KumoMTA Troubleshooting
Use this page when KumoMTA sends fail, queue, or do not update PING8 analytics.
Connection test fails
Check:
- Base URL and injection path.
- TLS certificate covers the host.
- Auth secret matches the reverse proxy.
- Firewall allows PING8 to reach KumoMTA.
- KumoMTA service is running.
Test send fails before injection
If PING8 shows a validation or guard error before KumoMTA logs the message, troubleshoot PING8 configuration first:
- Sender domain is verified.
- Tenant delivery status is active.
- Sending profile is ready.
- Quotas allow the send.
- Recipient is valid and not suppressed.
KumoMTA accepts but PING8 does not update
Check webhook event flow:
- Webhook endpoint reachable.
- Webhook secret matches.
- Event body shape is accepted.
- No security failures in runtime metrics.
- No blocked outbound route from KumoMTA to PING8.
Gmail defers or bounces
Check:
- SPF authorizes the actual source IP.
- DKIM signs with the sender domain.
- DMARC alignment is valid.
- PTR/rDNS matches the outbound host.
- Sending volume is warmed gradually.
- Complaint rate is low.
Queue age rises
Pause new sends, inspect provider responses, and lower volume until the cause is clear.
Runbook order
Use this order to avoid chasing the wrong layer:
- PING8 guard: sender, domain, suppression, quota, and template are valid.
- Injection: KumoMTA receives the message from PING8.
- Queue: the message enters the expected queue and pool.
- Delivery: recipient provider accepts, defers, or rejects.
- Webhook: lifecycle event returns to PING8.
- Analytics: task/API logs show the result.
If a step has no evidence, troubleshoot that step before changing downstream settings.
What not to do first
- Do not clear queues unless you understand which messages will be lost.
- Do not retry a full campaign when one-recipient injection is failing.
- Do not switch engines to hide a domain-authentication problem.
- Do not increase volume while provider deferrals are rising.