MCPcopy Index your code
hub / github.com/mjl-/mox

github.com/mjl-/mox @v0.0.15 sqlite

repository ↗ · DeepWiki ↗ · release v0.0.15 ↗
5,320 symbols 23,347 edges 400 files 1,708 documented · 32%
README

Mox is a modern full-featured open source secure mail server for low-maintenance self-hosted email.

For more details, see the mox website, https://www.xmox.nl.

See Quickstart below to get started.

Features

  • Quick and easy to start/maintain mail server, for your own domain(s).
  • SMTP (with extensions) for receiving, submitting and delivering email.
  • IMAP4 (with extensions) for giving email clients access to email.
  • Webmail for reading/sending email from the browser.
  • SPF/DKIM/DMARC for authenticating messages/delivery, also DMARC aggregate reports.
  • Reputation tracking, learning (per user) host-, domain- and sender address-based reputation from (Non-)Junk email classification.
  • Bayesian spam filtering that learns (per user) from (Non-)Junk email.
  • Slowing down senders with no/low reputation or questionable email content (similar to greylisting). Rejected emails are stored in a mailbox called Rejects for a short period, helping with misclassified legitimate synchronous signup/login/transactional emails.
  • Internationalized email (EIA), with unicode in email address usernames ("localparts"), and in domain names (IDNA).
  • Automatic TLS with ACME, for use with Let's Encrypt and other CA's.
  • DANE and MTA-STS for inbound and outbound delivery over SMTP with STARTTLS, including REQUIRETLS and with incoming/outgoing TLSRPT reporting.
  • Web admin interface that helps you set up your domains, accounts and list aliases (instructions to create DNS records, configure SPF/DKIM/DMARC/TLSRPT/MTA-STS), for status information, and modifying the configuration file.
  • Account autodiscovery (with SRV records, Microsoft-style, Thunderbird-style, and Apple device management profiles) for easy account setup (though client support is limited).
  • Webserver with serving static files and forwarding requests (reverse proxy), so port 443 can also be used to serve websites.
  • Simple HTTP/JSON API for sending transaction email and receiving delivery events and incoming messages (webapi and webhooks).
  • Prometheus metrics and structured logging for operational insight.
  • "mox localserve" subcommand for running mox locally for email-related testing/developing, including pedantic mode.
  • Most non-server Go packages mox consists of are written to be reusable.

Mox is available under the MIT-license and was created by Mechiel Lukkien, mechiel@ueber.net. Mox includes BSD-3-claused code from the Go Authors, and the Public Suffix List by Mozilla under Mozilla Public License, v2.0.

Mox has automated tests, including for interoperability with Postfix for SMTP. Mox is manually tested with email clients: Mozilla Thunderbird, mutt, iOS Mail, macOS Mail, Android Mail, Microsoft Outlook. Mox is also manually tested to interoperate with popular cloud providers: gmail.com, outlook.com, yahoo.com, proton.me.

The code is heavily cross-referenced with the RFCs for readability/maintainability.

Quickstart

The easiest way to get started with serving email for your domain is to get a (virtual) machine dedicated to serving email, name it [host].[domain] (e.g. mail.example.com). Having a DNSSEC-verifying resolver installed, such as unbound, is highly recommended. Run as root:

# Create mox user and homedir (or pick another name or homedir):
useradd -m -d /home/mox mox

cd /home/mox
... compile or download mox to this directory, see below ...

# Generate config files for your address/domain:
./mox quickstart you@example.com

The quickstart:

  • Creates configuration files mox.conf and domains.conf.
  • Adds the domain and an account for the email address to domains.conf
  • Generates an admin and account password.
  • Prints the DNS records you need to add, for the machine and domain.
  • Prints commands to start mox, and optionally install mox as a service.

A machine that doesn't already run a webserver is highly recommended because modern email requires HTTPS, and mox currently needs to run a webserver for automatic TLS with ACME. You could combine mox with an existing webserver, but it requires a lot more configuration. If you want to serve websites on the same machine, consider using the webserver built into mox. It's pretty good! If you want to run an existing webserver on port 443/80, see mox help quickstart.

After starting, you can access the admin web interface on internal IPs.

Download

Download a mox binary from https://beta.gobuilds.org/github.com/mjl-/mox@latest/linux-amd64-latest/.

Symlink or rename it to "mox".

The URL above always resolves to the latest release for linux/amd64 built with the latest Go toolchain. See the links at the bottom of that page for binaries for other platforms.

Compiling

You can easily (cross) compile mox yourself. You need a recent Go toolchain installed. Run go version, it must be >= 1.23. Download the latest version from https://go.dev/dl/ or see https://go.dev/doc/manage-install.

To download the source code of the latest release, and compile it to binary "mox":

GOBIN=$PWD CGO_ENABLED=0 go install github.com/mjl-/mox@latest

Mox only compiles for and fully works on unix systems. Mox also compiles for Windows, but "mox serve" does not yet work, though "mox localserve" (for a local test instance) and most other subcommands do. Mox does not compile for Plan 9.

Docker

Although not recommended, you can also run mox with docker image r.xmox.nl/mox, with tags like v0.0.1 and v0.0.1-go1.20.1-alpine3.17.2, see https://r.xmox.nl/r/mox/. See https://github.com/mjl-/mox/blob/main/docker-compose.yml to get started.

New docker images aren't (automatically) generated for new Go runtime/compile releases.

It is important to run with docker host networking, so mox can use the public IPs and has correct remote IP information for incoming connections (important for junk filtering and rate-limiting).

Development

See develop.txt for instructions/tips for developing on mox.

Sponsors

Thanks to NLnet foundation, the European Commission's NGI programme, and the Netherlands Ministry of the Interior and Kingdom Relations for financial support:

  • 2024/2025, NLnet NGI0 Zero Core, https://nlnet.nl/project/Mox-Automation/
  • 2024, NLnet e-Commons Fund, https://nlnet.nl/project/Mox-API/
  • 2023/2024, NLnet NGI0 Entrust, https://nlnet.nl/project/Mox/

Roadmap

  • "mox setup" command, using admin web interface for interactive setup
  • Automate DNS management, for setup and maintenance, such as DANE/DKIM key rotation
  • Config options for "transactional email domains", for which mox will only send messages
  • Encrypted storage of files (email messages, TLS keys), also with per account keys
  • Recognize common deliverability issues and help postmasters solve them
  • JMAP, IMAP OBJECTID extension, IMAP JMAPACCESS extension
  • Calendaring with CalDAV/iCal
  • Introbox, to which first-time senders are delivered
  • Add special IMAP mailbox ("Queue?") that contains queued but undelivered messages, updated with IMAP flags/keywords/tags and message headers.
  • External addresses in aliases/lists.
  • Autoresponder (out of office/vacation)
  • Mailing list manager
  • IMAP extensions for "online"/non-syncing/webmail clients (SORT (including DISPLAYFROM, DISPLAYTO), THREAD, PARTIAL, CONTEXT=SEARCH CONTEXT=SORT ESORT, FILTERS)
  • IMAP ACL support, for account sharing (interacts with many extensions and code)
  • Improve support for mobile clients with extensions: IMAP URLAUTH, SMTP CHUNKING and BINARYMIME, IMAP CATENATE
  • Privilege separation, isolating parts of the application to more restricted sandbox (e.g. new unauthenticated connections)
  • Using mox as backup MX
  • Sieve for filtering (for now see Rulesets in the account config)
  • ARC, with forwarded email from trusted source
  • Milter support, for integration with external tools
  • SMTP DSN extension
  • IMAP Sieve extension, to run Sieve scripts after message changes (not only new deliveries)
  • OAUTH2 support, for single sign on
  • Forwarding (to an external address)

There are many smaller improvements to make as well, search for "todo" in the code.

Not supported/planned

There is currently no plan to implement the following. Though this may change in the future.

  • Functioning as an SMTP relay without authentication
  • POP3
  • Delivery to (unix) OS system users (mbox/Maildir)
  • Support for pluggable delivery mechanisms

FAQ - Frequently Asked Questions

Why a new mail server implementation?

Mox aims to make "running a mail server" easy and nearly effortless. Excellent quality (open source) mail server software exists, but getting a working setup typically requires you configure half a dozen services (SMTP, IMAP, SPF/DKIM/DMARC, spam filtering), which are often written in C (where small bugs often have large consequences). That seems to lead to people no longer running their own mail servers, instead switching to one of the few centralized email providers. Email with SMTP is a long-time decentralized messaging protocol. To keep it decentralized, people need to run their own mail server. Mox aims to make that easy.

Where is the documentation?

To keep mox as a project maintainable, documentation is integrated into, and generated from the code.

A list of mox commands, and their help output, are at https://www.xmox.nl/commands/.

Mox is configured through configuration files, and each field comes with documentation. See https://www.xmox.nl/config/ for config files containing all fields and their documentation.

You can get the same information by running "mox" without arguments to list its subcommands and usage, and "mox help [subcommand]" for more details.

The example config files are printed by "mox config describe-static" and "mox config describe-dynamic".

If you're missing some documentation, please create an issue describing what is unclear or confusing, and we'll try to improve the documentation.

Is Mox affected by SMTP smuggling?

Mox itself is not affected: it only treats "\r\n.\r\n" as SMTP end-of-message. But read on for caveats.

SMTP smuggling exploits differences in handling by SMTP servers of: carriage returns (CR, or "\r"), newlines (line feeds, LF, "\n") in the context of "dot stuffing". SMTP is a text-based protocol. An SMTP transaction to send a message is finalized with a "\r\n.\r\n" sequence. This sequence could occur in the message being transferred, so any verbatim "." at the start of a line in a message is "escaped" with another dot ("dot stuffing"), to not trigger the SMTP end-of-message. SMTP smuggling takes advantage of bugs in some mail servers that interpret other sequences than "\r\n.\r\n" as SMTP end-of-message. For example "\n.\n" or even "\r.\r", and perhaps even other magic character combinations.

Before v0.0.9, mox accepted SMTP transactions with bare carriage returns (without newline) for compatibility with real-world email messages, considering them meaningless and therefore innocuous.

Since v0.0.9, SMTP transactions with bare carriage returns are rejected. Sending messages with bare carriage returns to buggy mail servers can cause those mail servers to materialize non-existent messages. Now that mox rejects messages with bare carriage returns, sending a message through mox can no longer be used to trigger those bugs.

Mox can still handle bare carriage returns in email messages, e.g. those imported from mbox files or Maildirs, or from messages added over IMAP. Mox still fixes up messages with bare newlines by adding the missing carriage returns.

Before v0.0.9, an SMTP transaction for a message containing "\n.\n" would result in a non-specific error message, and "\r\n.\n" would result in the dot being dropped. Since v0.0.9, these sequences are rejected with a message mentioning SMTP smuggling.

How do I import/export email?

Use the import functionality on the accounts web page to import a zip/tgz with maildirs/mbox files, or use the "mox import maildir" or "mox import mbox" subcommands. You could also use your IMAP email client, add your mox account, and copy or move messages from one account to the other.

Similarly, see the export functionality on the accounts web page and the "mox export maildir" and "mox export mbox" subcommands to export email.

Importing large mailboxes may require a lot of memory (a limitation of the current database). Splitting up mailboxes in smaller parts (e.g. 100k messages) would help.

How can I help?

Mox needs users and testing in real-life setups! So just give it a try, send and receive emails through it with your favourite email clients, and file an issue if you encounter a problem or would like to see a feature/functionality implemented.

Instead of switching email for your domain over to mox, you could simply configure mox for a subdomain, e.g. [you]@moxtest.[yourdomain].

If you have experience with how the email protocols are used in the wild, e.g. compatibility issues, limitations, anti-spam measures, specification violations, that would be interesting to hear about.

Pull requests for bug fixes and new code are welcome too. If the changes are large, it helps to start a discussion (create an "issue") before doing all the work. In practice, starting with a small contribution and growing from there has the highest chance of success.

By contributing (e.g. code), you agree your contributions are licensed under the MIT license (like mox), and have the rights to do so.

Where can I discuss mox?

Join #mox on irc.oftc.net, or #mox:matrix.org (https://matrix.to/#/#mox:matrix.org), or #mox on the "Gopher slack".

For bug reports, please file an issue at https://github.com/mjl-/mox/issues/new.

How do I change my password?

Regular users (doing IMAP/SMTP with authentication) can change their password at the account page, e.g. http://localhost/. Or you can set a password with "mox setaccountpassword".

The admin can change the password of any account through the admin page, at http://localhost/admin/ by default (leave username empty when logging in).

The

Extension points exported contracts — how you extend this code

Code (Interface)
Code represents a response code with optional arguments, i.e. the data between [] in the response line. [6 implementers]
imapclient/protocol.go
MsgSource (Interface)
MsgSource is implemented by readers for mailbox file formats. [9 implementers]
store/import.go
Change (Interface)
IMAP UID. Change to mailboxes/subscriptions/messages in an account. One of the Change* types in this package. [13 implementers]
store/state.go
LogStringer (Interface)
LogStringer is used when formatting field values during logging. If a value implements it, LogString is called for the v [5 …
mlog/log.go
Client (Interface)
Client is a SASL client. A SASL client can be used for authentication in IMAP, SMTP and other protocols. A client and s [5 …
sasl/sasl.go
Archiver (Interface)
Archiver can archive multiple mailboxes and their messages. [3 implementers]
store/export.go
Resolver (Interface)
Resolver is the interface strict resolver implements. [2 implementers]
dns/resolver.go
SessionAuth (Interface)
SessionAuth handles login and session storage, used for both account and admin authentication. [2 implementers]
webauth/webauth.go

Core symbols most depended-on inside this repo

Close
called by 402
store/export.go
String
called by 379
dmarc/txt.go
check
called by 310
webadmin/admin.ts
Check
called by 277
mlog/log.go
style
called by 244
webadmin/admin.js
Add
called by 240
moxio/workq.go
xcheckf
called by 236
main.go
push
called by 213
http/gzcache.go

Shape

Function 2,408
Method 1,953
Struct 562
Interface 238
TypeAlias 110
Class 36
Enum 12
FuncType 1

Languages

Go69%
TypeScript31%

Modules by API surface

webmail/webmail.js313 symbols
webmail/webmail.ts250 symbols
webadmin/api.ts239 symbols
webadmin/admin.js232 symbols
webadmin/admin.go145 symbols
main.go134 symbols
imapclient/protocol.go132 symbols
store/account.go121 symbols
imapserver/server.go118 symbols
webadmin/admin.ts116 symbols
webmail/api.ts108 symbols
webaccount/account.js90 symbols

Dependencies from manifests, versioned

github.com/beorn7/perksv1.0.1 · 1×
github.com/cespare/xxhash/v2v2.2.0 · 1×
github.com/matttproud/golang_protobuf_extensions/v2v2.0.0 · 1×
github.com/mjl-/adnsv0.0.0-2025032117355 · 1×
github.com/mjl-/autocertv0.0.0-2025032120404 · 1×
github.com/mjl-/bstorev0.0.9 · 1×
github.com/mjl-/flatev0.0.0-2025022113371 · 1×
github.com/mjl-/sconfv0.0.7 · 1×
github.com/mjl-/sherpav0.6.7 · 1×
github.com/mjl-/sherpadocv0.0.16 · 1×
github.com/mjl-/sherpapromv0.0.2 · 1×
github.com/mjl-/sherpatsv0.0.6 · 1×

For agents

$ claude mcp add mox \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact