{"id":13412687,"url":"https://github.com/foxcpp/maddy","last_synced_at":"2026-04-02T14:22:27.505Z","repository":{"id":37617527,"uuid":"73098043","full_name":"foxcpp/maddy","owner":"foxcpp","description":"✉️ Composable all-in-one mail server.","archived":false,"fork":false,"pushed_at":"2026-01-10T21:49:29.000Z","size":3392,"stargazers_count":5789,"open_issues_count":136,"forks_count":306,"subscribers_count":59,"default_branch":"master","last_synced_at":"2026-01-12T15:33:04.354Z","etag":null,"topics":["dkim","dmarc","email","imap","mail","smtp","spf"],"latest_commit_sha":null,"homepage":"https://maddy.email","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foxcpp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"COPYING","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-11-07T16:26:13.000Z","updated_at":"2026-01-12T03:37:34.000Z","dependencies_parsed_at":"2023-10-13T04:50:50.099Z","dependency_job_id":"f88d0e8a-3f9d-43e2-99a4-113067663b55","html_url":"https://github.com/foxcpp/maddy","commit_stats":{"total_commits":1477,"total_committers":64,"mean_commits":23.078125,"dds":"0.11035883547731884","last_synced_commit":"1d6cd8c35f4c4a1279084ae974ecfcf73a426743"},"previous_names":["emersion/maddy"],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/foxcpp/maddy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fmaddy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fmaddy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fmaddy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fmaddy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foxcpp","download_url":"https://codeload.github.com/foxcpp/maddy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fmaddy/sbom","scorecard":{"id":408114,"data":{"date":"2025-08-11","repo":{"name":"github.com/foxcpp/maddy","commit":"fa47d40f6d510a431d2bbc238c7d36a58774ae2f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Code-Review","score":1,"reason":"Found 4/25 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'packages' permission set to 'write': .github/workflows/release.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:11","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/test.yml:12","Warn: topLevel 'checks' permission set to 'write': .github/workflows/test.yml:13","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:101"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/foxcpp/maddy/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:19: pin your Docker image by updating alpine:3.21.2 to alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: maddy-0.8.1-src.tar.zst.sig: https://github.com/foxcpp/maddy/releases/tag/v0.8.1","Info: signed release artifact: foxcpp-maddy-attestation-4617983.sigstore.json: https://github.com/foxcpp/maddy/releases/tag/v0.8.0","Info: signed release artifact: maddy-0.7.1-src.tar.zst.sig: https://github.com/foxcpp/maddy/releases/tag/v0.7.1","Info: signed release artifact: maddy-0.7.0-x86_64-linux-musl.tar.zst.sig: https://github.com/foxcpp/maddy/releases/tag/v0.7.0","Info: signed release artifact: maddy-0.6.3-src.tar.zst.sig: https://github.com/foxcpp/maddy/releases/tag/v0.6.3","Warn: release artifact v0.8.1 does not have provenance: https://api.github.com/repos/foxcpp/maddy/releases/196770873","Warn: release artifact v0.8.0 does not have provenance: https://api.github.com/repos/foxcpp/maddy/releases/196765669","Warn: release artifact v0.7.1 does not have provenance: https://api.github.com/repos/foxcpp/maddy/releases/138237574","Warn: release artifact v0.7.0 does not have provenance: https://api.github.com/repos/foxcpp/maddy/releases/105279917","Warn: release artifact v0.6.3 does not have provenance: https://api.github.com/repos/foxcpp/maddy/releases/95462574"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'master'","Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T21:55:10.990Z","repository_id":37617527,"created_at":"2025-08-18T21:55:10.991Z","updated_at":"2025-08-18T21:55:10.991Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dkim","dmarc","email","imap","mail","smtp","spf"],"created_at":"2024-07-30T20:01:27.847Z","updated_at":"2026-01-16T11:58:00.846Z","avatar_url":"https://github.com/foxcpp.png","language":"Go","readme":"Maddy Mail Server\n=====================\n\u003e Composable all-in-one mail server.\n\nMaddy Mail Server implements all functionality required to run a e-mail\nserver. It can send messages via SMTP (works as MTA), accept messages via SMTP\n(works as MX) and store messages while providing access to them via IMAP.\nIn addition to that it implements auxiliary protocols that are mandatory\nto keep email reasonably secure (DKIM, SPF, DMARC, DANE, MTA-STS).\n\nIt replaces Postfix, Dovecot, OpenDKIM, OpenSPF, OpenDMARC and more with one\ndaemon with uniform configuration and minimal maintenance cost.\n\n**Note:** IMAP storage is \"beta\". If you are looking for stable and\nfeature-packed implementation you may want to use Dovecot instead. maddy still\ncan handle message delivery business.\n\n[![CI status](https://img.shields.io/github/actions/workflow/status/foxcpp/maddy/cicd.yml?style=flat-square)](https://github.com/foxcpp/maddy/actions/workflows/cicd.yml)\n[![Issues tracker](https://img.shields.io/github/issues/foxcpp/maddy?style=flat-square)](https://github.com/foxcpp/maddy)\n\n* [Setup tutorial](https://maddy.email/tutorials/setting-up/)\n* [Documentation](https://maddy.email/)\n\n* [IRC channel](https://webchat.oftc.net/?channels=maddy\u0026uio=MT11bmRlZmluZWQb1)\n* [Mailing list](https://lists.sr.ht/~foxcpp/maddy)\n","funding_links":[],"categories":["HarmonyOS","开源类库","Go","Email","others","Software","Open source library","Sending","网络服务","电子邮件","Applications"],"sub_categories":["Windows Manager","邮件","Search and Analytic Databases","Communication - Email - Complete Solutions","Post Office","SMTP Server","网络服务_其他","检索及分析资料库","Communication"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoxcpp%2Fmaddy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoxcpp%2Fmaddy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoxcpp%2Fmaddy/lists"}