[ Self-Host ]

Run SpawnMail on
your infrastructure

Full email stack in a single Docker Compose. Your servers, your data, your rules. MIT licensed, free forever.

Quickstart

From zero to running in under 2 minutes. You need Docker and a domain with MX records pointing to your server.

1

Clone the repository

$ git clone https://github.com/edwin0x/flashmail
$ cd spawnmail
2

Configure environment

$ cp .env.example .env

# Edit .env with your settings
DOMAIN=mail.yourdomain.com
POSTGRES_PASSWORD=your-secure-password
API_SECRET_KEY=your-api-secret
3

Start the stack

$ docker compose up -d
→ spawnmail-api    running on :8000
→ spawnmail-smtp   running on :25
→ spawnmail-db     running on :5432

# Verify it's running
$ curl http://localhost:8000/health
→ { "status": "ok" }
4

Create your first API key

$ docker exec spawnmail-api \
    spawnmail-admin create-key --name "my-agent"
→ fm_live_abc123...def456

# Test it
$ curl -H "x-api-key: fm_live_abc123...def456" \
    http://localhost:8000/me
→ { "email": "admin", "inboxes_count": 0 }

Architecture

Three services, one Docker Compose. No Kubernetes, no orchestrators, no complexity.

                    Inbound Email


              ┌──────────────────┐
              │   Postfix SMTP   │
              │     (port 25)    │
              └────────┬─────────┘
                       │ pipe transport

              ┌──────────────────┐
              │   FastAPI App    │  ←── REST API (port 8000)
              │   (Python)       │
              └────────┬─────────┘


              ┌──────────────────┐
              │   PostgreSQL     │
              │   (port 5432)    │
              └──────────────────┘

Postfix SMTP

Production-grade MTA handles all inbound email. Pipe transport forwards parsed mail to the API layer. Handles DKIM, SPF, and DMARC if you configure DNS.

FastAPI Application

Python API server exposing REST endpoints. Handles inbox CRUD, email storage, long-polling, API key auth, and webhook dispatch.

PostgreSQL

All data lives in PostgreSQL. Inboxes, emails, API keys, raw MIME payloads. Foreign key cascades enable atomic zero-residue purges.

Prerequisites

What you need before deploying.

Server

Any Linux VPS with Docker installed. 1 vCPU, 1GB RAM minimum. We recommend 2 vCPU / 2GB for production.

Domain

A domain (or subdomain) with an MX record pointing to your server's IP. This is where inbound email gets routed.

Docker

Docker Engine 20.10+ and Docker Compose V2. That's it — no Kubernetes, no Terraform, no cloud provider lock-in.

Port 25

SMTP requires port 25 to be open. Some cloud providers block it by default — check your firewall and hosting provider policies.

Configuration

Environment variables control everything. No YAML files, no config directories.

Variable Description Default
DOMAIN Your email domain (e.g., mail.example.com) Required
POSTGRES_PASSWORD Database password Required
API_SECRET_KEY Secret for JWT signing and key derivation Required
API_PORT Port for the REST API 8000
SMTP_PORT Port for inbound SMTP 25
MAX_INBOX_TTL Maximum inbox lifetime in seconds 2592000 (30d)
MAX_EMAIL_SIZE Maximum email size in bytes 10485760 (10MB)
WEBHOOK_TIMEOUT Webhook delivery timeout in seconds 10

When to use the cloud

Self-hosting is great. Sometimes managed is better. Here's how to decide.

Self-host when...

  • Data residency is a hard requirement
  • You need air-gapped or VPN-only access
  • You want zero recurring costs
  • Your team can manage Docker and DNS
  • You want to customize or extend the codebase

Use cloud when...

  • You need custom domains with managed DNS
  • Dedicated IPs and email reputation matter
  • You want SSO/SAML and SLA guarantees
  • Your team should ship agents, not infra
  • You want priority support and managed updates

Ready to self-host?

View on GitHub Compare Plans