Enables sending emails via Gmail's SMTP server, allowing for message validation, attachment handling, and secure authentication.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mail-smtp-mcpEmail jane@example.com about the project status update"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mail-smtp-mcp
A TypeScript MCP (Model Context Protocol) server for sending email via SMTP, designed for code agents. Exposes a compact, LLM-optimized tool surface with strict policy controls and validation.
Quick Start
Primary Usage (Recommended)
Run directly via npx with your MCP client:
npx -y @bradsjm/mail-smtp-mcpConfigure the required environment variables before starting (see Configuration below).
Local Development
pnpm install
pnpm devBuild for production:
pnpm buildConfiguration
The server loads configuration from environment variables. A local .env file is also supported via dotenv (do not commit secrets).
Account Configuration
Configure one or more SMTP accounts using the following pattern:
MAIL_SMTP_<ACCOUNT_ID>_<SETTING>=valueSetting | Required | Default | Description |
| Yes | - | SMTP server hostname |
| No | 587 (if SECURE=false), 465 (if SECURE=true) | SMTP server port |
| No |
| Use SSL/TLS (true) or STARTTLS (false) |
| Yes | - | SMTP authentication username |
| Yes | - | SMTP authentication password |
| No | - | Default sender email address |
Example - Default Account:
MAIL_SMTP_DEFAULT_HOST=smtp.gmail.com
MAIL_SMTP_DEFAULT_PORT=587
MAIL_SMTP_DEFAULT_SECURE=false
MAIL_SMTP_DEFAULT_USER=you@gmail.com
MAIL_SMTP_DEFAULT_PASS=your-app-password
MAIL_SMTP_DEFAULT_FROM=you@gmail.comExample - Multiple Accounts:
# Default account
MAIL_SMTP_DEFAULT_HOST=smtp.gmail.com
MAIL_SMTP_DEFAULT_USER=you@gmail.com
MAIL_SMTP_DEFAULT_PASS=app-password-1
# Work account
MAIL_SMTP_WORK_HOST=smtp.company.com
MAIL_SMTP_WORK_PORT=465
MAIL_SMTP_WORK_SECURE=true
MAIL_SMTP_WORK_USER=you@company.com
MAIL_SMTP_WORK_PASS=company-password
MAIL_SMTP_WORK_FROM=you@company.comSend Gate
Sending is disabled by default for security. Enable with:
MAIL_SMTP_SEND_ENABLED=trueAllowlist Policy (Optional)
Restrict recipients to specific domains or email addresses:
MAIL_SMTP_ALLOWLIST_DOMAINS=example.com,example.org
MAIL_SMTP_ALLOWLIST_ADDRESSES=alice@example.com,bob@example.orgPolicy Limits
Configure operational limits (defaults shown):
Variable | Default | Description |
| 10 | Maximum recipients per message |
| 2,500,000 | Maximum total message size (~2.4 MB) |
| 5 | Maximum number of attachments |
| 2,000,000 | Maximum size per attachment (~1.9 MB) |
| 20,000 | Maximum characters in plain text body |
| 50,000 | Maximum characters in HTML body |
| 10,000 | SMTP connection timeout (ms) |
| 20,000 | SMTP socket timeout (ms) |
Tools Overview
Tool | Purpose | Requires Send Enabled? |
| List configured SMTP accounts | No |
| Verify SMTP connectivity without sending email | No |
| Send or validate an outbound email | Yes (unless dry_run) |
Tool Details
smtp_list_accounts
Lists configured SMTP accounts with non-sensitive metadata.
Input:
{
"account_id": "default" // Optional - filter by specific account
}Response:
{
"summary": "Found 2 configured SMTP account(s).",
"data": {
"accounts": [
{
"account_id": "default",
"host": "smtp.gmail.com",
"port": 587,
"secure": false,
"default_from": "you@gmail.com"
},
{
"account_id": "work",
"host": "smtp.company.com",
"port": 465,
"secure": true
}
]
},
"_meta": {
"send_enabled": true,
"limits": {
"max_recipients": 10,
"max_message_bytes": 2500000,
"max_attachments": 5,
"max_attachment_bytes": 2000000
}
}
}smtp_verify_account
Verifies that an SMTP account can connect and authenticate without sending an email.
Input:
{
"account_id": "default" // Defaults to "default"
}Verification Flow:
┌─────────────────┐
│ Load Account │
│ Config │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Create SMTP │
│ Transport │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Verify Connect │
│ & Authenticate │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Return Status │
│ (ok / error) │
└─────────────────┘Response:
{
"summary": "SMTP account default verified successfully.",
"data": {
"account_id": "default",
"status": "ok"
}
}smtp_send_message
Sends or validates an outbound email via SMTP with comprehensive validation.
Input:
{
"account_id": "default", // Defaults to "default"
"from": "sender@example.com", // Optional - override account default
"to": ["recipient@example.com"], // Required - string or array
"cc": ["cc@example.com"], // Optional
"bcc": ["bcc@example.com"], // Optional
"reply_to": "reply@example.com", // Optional
"subject": "Test Email", // Required
"text_body": "Plain text here", // Optional
"html_body": "<p>HTML here</p>", // Optional
"attachments": [ // Optional
{
"filename": "document.pdf",
"content_base64": "JVBERi0xL...",
"content_type": "application/pdf"
}
],
"dry_run": false // Optional - validate without sending
}Send Flow:
┌──────────────────┐
│ Validate Input │
│ - Email format │
│ - Header inject. │
│ - Body lengths │
└────────┬─────────┘
│
▼
┌──────────────────┐
│ Enforce Policy │
│ - Recipient │
│ allowlist │
│ - Size limits │
│ - Attachment │
│ limits │
└────────┬─────────┘
│
▼
┌──────────────────┐
│ Build Message │
│ - Parse attach- │
│ ments (base64) │
│ - Estimate size │
└────────┬─────────┘
│
▼
┌──────────┐
│ dry_run? │
└────┬─────┘
│
┌────┴────┐
│ │
Yes No
│ │
▼ ▼
┌────────────┐ ┌──────────────┐
│ Return │ │ Send via │
│ Validation │ │ SMTP │
│ Results │ │ Transport │
└────────────┘ └──────┬───────┘
│
▼
┌────────────────┐
│ Return Send │
│ Results │
└────────────────┘Response (Success):
{
"summary": "Sent message to 3 recipient(s).",
"data": {
"account_id": "default",
"dry_run": false,
"envelope": {
"from": "sender@example.com",
"to": ["recipient@example.com"],
"cc": ["cc@example.com"],
"bcc": ["bcc@example.com"]
},
"message_id": "<abc123@example.com>",
"accepted": ["recipient@example.com", "cc@example.com", "bcc@example.com"],
"rejected": []
}
}Response (Dry Run):
{
"summary": "Validated message for 3 recipient(s).",
"data": {
"account_id": "default",
"dry_run": true,
"envelope": {
"from": "sender@example.com",
"to": ["recipient@example.com"],
"cc": ["cc@example.com"],
"bcc": ["bcc@example.com"]
},
"size_bytes_estimate": 12500
}
}Response Format
All tool responses use a consistent JSON structure returned as MCP text content:
{
"summary": "Human-readable status message",
"data": { /* Tool-specific structured data */ },
"_meta": { /* Optional metadata (e.g., policy info) */ }
}Hard Maximum Limits
The following absolute upper bounds cannot be exceeded regardless of policy settings:
Resource | Hard Limit |
Recipients per message | 50 |
Attachments per message | 10 |
Attachment size | 5,000,000 bytes (~4.8 MB) |
Plain text body characters | 100,000 |
HTML body characters | 200,000 |
Subject characters | 256 |
Security Notes
No HTTP Transport: This server only supports stdio transport for security. HTTP endpoints are intentionally not exposed.
Credential Handling: SMTP credentials are never logged or returned in tool responses.
Header Injection Protection: All email addresses and subject fields are validated to reject CR/LF characters that could be used for header injection.
Filename Safety: Attachment filenames are validated to prevent path traversal attacks.
Send Gate: Sending is disabled by default and must be explicitly enabled via
MAIL_SMTP_SEND_ENABLED=true.Dry Run Mode: Use
dry_run: trueto validate messages and policies without actually sending emails.
MCP Client Integration
Standard npx Configuration
Most MCP-enabled applications can spawn this server using:
{
"command": "npx",
"args": ["-y", "@bradsjm/mail-smtp-mcp"],
"env": {
"MAIL_SMTP_DEFAULT_HOST": "smtp.gmail.com",
"MAIL_SMTP_DEFAULT_PORT": "587",
"MAIL_SMTP_DEFAULT_SECURE": "false",
"MAIL_SMTP_DEFAULT_USER": "you@gmail.com",
"MAIL_SMTP_DEFAULT_PASS": "your-app-password",
"MAIL_SMTP_DEFAULT_FROM": "you@gmail.com",
"MAIL_SMTP_SEND_ENABLED": "true"
}
}Development Configuration
For local development without publishing:
{
"command": "node",
"args": ["/path/to/mail-smtp-mcp/dist/index.js"],
"env": {
"MAIL_SMTP_DEFAULT_HOST": "smtp.gmail.com",
"MAIL_SMTP_DEFAULT_USER": "you@gmail.com",
"MAIL_SMTP_DEFAULT_PASS": "your-app-password",
"MAIL_SMTP_SEND_ENABLED": "true"
}
}Development
# Install dependencies
pnpm install
# Run in development mode (TypeScript)
pnpm dev
# Build for production
pnpm build
# Run tests
pnpm test
# Type checking
pnpm typecheck
# Linting
pnpm lint
# Format code
pnpm format:writeRun all quality checks:
pnpm checkLicense
See LICENSE file for details.