Self-Host with KumoMTA and KumoProxy

Use this workflow when you want PING8 to send through your own KumoMTA/KumoProxy path.

Before you start

Prepare:

• PING8 app URL, such as https://app.yourdomain.com.
• KumoMTA host, such as mta.yourdomain.com.
• Optional KumoProxy host, such as proxy.yourdomain.com.
• TLS certificates for public HTTPS endpoints.
• A bearer token or other injection auth secret.
• A webhook secret for lifecycle events.
• DNS access for sender domains.

High-level sequence

1. Prepare the KumoMTA host.
2. Prepare KumoProxy if your outbound path uses a proxy host.
3. Configure DNS and TLS for the injection endpoint.
4. Keep PING8 KumoMTA sending disabled.
5. Enter KumoMTA connection details in Settings > KumoMTA.
6. Save and test connection.
7. Confirm metrics are visible.
8. Confirm webhook events can reach PING8.
9. Enable Send API for one test send.
10. Enable campaign sending only after lifecycle telemetry works.

Safe rollout

Use this order:

1. Dry run configuration.
2. One owned recipient.
3. Tiny internal group.
4. Low daily volume.
5. Gradual increase after delivery and bounce rates are stable.

What success looks like

• Injection endpoint test passes.
• Metrics URL is reachable by PING8.
• Runtime screen shows queue health.
• Webhook health is recent.
• Test messages produce delivered, deferred, bounced, or suppressed events.

Common mistakes

• Enabling campaign sending before event callbacks work.
• Using a real campaign as the first KumoMTA test.
• Leaving TLS verification disabled permanently.
• Clearing queues without understanding whether messages will be lost.

Next pages

• KumoMTA and KumoProxy
• Connect PING8 to KumoMTA
• Runtime Screen