{"id":13600295,"url":"https://github.com/muety/mailwhale","last_synced_at":"2026-01-14T18:53:29.969Z","repository":{"id":37872435,"uuid":"338827863","full_name":"muety/mailwhale","owner":"muety","description":"🐳 A bring-your-own-SMTP-server mail relay with REST API and web UI","archived":true,"fork":false,"pushed_at":"2023-12-23T08:10:38.000Z","size":381,"stargazers_count":358,"open_issues_count":12,"forks_count":32,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-10T21:38:27.593Z","etag":null,"topics":["email","mail-relay","smtp"],"latest_commit_sha":null,"homepage":"https://mailwhale.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muety.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-02-14T14:48:48.000Z","updated_at":"2025-03-24T16:34:57.000Z","dependencies_parsed_at":"2024-01-14T04:44:09.194Z","dependency_job_id":"bdc0d918-26fe-4ed8-b4d5-8e471a34106a","html_url":"https://github.com/muety/mailwhale","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/muety/mailwhale","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muety%2Fmailwhale","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muety%2Fmailwhale/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muety%2Fmailwhale/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muety%2Fmailwhale/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muety","download_url":"https://codeload.github.com/muety/mailwhale/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muety%2Fmailwhale/sbom","scorecard":{"id":667316,"data":{"date":"2025-08-11","repo":{"name":"github.com/muety/mailwhale","commit":"db09f8a7e9a1511a4210e7279f7bfe5139e9103f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/build.yaml:9","Warn: topLevel 'packages' permission set to 'write': .github/workflows/build.yaml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 2/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.13.6 not signed: https://api.github.com/repos/muety/mailwhale/releases/123553617","Warn: release artifact 0.13.5 not signed: https://api.github.com/repos/muety/mailwhale/releases/120347778","Warn: release artifact 0.13.4 not signed: https://api.github.com/repos/muety/mailwhale/releases/111523967","Warn: release artifact 0.13.3 not signed: https://api.github.com/repos/muety/mailwhale/releases/93705571","Warn: release artifact 0.13.2 not signed: https://api.github.com/repos/muety/mailwhale/releases/90024064","Warn: release artifact 0.13.6 does not have provenance: https://api.github.com/repos/muety/mailwhale/releases/123553617","Warn: release artifact 0.13.5 does not have provenance: https://api.github.com/repos/muety/mailwhale/releases/120347778","Warn: release artifact 0.13.4 does not have provenance: https://api.github.com/repos/muety/mailwhale/releases/111523967","Warn: release artifact 0.13.3 does not have provenance: https://api.github.com/repos/muety/mailwhale/releases/93705571","Warn: release artifact 0.13.2 does not have provenance: https://api.github.com/repos/muety/mailwhale/releases/90024064"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/muety/mailwhale/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/muety/mailwhale/build.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/muety/mailwhale/build.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/muety/mailwhale/build.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:3","Warn: containerImage not pinned by hash: Dockerfile:14","Warn: containerImage not pinned by hash: Dockerfile:26: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile-goreleaser:3","Warn: containerImage not pinned by hash: Dockerfile-goreleaser:7","Warn: containerImage not pinned by hash: Dockerfile-goreleaser:19: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"22 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2883 / GHSA-mh55-gqvf-xfwm","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GHSA-v2v2-hph8-q5xp","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T18:31:55.104Z","repository_id":37872435,"created_at":"2025-08-21T18:31:55.104Z","updated_at":"2025-08-21T18:31:55.104Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28430961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["email","mail-relay","smtp"],"created_at":"2024-08-01T18:00:35.220Z","updated_at":"2026-01-14T18:53:29.954Z","avatar_url":"https://github.com/muety.png","language":"Go","funding_links":[],"categories":["Go","Sending","others"],"sub_categories":["SMTP Server"],"readme":"**Please note: as of Dec 2023, MailWhale is depcreated and not being actively maintained anymore. Please check out some of the alternatives mentioned below.**\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"assets/logo.svg\" width=\"275px\"\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eMailWhale\u003c/h1\u003e\n\u003ch3 align=\"center\"\u003eA \u003ci\u003ebring-your-own-SMTP-server\u003c/i\u003e mail relay\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://badges.fw-web.space/github/license/muety/mailwhale\"\u003e\n\u003ca href=\"mailto:ferdinand@muetsch.io?subject=Thanks for creating MailWhale\" target=\"_blank\"\u003e\u003cimg src=\"https://badges.fw-web.space/badge/say%20thanks-%F0%9F%99%8F-%23159CE4\"\u003e\u003c/a\u003e\n\u003ca href=\"https://wakapi.dev\" target=\"_blank\"\u003e\u003cimg src=\"https://badges.fw-web.space/endpoint?url=https://wakapi.dev/api/compat/shields/v1/n1try/interval:any/project:mailwhale\u0026color=blue\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## 📄 Description\n\nAs a developer, chances are high that at some point you need to teach your application how to send mails.\nEssentially, there are two options. Either you use a **professional mail sending service** or\nyou **include an SMTP client library** to your software and **plug your own mail server**.\n\nThink of MailWhale like [Mailgun](https://mailgun.com), [SendGrid](https://sendgrid.com) or [SMTPeter](https://smtpeter.com), but open source and self-hosted. Or like [Postal](https://github.com/postalhq/postal) or [Cuttlefish](https://cuttlefish.io/), but less bloated and without running its own, internal SMTP server.\n\nHowever, if you want the best of both worlds – that is, send mails via simple HTTP calls and with no extra complexity,\nbut still use your own infrastructure – you may want to go with ✉️🐳.\n\nYou get a simple **REST API**, which you can call to send out e-mail. You can plug your self-hosted SMTP server, as well as Google Mail or **literally any other e-mail provider**.\n\nStay tuned, there is a lot more to come.\n\n![](assets/screenshot01.png)\n\n## 🚧 Project State\n\nThe project is in a very early stage and breaking changes are likely to happen. We'd recommend to not yet use this in production or at least expect non-trivial effort required to upgrade to a new version.\n\nFor a more stable and robust alternative to MailWhale, check out [postalsys/emailengine](https://github.com/postalsys/emailengine).\n\n## 📦 Installation\n\n### Compile from source\n\n```bash\n# 1. Clone repo\n$ git clone https://github.com/muety/mailwhale.git\n\n# 2. Adapt config to your needs, i.e. set your SMTP server and credentials, etc.\n$ cp config.default.yml config.yml\n$ vi config.yml\n\n# 3. Compile Web UI\n$ cd webui/\n$ yarn \u0026\u0026 yarn build\n$ cd ..\n# 4. Compile API\n$ go build\n\n# 5. Run it\n$ ./mailwhale\n```\n\n### From GitHub Release\n\n```bash\n# 1. Download latest release\ncurl -s https://api.github.com/repos/muety/mailwhale/releases/latest | jq -r \".assets[] | select(.name|match(\\\"Linux_$(arch).tar.gz\\\")) | .browser_download_url\" | wget -qi -\n\n# 2. Extract\nmkdir mailwhale\ntar xf mailwhale_*.tar.gz -C mailwhale\ncd mailwhale\n\n# 3.[Optional] Adapt config to your needs, i.e. set your SMTP server and credentials, etc.\n# vi config.yml\n\n# 4. Run it\n./mailwhale\n```\n\n### With Docker Image\n\n```bash\n$ docker run -d \\\n  -p 127.0.0.1:3000:3000 \\\n  -v \"$(pwd)/config.yml\":/app/config.yml:ro \\\n  -v mailwhale_data:/data \\\n  --name mailwhale \\\n  ghcr.io/muety/mailwhale\n```\n\n### Build custom Docker Image\n\n```bash\n# 1. Clone repo\n$ git clone https://github.com/muety/mailwhale.git\n\n# 2. Adapt config to your needs, i.e. set your SMTP server and credentials, etc.\n$ cp config.default.yml config.yml\n$ vi config.yml\n\n# 3. Build image\n$ docker build -t mailwhale .\n\n# 4. Create persistent volume\n$ docker volume create mailwhale_data\n\n# 5. Run\n$ docker run -d \\\n  -p 127.0.0.1:3000:3000 \\\n  -v \"$(pwd)/config.yml\":/app/config.yml:ro \\\n  -v mailwhale_data:/data \\\n  --name mailwhale \\\n  mailwhale\n```\n\n**Note:** An official Docker image is about to come. Also, there will be no need to mount your config file into the container, as everything will be configurable using environment variables eventually.\n\n### Reverse Proxy\nTo run this app behind a reverse proxy, see [here](https://github.com/muety/wakapi/wiki/Reverse-Proxy) for example configurations for different web servers (works analogously for MailWhale). In addition, `MW_WEB_PUBLIC_URL` (or `web.public_url`, respectively) must be configured accordingly (set to the absolute URL of your MailWhale instance). Also see [#43](https://github.com/muety/mailwhale/issues/43).\n\n## ⌨️ Usage\n\nFirst of all, you can get most tasks done through the web UI, available at \u003chttp://localhost:3000\u003e.\n\n### 1. Define a user\n\nTo get started with MailWhale, you need to create a **user** first. To do so, register a new user API or web UI. `security.allow_signup` needs to be set to `true`.\n\n### 2. Create an API client\n\nIt is good practice to not authenticate against the API as a user directly. Instead, create an **API client** with limited privileges, that could easily be revoked in the future. A client is identified by a **client ID** and a **client secret** (or token), very similar to what you might already be familiar with from AWS APIs. Usually, such a client corresponds to an individual client application of yours, which wants to access MailWhale's API.\n\n#### Request\n\n```bash\n$ curl -XPOST \\\n     -u 'admin@local.host:admin' \\\n     -H 'Content-Type: application/json' \\\n     --data-raw '{\n         \"description\": \"My juicy web app\",\n         \"sender\": \"Epic Juice Store \u003cnoreply@epicjuicestore.org\u003e\",\n         \"permissions\": [\"send_mail\"]\n     }' \\\n     'http://localhost:3000/api/client'\n```\n\n#### Response\n\n```json\n{\n    \"id\": \"SVNORFBUWGhxWGZSUUl0eA==\",\n    \"description\": \"My juicy web app\",\n    \"permissions\": [\n        \"send_mail\"\n    ],\n    \"sender\": \"Epic Juice Store \u003cnoreply@epicjuicestore.org\u003e\",\n    \"api_key\": \"75c74447-c4af-453b-ad06-3a8ae969ed16\"\n}\n```\n\nThe response contains your new client's ID (`id`) and secret (`api_key`). Remember these credentials, as they are needed for subsequent requests from your application.\n\nClient authentication happens through HTTP [basic auth](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#basic_authentication_scheme). Most HTTP clients support basic auth out of the box (including cURL with its `-u` parameter). If your's doesn't, you can hash create the hash like so:\n\n```bash\n$ echo \"Authorization: Basic $(echo '\u003cclient_id\u003e:\u003cclient_secret\u003e' | base64)\"\n\n# Result:\n# Authorization: Basic U1ZOT1JGQlVXR2h4V0daU1VVbDBlQT09Ojc1Yzc0NDQ3LWM0YWYtNDUzYi1hZDA2LTNhOGFlOTY5ZWQxNg==\n```\n\n### 3. Send E-Mails\n\n#### Plain text or HTML\n\n```bash\n$ curl -XPOST \\\n  -u '\u003cclient_id\u003e:\u003cclient_secret\u003e' \\\n  -H 'content-type: application/json' \\\n  --data '{\n      \"to\": [\"Jane Doe \u003cjane@doe.com\u003e\"],\n      \"subject\": \"Dinner tonight?\",\n      \"html\": \"\u003ch1\u003eHey you!\u003c/h1\u003e\u003cp\u003eWanna have dinner tonight?\u003c/p\u003e\"\n  }' \\\n  'http://localhost:3000/api/mail'\n```\n\nYou can also a `text` field instead, to send a plain text message.\n\n#### Using a template\n\nIn case you have created a template using the web UI, you can reference it in a new mail like so:\n\n```bash\n$ curl -XPOST \\\n  -u '\u003cclient_id\u003e:\u003cclient_secret\u003e' \\\n  -H 'content-type: application/json' \\\n  --data '{\n      \"to\": [\"Jane Doe \u003cjane@doe.com\u003e\"],\n      \"subject\": \"Dinner tonight?\",\n      \"template_id\": \"8033ea08-2630-408b-82f9-d38b403243d0\",\n      \"template_vars: {\n        \"text.greeting\": \"Hello new user!\",\n    }\n  }' \\\n  'http://localhost:3000/api/mail'\n```\n\n## 🔧 Configuration Options\n\nYou can specify configuration options either via a config file (`config.yml`) or via environment variables. Here is an overview of all options.\n\n| YAML Key                  | Environment Variable         | Default                   | Description                                                                        |\n|---------------------------|------------------------------|---------------------------|------------------------------------------------------------------------------------|\n| `env`                     | `MW_ENV`                     | `dev`                     | Whether to use development- or production settings                                 |\n| `mail.domain`             | `MW_MAIL_DOMAIN`             | -                         | Default domain for sending mails                                                   |\n| `web.listen_addr`         | `MW_WEB_LISTEN_ADDR`         | `127.0.0.1:3000`          | IP and port for the web server to listen on (can be IPv4 or IPv6)                  |\n| `web.cors_origin`         | -                            | [`http://localhost:5000`] | List of URLs which to accept CORS requests for                                     |\n| `web.public_url`          | `MW_PUBLIC_URL`              | `http://localhost:3000`   | The URL under which your MailWhale server is available from the public internet    |\n| `smtp.host`               | `MW_SMTP_HOST`               | -                         | SMTP relay host name or IP                                                         |\n| `smtp.port`               | `MW_SMTP_PORT`               | -                         | SMTP relay port                                                                    |\n| `smtp.username`           | `MW_SMTP_USER`               | -                         | SMTP relay authentication user name (leave blank to disable authentication)        |\n| `smtp.password`           | `MW_SMTP_PASS`               | -                         | SMTP relay authentication password                                                 |\n| `smtp.tls`                | `MW_SMTP_TLS`                | `false`                   | Whether to require full TLS (not to be confused with STARTTLS) for the SMTP relay  |\n| `smtp.skip_verify_tls`    | `MW_SMTP_SKIP_VERIFY_TLS`    | `false`                   | Whether to skip certificate verification (e.g. trust self-signed certs)            |\n| `store.path`              | `MW_STORE_PATH`              | `./data.json.db`          | Target location of the database file                                               |\n| `security.pepper`         | `MW_SECURITY_PEPPER`         | -                         | Pepper to use for hashing user passwords                                           |\n| `security.allow_signup`   | `MW_SECURITY_ALLOW_SIGNUP`   | `true`                    | Whether to allow the registration of new users                                     |\n| `security.verify_users`   | `MW_SECURITY_VERIFY_USERS`   | `true`                    | Whether to require new users to activate their account using a confirmation mail   |\n| `security.verify_senders` | `MW_SECURITY_VERIFY_SENDERS` | `true`                    | Whether to validate sender addresses and their domains' SPF records                |\n| `security.block_list`     | `MW_SECURITY_BLOCK_LIST`     | `[]`                      | List of [regexes](https://regex101.com/) used to block certain recipient addresses |\n\n### Sender verification \u0026 SPF Check\n\nBy default, mails are sent using a randomly generated address in the `From` header, which belongs to the domain configured via `mail.domain` (i.e. `user+abcdefgh@wakapi.dev`). Optionally, custom sender addresses can be configured on a per-API-client basis. However, it is recommended to properly configure [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) on that custom domain and instruct MailWhale to verify that configuration.\n\n**As a user**, you need to configure your domain, which you want to use as part of your senders address (e.g. `example.org` for sending mails from `User Server \u003cnoreply@example.org\u003e`), to publish an SPF record that delegates to the domain under which MailWhale is running (e.g. mailwhale.dev).\n\n```\nexample.org.  IN  TXT v=spf1 include:mailwhale.dev\n```\n\n**As a server operator** of a MailWhale instance, you need to enable `mail.verify_senders` and set your `mail.domain` and `web.public_url`. For that domain, you need to configure an SPF record that allows your SMTP relay provider's (e.g. Mailbox.org, GMail, SendGrid, etc.) mail servers to be senders. Refer to your provider's documentation, e.g. [this](https://kb.mailbox.org/display/MBOKBEN/How+to+integrate+external+e-mail+accounts).\n\n## 🚀 Features (planned)\n\nRight now, this app is very basic. However, there are several cool features on our roadmap.\n\n* **Bounce handling:** Ultimately, we want to offer the ability to plug an IMAP server in addition, to get notified about\n  bounced / undelivered mails.\n* **Statistics:** There will be basic statistics about when which client has sent how many mails, how many were\n  successful or were bounced, etc.\n* **Client libraries:** To make the developer experience even smoother, client SDKs for different programming languages will we added some time.\n* **Minor enhancements:** IPv6- and TLS support, API documentation, ...\n\n## 📓 License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuety%2Fmailwhale","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuety%2Fmailwhale","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuety%2Fmailwhale/lists"}