration, per-tenant reputation isolation, per-tenant compliance documentation.

Threshold: Any tenant count
Concept mapping · Postfix construct on the left, target MTA equivalent on the right

What translates cleanly, and what requires custom work.

The mapping table below documents the common Postfix constructs the discovery phase inventories and how each translates to PowerMTA or KumoMTA. Approximately 85 to 95 percent of constructs have direct equivalents; the remaining 5 to 15 percent require either feature changes the customer team approves or custom development that EMP scopes explicitly in the migration plan rather than discovering during execution.

Postfix construct PowerMTA equivalent KumoMTA equivalent Translation notes
main.cf parameters pmta.conf directives init.lua + kumomta.toml Direct mapping; ~250 Postfix params → 200+ PowerMTA params or Lua-driven KumoMTA config.
transport_maps Virtual MTA routing Lua routing functions vMTAs more capable than transport_maps; Lua gives full programmatic routing.
header_checks regexes Header rewriting rules Lua message hooks PowerMTA syntax differs from PCRE; KumoMTA Lua uses native regex library.
DKIM milter (opendkim) Built-in DKIM signing Built-in DKIM signing Both target MTAs ship native signing; milter dependency removed.
Custom bounce scripts Built-in classification Built-in + Lua hooks Bounce classification automated; custom scripts replaced by configuration.
FBL processing scripts Automated FBL processor Built-in FBL handler ISP FBL handling automated; legacy custom code eliminated.
Rate limiting scripts Per-ISP throttling Lua-based throttling Native per-ISP rate controls; no external orchestration needed.
Log grep + custom analytics PowerMTA logs + Postmastery Structured logs + Grafana Both target MTAs produce structured logs; aggregation via standard tools.
Custom Python/C milters Configuration or custom Lua scripts (preferred) Most likely custom work item. Inventory in discovery.
Before · Postfix main.cf fragment ~250 directives 
# main.cf · sending-only outbound MTA
myhostname = mta1.example.com
mydomain = example.com
inet_interfaces = all
smtpd_banner = $myhostname ESMTP

# Custom transport routing
transport_maps = hash:/etc/postfix/transport
smtp_destination_concurrency_limit = 20
smtp_destination_rate_delay = 1s

# Custom DKIM via milter
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters

# Custom header rewriting
header_checks = regexp:/etc/postfix/header_checks

# Bounce handling via external script
bounce_notice_recipient = bounces@example.com
# Bounce processor: external Python daemon
# Parses postmaster mailbox via IMAP
After · PowerMTA pmta.conf Native capabilities 
# pmta.conf · outbound delivery engine
host-name mta1.example.com
postmaster postmaster@example.com

# Virtual MTA for Gmail traffic
<virtual-mta gmail-pool>
  smtp-source-host 203.0.113.10 mta1.example.com
  max-smtp-out 20
</virtual-mta>

# Native DKIM signing module
<domain-key selector,example.com>
  private-key-file /etc/pmta/dkim.key
  algorithm rsa-sha256
</domain-key>

# Built-in bounce classification
<bounce-processor default>
  bounce-category-policy standard
</bounce-processor>

# Built-in FBL feedback loop
<feedback-loop gmail>
  email-source arf@example.com
</feedback-loop>

The contrast surfaces two structural patterns. First, the configuration footprint of the target MTA is smaller because capabilities that required external milters and scripts in Postfix are native to PowerMTA or KumoMTA. Second, the operational surface is consolidated: a single MTA process handles signing, throttling, bounce processing, and FBL handling that previously required coordination across opendkim, custom Python daemons, IMAP polling, and external rate limiters. The migration also recovers observability because the target MTAs produce structured logs that aggregate cleanly into Grafana, Postmastery Delivery Analytics, or similar dashboards. The runbook handoff documents the new operational discipline so the customer team has explicit procedures for selector rotation, IP warmup of new pool members, throttling adjustments per ISP feedback, and incident response.

The migration timeline · 5 phases over 6 to 24 weeks depending on tier

The parallel delivery window is the structural constraint.

The phases run sequentially with the parallel delivery period absorbing 30 to 50 percent of the total timeline because real production traffic is required to validate the new MTA behavior under real conditions. Compressing the parallel phase produces exactly the failure modes the migration is designed to avoid; expedited migration is not offered.

Standard Migration · 8 weeks · single-domain single-pool

Phase-by-phase week allocation

Discovery + plan
W1-W2
MTA install + config
W2-W4
Parallel delivery
W4-W6
Cutover
W6-W7
Monitoring + rollback
W7-W8
W1W2W3W4 W5W6W7W8 W9W10W11W12
Honest assessment · when Postfix should stay

If monthly volume is below 1 million and the program runs single-IP single-stream, Postfix is correct.

The migration produces value only when the four scale signals justify the operational complexity transition. For programs below the 1 million monthly threshold the EMP recommendation is to stay on Postfix and invest the migration budget in deliverability work that produces visible business impact: authentication cleanup, sender reputation recovery, content optimization, list hygiene discipline. The Postfix-handles-95-percent-of-cases observation from independent practitioners aligns with EMP experience; the cases where migration genuinely justifies are the ones where the four scale signals all light up. EMP runs the volume and architecture diagnosis during the Discovery + Plan tier (2,400 USD standalone) and explicitly recommends against migration when the customer profile does not justify it; approximately 20 percent of discovery engagements end with the recommendation to stay on Postfix and a refund of the unused execution-phase budget.

The five phases · sequential execution with rollback path

How the migration runs end-to-end.

The phases run with strict gating: each phase requires explicit customer sign-off before the next begins. The rollback path retains Postfix configured and operational for 30 days post-cutover (60 days for Enterprise tier), with the routing proxy capable of reverting traffic to Postfix within 5 minutes if a critical issue emerges.

Phase 01
Week 1-2

Discovery + plan

Postfix config audit, milter inventory, transport map analysis, bounce processor reverse-engineering, vendor recommendation PowerMTA vs KumoMTA.

Phase 02
Week 2-4

Install + config

Target MTA installation, configuration translation per mapping document, DKIM key migration, vMTA or Lua routing setup, custom work execution.

Phase 03
Week 4-6

Parallel delivery

Routing proxy splits traffic 10/90 then 25/75 then 50/50 ramping over 2-4 weeks. Validation against real production traffic, behavior reconciliation.

Phase 04
Week 6-7

Cutover

Routing proxy moves to 100 percent new MTA. Postfix frozen configuration retained. Rollback path armed for 30-60 days.

Phase 05
Week 7-8+

Monitor + handoff

Post-cutover monitoring 30-90 days, runbook delivery, customer team training, Postfix decommissioning after rollback window closes.

Transparent pricing · four migration tiers by scope

Discovery only or full execution.

All four tiers are fixed-fee. The Discovery + Plan tier is sold standalone for organizations that want the migration plan and vendor recommendation before committing to execution; the document delivered standalone has value even if the customer team executes the migration internally afterward. The execution tiers include the discovery work as the first phase.

Discovery + Plan

Standalone plan · no execution.

$2,400 USD fixed
  • Postfix configuration audit
  • Milter and script inventory
  • Transport map analysis
  • Bounce processor reverse-engineering
  • 25-page plan document
  • Vendor recommendation
Start discovery

Standard Migration

Single-domain single-pool.

$14,500 USD fixed
  • Discovery included
  • MTA install + config translation
  • 2-week parallel delivery
  • Cutover with 30-day rollback
  • Runbook handoff
  • 6-8 week timeline
Start Standard

Multi-IP Migration

Up to 8 IPs + stream separation.

$28,500 USD fixed
  • IP pool restructuring
  • Virtual MTA configuration
  • Per-ISP throttling rules
  • 3-week parallel delivery
  • 30-day rollback
  • 10-14 week timeline
Start Multi-IP

Enterprise Migration

Multi-tenant or multi-domain.

$58,000 USD fixed
  • Full architecture redesign
  • Per-tenant virtual MTAs
  • 4-week parallel delivery
  • 60-day rollback retention
  • 90-day monitoring
  • 16-24 week timeline
Discuss Enterprise
What the head of engineering, deliverability lead, and CFO ask

The real questions before signing the migration SOW.

"Why migrate at all if Postfix has been working?"

If Postfix has been working and the four scale signals are not lit, EMP recommends staying on Postfix. Approximately 20 percent of EMP discovery engagements end with the recommendation to stay and a refund of the unused execution-phase budget. The migration produces value only when the operational complexity of legacy Postfix exceeds the operational complexity of the target MTA, which happens when volume is above the 1 million daily ceiling, when multi-IP rotation requires external orchestration, when transactional and marketing streams require isolation, or when the team that wrote the custom scripting is no longer at the company. Below those thresholds the migration is structural over-investment; the budget produces more visible business impact when allocated to deliverability work (authentication, sender reputation, content optimization) than to MTA replacement. The honest framing reflects EMP business model: customers who pursue migration without the underlying justification end up with a more capable platform they do not need plus the operational learning curve of the new MTA, and the engagement ends with mutual frustration rather than customer success.

"How does EMP choose between PowerMTA and KumoMTA without bias?"

The selection criteria are documented and the discovery deliverable shows which variables drove the recommendation. PowerMTA wins when: budget includes 30,000 to 200,000 USD annual licensing, vendor support with enterprise SLA is required, compliance explicitly names a commercial MTA, in-house engineering team is small and prefers managed configuration. KumoMTA wins when: budget is constrained, open-source transparency is preferred for audit, in-house team has Rust or Lua scripting capability, the deployment is greenfield or significantly redesigned. The 55/45 split in EMP migrations historically reflects the real population mix; if EMP recommendations were biased toward one vendor the split would not converge to this ratio. EMP publishes the selection methodology in the discovery document section that the customer audits.

"What is the message loss risk during migration?"

Zero in EMP 2024-2026 migration history; the parallel delivery design is structured specifically to make message loss impossible. The application layer sends each message exactly once to the routing proxy; the proxy decides which MTA receives the message based on the current traffic split; the chosen MTA processes the message normally. Duplicate sends are prevented by the proxy's exactly-once delivery semantic. The message identifier reconciliation step running during parallel delivery verifies that each Message-ID logged at the source appears exactly once in the receiving provider's bounce or delivery logs; any discrepancy triggers investigation before cutover proceeds. The technical pattern is well-established (parallel running in IT system migration generally) and the email-specific variant has been used by Postmastery, Sinch Mailgun migration team, and similar specialist groups for over a decade.

"What is the cost of PowerMTA licensing year over year?"

PowerMTA licensing in 2026 ranges from 30,000 USD annually for small-volume deployments (under 5 million monthly) to 200,000+ USD for large enterprises (above 50 million monthly), with the specific quote depending on volume tier, support level, and contract length. EMP does not resell PowerMTA licenses; the customer contracts directly with the PowerMTA vendor (formerly Port25, acquired by SparkPost then by Bird) and EMP delivers the installation, configuration, and migration work separately. The economic comparison: a 10 million monthly program pays approximately 60,000-80,000 USD PowerMTA licensing annually plus the EMP migration fee of 14,500-28,500 USD one-time; the same program on KumoMTA pays zero software licensing and the EMP migration fee is comparable. Over 5 years the PowerMTA program pays approximately 300,000-400,000 USD in licensing the KumoMTA program does not pay; the calculus has to include the value of vendor support and compliance positioning that PowerMTA provides.

"Can EMP train our team rather than fully running the migration?"

Yes, the engagement structure adjusts to customer preference. The Discovery + Plan tier is the EMP-light variant where the customer team executes the migration internally using the EMP plan as the runbook; EMP delivers the document, conducts 2 readout calls, and is available for 4 hours of question-and-answer support during the customer execution. This works for organizations with capable in-house DevOps and email engineering teams that need the structured plan but not the hands-on execution. Approximately 35 percent of EMP migrations follow this pattern; the customer ends up paying 2,400 USD instead of 14,500-58,000 USD and absorbs the execution effort internally. EMP recommends the EMP-light variant explicitly when the customer team has the capability; the recommendation appears in the discovery readout when applicable. The Standard, Multi-IP, and Enterprise tiers exist for customers without the in-house capability or with bandwidth constraints that justify external execution.

"What if we discover during migration that a custom milter cannot be translated?"

The discovery phase explicitly inventories every custom component including milters and identifies translation gaps before execution begins. Approximately 5 to 15 percent of custom components have no direct equivalent in the target MTA; the gaps are documented in the discovery deliverable with the options: replicate the milter functionality via custom Lua scripts in KumoMTA (typically the lower-cost option because Lua is easier to maintain than C or Python milter code), implement the equivalent logic as application-level pre-processing before the message reaches the MTA (works for header rewriting and content transformation), accept the feature change and document the behavior difference for the customer team to approve. The custom work scope is fixed-fee in the execution tier; EMP does not discover custom work during execution and request additional budget. The 5-15 percent rate reflects the realistic distribution; some legacy environments hit 25-30 percent custom work which the Enterprise tier handles, some greenfield environments approach 0 percent.

Postfix → MTA Migration FAQ

What email engineering teams ask before signing.

When is Postfix no longer the right MTA?

Four scale signals justify migration:

  • Volume: above 5M monthly (500K+ daily peaks)
  • Multi-IP: 4+ IPs requiring per-ISP traffic shaping
  • Stream isolation: dedicated transactional vs marketing
  • Multi-tenant: platform sending on behalf of clients

One signal justifies consideration; two or more make migration the right answer.

How does EMP choose between PowerMTA and KumoMTA?

Vendor-neutral selection based on customer variables:

  • PowerMTA: $30K-$200K annual licensing, enterprise SLA, compliance positioning
  • KumoMTA: $0 licensing, Rust + Lua, open-source transparency
  • EMP split: ~55% PowerMTA, ~45% KumoMTA in 2024-2026

Selection rationale documented in discovery deliverable.

How does parallel delivery prevent duplicate sends?

Routing proxy with exactly-once delivery:

  • Application sends each message once to proxy
  • Proxy splits traffic 10/90 → 25/75 → 50/50 → 75/25 → 90/10 → 100%
  • ISP-based, domain-based, or volume-based routing rules
  • Message-ID reconciliation verifies single delivery
  • Unified bounce/FBL queue both MTAs feed

Zero message loss in EMP 2024-2026 migration history.

What happens to our custom milters and scripts?

Translation map per construct:

  • DKIM milter: built-in signing module
  • Bounce scripts: native classification
  • FBL scripts: automated FBL processor
  • Rate limiting: per-ISP throttling rules
  • Custom milters: Lua scripts (KumoMTA) or custom dev

5-15% require custom work, scoped in discovery before execution.

What is the rollback path?

Postfix retained operational 30-60 days post-cutover:

  • Routing proxy reconfigures in 5 minutes
  • Postfix config frozen at pre-cutover state
  • Rollback triggers: 5%+ delivery failure, bounce processing failure, observability gaps
  • 7% partial rollback rate in EMP 2024-2026 history
  • 0% full rollback rate
Does migration affect deliverability during cutover?

Minimized but not zero:

  • New IP pool requires 4-6 week warmup
  • Parallel routing keeps most volume on warmed Postfix IPs initially
  • 1-3% inbox placement degradation weeks 1-3
  • Returns to baseline by week 5-6
  • Domain reputation preserved (only IP reputation builds)
How long does end-to-end migration take?

Tier-specific timelines:

  • Standard: 6-8 weeks (single-domain single-pool)
  • Multi-IP: 10-14 weeks (up to 8 IPs, stream separation)
  • Enterprise: 16-24 weeks (multi-tenant, multi-domain)
  • Parallel delivery: 2-4 weeks (structural minimum)

Expedited not offered: parallel phase requires real traffic validation.

Can we migrate just a subset and keep Postfix?

Yes, hybrid environments common:

  • Migrate to MTA: marketing, transactional bulk, multi-IP streams
  • Stay on Postfix: internal relay, app notifications, low-volume non-marketing
  • ~25-30% of EMP migrations are hybrid
  • Discovery identifies which streams justify migration

Start with discovery. Migration plan in 2 weeks.

The scheduling call gathers four data points required to size the engagement: current Postfix volume per month with daily peak estimate, number of IPs in pool and whether multi-pool or single-pool, custom component inventory (milters, bounce processors, FBL scripts), in-house team capability for handling the migration internally vs requiring full EMP execution. With those four points EMP issues a fixed-fee quote within 48 hours. The Discovery + Plan tier is available standalone for organizations that want the migration plan and vendor recommendation before committing to execution; the document delivered standalone has value even if the customer team executes internally afterward.

Start discovery Greenfield install instead
Bilateral NDA in 48h · Mon-Fri 9-18 GMT-5 · Atrium Tower Floor 15