Mailport
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Mailportfind threads about the budget report"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Mailport
Your inboxes. One secure MCP gateway.
Connect multiple IMAP and SMTP mailboxes to ChatGPT and other MCP clients without exposing mailbox credentials to the model.
Architecture ยท Security ยท Thread protocol ยท Setup
Mailport is a security-preview project. Its architecture is designed for production use, but it is necessary to use your own vercel, db, bitwarden etc account because otherwise I can see your passwords ๐
Why Mailport
Most email integrations are built around one provider. Mailport provides a small, provider-independent MCP boundary for Gmail, Microsoft 365, iCloud, Yahoo, Aruba and any public IMAP/SMTP server with valid TLS.
Credentials never enter the chat. Users add a mailbox through a short-lived HTTPS connection link.
Passwords stay in a vault. IMAP and SMTP credentials are separate Bitwarden Secrets Manager secrets.
Email stays ephemeral. Message bodies are fetched on demand and are not indexed or retained by default.
Threads are model-ready. RFC headers, native provider IDs and conservative heuristics reconstruct useful conversations.
Access is scoped. OAuth separates
mail:readandmail:send; opaque account references prevent arbitrary mailbox selection.
Related MCP server: mail-mcp
MCP tools
Tool | What it does |
| Lists connected mailboxes using opaque references and masked addresses. |
| Returns a 256-bit, single-use mailbox connection link valid for ten minutes. |
| Searches bounded filters and reconstructs conversations across selected folders. |
| Produces chronological, compact context with explicit omissions and truncation. |
| Returns the exact recipients, subject and body for explicit approval plus a five-minute token. |
| Sends only the unchanged, explicitly approved message and consumes the token once. |
Sending is text-only in the initial release. It requires mail:send, an SMTP-enabled account, an exact preview and a separate explicit confirmation. Attachments are intentionally excluded.
How it works
flowchart TD
C["ChatGPT or MCP client"] -->|"OAuth 2.1 + scoped token"| M["Mailport on Vercel"]
U["User in secure connection page"] -->|"IMAP / SMTP credentials"| M
M -->|"Secret IDs and metadata"| N["Neon Postgres"]
M -->|"Encrypted credentials"| B["Bitwarden Secrets Manager"]
M -->|"TLS, on-demand fetch"| P["Mail providers"]ChatGPT never receives mailbox passwords, provider tokens or arbitrary IMAP access. Neon stores ownership and non-secret metadata; Bitwarden stores the credentials; Mailport fetches messages only when an authorized tool call needs them.
Thread intelligence
Mailport reconstructs a thread in a deterministic order:
Deduplicate copies using normalized RFC
Message-IDvalues.Join provider-native thread IDs within the same account.
Follow
In-Reply-ToandReferencesrelationships.Optionally apply a conservative subject, participant and time heuristic.
Search expansion is bounded to two rounds. Compact context keeps the first message, matching anchors and the latest messages while removing repeated quoted history. Heuristic joins are returned with an explicit confidence label instead of being presented as certain.
Security boundaries
Boundary | Policy |
Chat โ Mailport | OAuth 2.1, PKCE, audience validation and scoped access tokens. |
User โ onboarding | Authenticated HTTPS page; fragment token; single use; ten-minute expiry. |
Mailport โ Bitwarden | Dedicated machine account restricted to one Secrets Manager project. |
Mailport โ providers | Verified TLS 1.2+, fixed ports, public-address validation and DNS-pinned sockets. |
Mailport โ Neon | Pooled TLS connection; no mailbox password or message body persistence. |
Email โ model | Email is untrusted data and cannot choose tools, accounts, scopes or recipients. |
The application does not log passwords, OAuth tokens, subjects, message bodies, recipients or raw provider errors. See the complete security model.
Stack
TanStack Start and React on the Vercel Node.js runtime.
Official Model Context Protocol TypeScript SDK with stateless Streamable HTTP at
/mcp.Better Auth email OTP and OAuth provider with PKCE, JWKS, consent and Dynamic Client Registration.
Neon Serverless Postgres and Drizzle ORM.
Bitwarden Secrets Manager official Node SDK.
ImapFlow, PostalMime, html-to-text and Nodemailer.
Dependencies are pinned to exact versions and the lockfile is committed.
Quick start
Requirements: Node.js 22+, a Neon database, a Bitwarden Secrets Manager project and a Resend sender.
git clone https://github.com/eduardo-bolognini/mailport-mcp.git
cd mailport-mcp
npm install
cp .env.example .env.localFill .env.local, then run:
npm run db:migrate
npm run devThe local application is available at http://localhost:3000; the MCP endpoint is http://localhost:3000/mcp. The full environment guide covers Neon, Bitwarden, Resend, Vercel and OAuth: docs/ENVIRONMENT.md.
Connect ChatGPT
After deploying and configuring the production environment:
Enable Developer mode in ChatGPT under Settings โ Apps โ Advanced settings.
Create a new app with the MCP URL
https://your-domain.example/mcp.Select OAuth authentication. Mailport exposes discovery and Dynamic Client Registration, so no ChatGPT client secret is required.
Sign in using the email code and grant Mailport read and send access once. A single mailbox setup link then configures IMAP and, when you enable it in the same form, SMTP. Every actual send still requires approval of the exact message preview.
Development
npm run typecheck
npm run check
npm test
npm run buildThe test suite covers credential serialization, deterministic thread reconstruction and compact model context.
Project map
src/server/auth Email OTP, OAuth and scoped token validation
src/server/mail IMAP, SMTP, filtering, threading and context assembly
src/server/mcp MCP tools and Streamable HTTP transport
src/server/secrets Bitwarden Secrets Manager boundary
src/server/db Neon and Drizzle schema
drizzle Versioned database migrations
docs Architecture, security and protocol documentationRoadmap
Attachment metadata and opt-in bounded extraction.
Provider OAuth adapters alongside app passwords.
Admin security controls, credential rotation and mailbox revocation.
Interoperability fixtures for additional MCP clients.
See the detailed roadmap.
Contributing
Security-minded contributions are welcome. Keep the gateway small, avoid credential or content persistence, and include tests for changes to authorization, filtering or threading behavior.
For vulnerabilities, follow SECURITY.md instead of opening a public issue.
License
Apache-2.0 ยฉ Eduardo Bolognini. See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/eduardo-bolognini/mailport-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server