Artisanal inbound emails for every web app


Artisanal inbound emails for every web app

Mailin is an smtp server that listens for emails, parses them and posts them as json to the url of your choice. It checks the incoming emails dkim, spf, spam score (using spamassassin) and tells you in which language the email is written.

Mailin can be used as a standalone application directly from the command line, or embedded inside a node application.

Mailin relies heavily on the excellent work of @andris9 for the smtp and mail parsing services.

Why? Because we needed it for our startup

Sure! A demo is live at Please note that it is running on the smallest Digital Ocean instance, so be fair if it is overloaded.

Mailin can run without any dependencies other than node itself, but having them allow you to use some additional features.

So first make sure the node is available, and the node command as well. On Debian/Ubuntu boxes:

sudo aptitude install nodejs ; sudo ln -s $(which nodejs) /usr/bin/node

To handle dkim and spf checking, Mailin depends on Python 2.7. On Linux machines, it is very not likely that you don't have a decent version of Python available.

To handle the spam score computation, Mailin depends on spamassassin and its server interface spamc. Both should be available as packages on your machine. For instance on Debian/Ubuntu boxes:

sudo aptitude install spamassassin spamc

Spamassassin is not enabled by default, enable it in /etc/default/spamassassin.

The latest version of Mailin (^3.0.0) runs on node ~0.12.0 or iojs ^2.0.0. If you are running an older version of node such as ~0.10.0, you can install Mailin ^2.0.0:

npm install mailin@2.0.0

In order to receive emails, your smtp server address should be made available somewhere. Two records should be added to your DNS records. Let us pretend that we want to receive emails at *

  • First an MX record: MX 10 This means that the mail server for addresses like * will be
  • Then an A record: A the.ip.address.of.your.mailin.server. This tells at which ip address the mail server can be found.

You can fire up Mailin (see next section) and use an smtp server tester to verify that everything is correct.

Install mailin globally.

sudo npm install -g mailin

Run it, specifying your webhook url (addtionnal help can be found using mailin --help). By default, Mailin will listen on port 25, the standard smtp port. you can change this port for testing purpose using the --port option. However, do not change this port if you want to receive emails from the real world.

Ports number under 1000 are reserved to root user. So two options here. Either run Mailin as root:

sudo mailin --webhook

Or, prefered choice, use something like authbind to run Mailin with a standard user while still using port 25. Here comes a tutorial on how to setup authbind. In this case, do something like:

authbind --deep mailin --webhook

and make sure that your user can write to the log file.

At this point, Mailin will listen for incoming emails, parse them and post an urlencoded form multipart/form-data to your webhook url.

The webhook payload is a multipart form with a mailinMsg fields always present and some optional additional fields containing the content of the attachments. How to handle this? We have got you covered, there is a working example using node and express in mailin/samples/server.js. Anyway, once parsed, you should end up with something like:

      html: '<div><b>Hello world!</b></div>',
      text: 'Hello world!',
      headers: {
          from: 'John Doe <>',
          to: 'Jane Doe <>',
          'content-type': 'multipart/mixed; boundary="----mailcomposer-?=_1-1395066415427"',
          'mime-version': '1.0'
      priority: 'normal',
      from: [{
          address: '',
          name: 'John Doe'
      to: [{
          address: '',
          name: 'Jane Doe'
      attachments: [{
          contentType: 'text/plain',
          fileName: 'dummyFile.txt',
          contentDisposition: 'attachment',
          transferEncoding: 'base64',
          generatedFileName: 'dummyFile.txt',
          contentId: '6e4a9c577e603de61e554abab84f6297@mailparser',
          checksum: 'e9fa6319356c536b962650eda9399a44',
          length: '28'
        from: 'John Doe <>',
        to: ['Jane Doe <>'],
        remoteAddress: '',
        authentication: { username: false, authenticated: false, state: 'NORMAL' },
        id: '0e9b7099'
      dkim: 'failed',
      spf: 'pass',
      spamScore: 3.3,
      language: 'english',
      cc: [{
        address: '',
        name: 'James'
      envelopeFrom: [ { address: '', name: 'John Doe' } ],
      envelopeTo: [ { address: '', name: 'Jane Doe' } ]
  'dummyFile.txt': 'a-base64-encoded-string=='
  • error: listen EACCES: your user do not have sufficients privileges to run on the given port. Ports under 1000 are restricted to root user. Try with sudo.
  • error: listen EADDRINUSE: the current port is already used by something. Most likely, you are trying to use port 25 and your machine's mail transport agent is already running. Stop it with something like sudo service exim4 stop or sudo service postfix stop before using Mailin.
  • error: Unable to compute spam score ECONNREFUSED: it is likely that spamassassin is not enabled on your machine, check the /etc/default/spamassassin file.
  • node: command not found: most likely, your system does not have node installed or it is installed with a different name. For instance on Debian/Ubuntu, the node interpreter is called nodejs. The quick fix is making a symlink: ln -s $(which nodejs) /usr/bin/node to make the node command available.
  • Uncaught SenderError: Mail from command failed - 450 4.1.8 <an@email.address>: Sender address rejected: Domain not found: The smtpOption disableDNSValidation is set to false and an email was sent from an invalid domain.

Install Mailin locally.

sudo npm install --save mailin

Start the Mailin server and listen to events.

var mailin = require('mailin');
/* Start the Mailin server. The available options are:
 *  options = {
 *     port: 25,
 *     webhook: ',
 *     disableWebhook: false,
 *     logFile: '/some/local/path',
 *     logLevel: 'warn', // One of silly, info, debug, warn, error
 *     smtpOptions: { // Set of options directly passed to simplesmtp.createServer(smtpOptions)
 *        SMTPBanner: 'Hi from a custom Mailin instance',
 *        // By default, the DNS validation of the sender and recipient domains is disabled so.
 *        // You can enable it as follows:
 *        disableDNSValidation: false
 *     }
 *  };
 * Here disable the webhook posting so that you can do what you want with the
 * parsed message. */
  port: 25,
  disableWebhook: true // Disable the webhook posting. 
/* Access simplesmtp server instance. */
mailin.on('authorizeUser', function(connectionusernamepassworddone) {
  if (username == "johnsmith" && password == "mysecret") {
    done(null, true);
  } else {
    done(new Error("Unauthorized!"), false);
/* Event emitted when a connection with the Mailin smtp server is initiated. */
mailin.on('startMessage', function (connection) {
  /* connection = {
      from: '',
      to: '',
      id: 't84h5ugf',
      authentication: { username: null, authenticated: false, status: 'NORMAL' }
  }; */
/* Event emitted after a message was received and parsed. */
mailin.on('message', function (connectiondatacontent) {
  /* Do something useful with the parsed message here.
   * Use parsed message `data` directly or use raw message `content`. */
  • startData (connection) - DATA stream is opened by the client.
  • data (connection, chunk) - E-mail data chunk is passed from the client.
  • dataReady (connection, callback) - Client has finished passing e-mail data. callback returns the queue id to the client.
  • authorizeUser (connection, username, password, callback) - Emitted if requireAuthentication option is set to true. callback has two parameters (err, success) where success is a Boolean and should be true, if user is authenticated successfully.
  • validateSender (connection, email, callback) - Emitted if validateSender listener is set up.
  • senderValidationFailed (connection, email, callback) - Emitted if a sender DNS validation failed.
  • validateRecipient (connection, email, callback) - Emitted if validateRecipients listener is set up.
  • recipientValidationFailed (connection, email, callback) - Emitted if a recipient DNS validation failed.
  • close (connection) - Emitted when the connection to a client is closed.
  • startMessage (connection) - Connection with the Mailin smtp server is initiated.
  • message (connection, data, content) - Message was received and parsed.

If webhook fails, schedule some retries.

Notice: Postman image copyright Charlie Allen