Skip to content

Postmoogle is Matrix <-> Email bridge in a form of an SMTP server

License

Notifications You must be signed in to change notification settings

etkecc/postmoogle

Repository files navigation

Postmoogle Matrix

more about that name

An Email to Matrix bridge. 1 room = 1 mailbox.

Postmoogle is an actual SMTP server that allows you to send and receive emails on your matrix server. It can't be used with arbitrary email providers, because it acts as an actual email provider itself, so you can use it to send emails from your apps and scripts as well.

Roadmap

Receive

  • SMTP server (plaintext and SSL)
  • live reload of SSL certs
  • Matrix bot
  • Configuration in room's account data
  • Receive emails to matrix rooms
  • Receive attachments
  • Subaddressing support
  • Mailbox aliases support
  • Catch-all mailbox
  • Strip forwarding, signatures, and other noise from emails if configured
  • Map email threads to matrix threads
  • Multi-domain support
  • SMTP verification
  • DKIM verification
  • SPF verification
  • RBL verification
  • MX verification
  • Spamlist of emails (wildcards supported)
  • Spamlist of hosts (per server only)
  • Greylisting (per server only)

Send

  • SMTP client
  • SMTP server (you can use Postmoogle as general purpose SMTP server to send emails from your scripts or apps)
  • SMTP Relaying (postmoogle can send emails via relay host), global and per-mailbox
  • Send a message to matrix room with special format to send a new email, even to multiple email addresses at once
  • Reply to matrix thread sends reply into email thread
  • Email signatures
  • Email autoreply / autoresponder for new email threads

Configuration

1. Bot (mandatory)

env vars

  • POSTMOOGLE_HOMESERVER - homeserver url, eg: https://matrix.example.com
  • POSTMOOGLE_LOGIN - user login, localpart when logging in with password (e.g., moogle), OR full MXID when using shared secret (e.g., @moogle:example.com)
  • POSTMOOGLE_PASSWORD - user password, alternatively you may use shared secret
  • POSTMOOGLE_SHAREDSECRET - alternative to password, shared secret (details)
  • POSTMOOGLE_DOMAINS - space separated list of SMTP domains to listen for new emails. The first domain acts as the default domain, all other as aliases
other optional config parameters
  • POSTMOOGLE_PORT - SMTP port to listen for new emails
  • POSTMOOGLE_PROXIES - space separated list of IP addresses considered as trusted proxies, thus never banned
  • POSTMOOGLE_TLS_PORT - secure SMTP port to listen for new emails. Requires valid cert and key as well
  • POSTMOOGLE_TLS_CERT - space separated list of paths to the SSL certificates (chain) of your domains, note that position in the cert list must match the position of the cert's key in the key list
  • POSTMOOGLE_TLS_KEY - space separated list of paths to the SSL certificates' private keys of your domains, note that position on the key list must match the position of cert in the cert list
  • POSTMOOGLE_TLS_REQUIRED - require TLS connection, even on the non-TLS port (POSTMOOGLE_PORT). TLS connections are always required on the TLS port (POSTMOOGLE_TLS_PORT) regardless of this setting.
  • POSTMOOGLE_DATA_SECRET - secure key (password) to encrypt account data, must be 16, 24, or 32 bytes long
  • POSTMOOGLE_DKIM_PRIVKEY - DKIM private key, pre-generated before !pm dkim command
  • POSTMOOGLE_DKIM_SIGNATURE - DKIM signature, pre-generated before !pm dkim command
  • POSTMOOGLE_STATUSMSG - presence status message
  • POSTMOOGLE_MONITORING_SENTRY_DSN - sentry DSN
  • POSTMOOGLE_MONITORING_SENTRY_RATE - sentry sample rate, from 0 to 100 (default: 20)
  • POSTMOOGLE_MONITORING_HEALTHCHECKS_URL - healthchecks.io url, default: https://hc-ping.com
  • POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID - healthchecks.io UUID
  • POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION - heathchecks.io duration between pings in secods (default: 5)
  • POSTMOOGLE_LOGLEVEL - log level
  • POSTMOOGLE_DB_DSN - database connection string
  • POSTMOOGLE_DB_DIALECT - database dialect (postgres, sqlite3)
  • POSTMOOGLE_MAILBOXES_RESERVED - space separated list of reserved mailboxes, docs/mailboxes.md
  • POSTMOOGLE_MAILBOXES_FORWARDED - space separated list of forwarded from emails that should be ignored when sending replies
  • POSTMOOGLE_MAILBOXES_ACTIVATION - activation flow for new mailboxes, docs/mailboxes.md
  • POSTMOOGLE_MAXSIZE - max email size (including attachments) in megabytes
  • POSTMOOGLE_ADMINS - a space-separated list of admin users. See POSTMOOGLE_USERS for syntax examples
  • POSTMOOGLE_RELAY_HOST - (global) SMTP hostname of relay host (e.g. Sendgrid)
  • POSTMOOGLE_RELAY_PORT - (global) SMTP port of relay host
  • POSTMOOGLE_RELAY_USERNAME - (global) Username of relay host
  • POSTMOOGLE_RELAY_PASSWORD - (global) Password of relay host

You can find default values in internal/config/defaults.go

2. DNS (highly recommended)

Follow the docs/dns

Usage

How to start

  1. Invite the bot into a room you want to use as mailbox
  2. Read the bot's introduction
  3. Set mailbox using !pm mailbox NAME where NAME is part of email (e.g. NAME@example.com)
  4. Done. Mailbox owner and other options will be set automatically when you configure mailbox. If you want to change them - check available options in the help message (!pm help)
Full list of available commands

The following section is visible to all allowed users

  • !pm help - Show this help message
  • !pm stop - Disable bridge for the room and clear all configuration
  • !pm send - Send email

mailbox ownership

The following section is visible to the mailbox owners only

  • !pm mailbox - Get or set mailbox of the room
  • !pm aliases - Get or set comma-separated aliases of the room
  • !pm domain - Get or set default domain of the room
  • !pm owner - Get or set owner of the room
  • !pm password - Get or set SMTP password of the room's mailbox
  • !pm relay - Get or set SMTP relay of that mailbox. Format: smtp://user:password@host:port, e.g. smtp://54b7bfb9-b95f-44b8-9879-9b560baf4e3a:8528a3a9-bea8-4583-9912-d4357ba565eb@example.com:587

mailbox options

The following section is visible to the mailbox owners only

  • !pm autoreply - Get or set autoreply of the room (markdown supported) that will be sent on any new incoming email thread
  • !pm signature - Get or set signature of the room (markdown supported)
  • !pm threadify - Get or set threadify of the room (true - send incoming email body in thread; false - send incoming email body as part of the message)
  • !pm stripify - Get or set threadify of the room (true - strip incoming email's reply quotes and signatures; false - send incoming email as-is)
  • !pm nosend - Get or set nosend of the room (true - disable email sending; false - enable email sending)
  • !pm noreplies - Get or set noreplies of the room (true - ignore matrix replies; false - parse matrix replies)
  • !pm nosender - Get or set nosender of the room (true - hide email sender; false - show email sender)
  • !pm norecipient - Get or set norecipient of the room (true - hide recipient; false - show recipient)
  • !pm nocc - Get or set nocc of the room (true - hide CC; false - show CC)
  • !pm nosubject - Get or set nosubject of the room (true - hide email subject; false - show email subject)
  • !pm nohtml - Get or set nohtml of the room (true - ignore HTML in email; false - parse HTML in emails)
  • !pm nothreads - Get or set nothreads of the room (true - ignore email threads; false - convert email threads into matrix threads)
  • !pm nofiles - Get or set nofiles of the room (true - ignore email attachments; false - upload email attachments)
  • !pm noinlines - Get or set noinlines of the room (true - ignore inline attachments; false - upload inline attachments)

mailbox security checks

The following section is visible to the mailbox owners only

  • !pm spamcheck:mx - only accept email from servers which seem prepared to receive it (those having valid MX records) (true - enable, false - disable)
  • !pm spamcheck:spf - only accept email from senders which authorized to send it (those matching SPF records) (true - enable, false - disable)
  • !pm spamcheck:rbl - reject incoming emails from hosts listed in DNS blocklists (true - enable, false - disable)
  • !pm spamcheck:dkim - only accept correctly authorized emails (without DKIM signature at all or with valid DKIM signature) (true - enable, false - disable)
  • !pm spamcheck:smtp - only accept email from servers which seem prepared to receive it (those listening on an SMTP port) (true - enable, false - disable)

mailbox anti-spam

The following section is visible to the mailbox owners only

  • !pm spam:list - Show comma-separated spamlist of the room, eg: spammer@example.com,*@spammer.org,spam@*
  • !pm spam:add - Mark an email address (or pattern) as spam (or you can react to the email with emoji: ⛔️,🛑, or 🚫)
  • !pm spam:remove - Unmark an email address (or pattern) as spam
  • !pm spam:reset - Reset spamlist

server options

The following section is visible to the bridge admins only

  • !pm adminroom - Get or set admin room
  • !pm users - Get or set allowed users
  • !pm dkim - Get DKIM signature
  • !pm catch-all - Get or set catch-all mailbox
  • !pm queue:batch - max amount of emails to process on each queue check
  • !pm queue:retries - max amount of tries per email in queue before removal
  • !pm mailboxes - Show the list of all mailboxes
  • !pm delete - Delete specific mailbox

server antispam

The following section is visible to the bridge admins only

  • !pm greylist - Set automatic greylisting duration in minutes (0 - disabled)
  • !pm banlist - Enable/disable banlist and show current values
  • !pm banlist:auth - Enable/disable automatic banning for invalid auth credentials
  • !pm banlist:auto - Enable/disable automatic banning for invalid emails
  • !pm banlist:totals - List banlist totals only
  • !pm banlist:add - Ban an IP
  • !pm banlist:remove - Unban an IP
  • !pm banlist:reset - Reset banlist