mailpit-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mailpit-mcp-serverlist unread messages"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mailpit-mcp-server
A Model Context Protocol server for Mailpit, the email & SMTP testing tool. It lets AI assistants (Claude Code, Claude Desktop, Cursor, VS Code, …) read, search and manage the emails your application sends during development and testing.
Streamable HTTP transport — run it as a network service next to Mailpit (Docker Compose friendly), or
stdio transport — let your MCP client spawn it locally
Bearer-token auth for the HTTP endpoint, so it can safely sit behind a reverse proxy
Single small dependency surface: the official
@modelcontextprotocol/sdk, Express and Zod
Tools
Tool | Description |
| List mailbox messages, newest first (paginated) |
| Search with Mailpit query syntax ( |
| Full message by ID or |
| Raw headers of a message |
| Full raw RFC-822 source (headers + MIME parts) |
| Download an attachment — images returned as images, text as text, other as base64 |
| HTML compatibility analysis across email clients |
| Extract all URLs without requesting them — safe retrieval of confirmation/reset/unsubscribe links for e2e flows |
| Verify links by requesting them (real GETs — may trigger one-click actions; auth-protected links can return 302/401/403 without being broken) |
| Compose and inject a test email via the Mailpit API (captured, not delivered) |
| Send over a REAL SMTP transaction (as applications do) to prove the SMTP channel works end-to-end |
| Poll until a new (optionally matching) message arrives — great for e2e flows |
| Mark messages read/unread, by ID or all |
| Delete messages by ID (set |
| Mailpit version, message/unread counts, database size |
Related MCP server: MCP Email Server
Quick start (Docker Compose)
services:
mailpit:
image: axllent/mailpit:latest
ports:
- "8025:8025" # web UI
- "1025:1025" # SMTP
healthcheck:
test: ["CMD", "/mailpit", "readyz"]
interval: 30s
start_period: 10s
mailpit-mcp:
image: ghcr.io/cedjey/mailpit-mcp-server:2
ports:
- "3000:3000" # MCP endpoint: http://localhost:3000/mcp
environment:
MAILPIT_URL: http://mailpit:8025
# Required: where applications send SMTP, as reachable by them
MAILPIT_SMTP_ENDPOINT: localhost:1025
# Recommended: require "Authorization: Bearer <token>" on /mcp
# MCP_AUTH_TOKEN: your-secret-token
depends_on:
mailpit:
condition: service_healthyOr standalone against an existing Mailpit:
docker run -d -p 3000:3000 \
-e MAILPIT_URL=http://your-mailpit-host:8025 \
-e MAILPIT_SMTP_ENDPOINT=your-mailpit-host:1025 \
-e MCP_AUTH_TOKEN=your-secret-token \
ghcr.io/cedjey/mailpit-mcp-server:2Connecting clients
Claude Code:
claude mcp add --transport http mailpit http://localhost:3000/mcp \
--header "Authorization: Bearer your-secret-token".mcp.json / Cursor / VS Code:
{
"mcpServers": {
"mailpit": {
"type": "http",
"url": "http://localhost:3000/mcp",
"headers": { "Authorization": "Bearer ${MAILPIT_MCP_TOKEN}" }
}
}
}Claude Desktop (stdio):
{
"mcpServers": {
"mailpit": {
"command": "docker",
"args": ["run", "-i", "--rm",
"-e", "MCP_TRANSPORT=stdio",
"-e", "MAILPIT_URL=http://host.docker.internal:8025",
"-e", "MAILPIT_SMTP_ENDPOINT=localhost:1025",
"ghcr.io/cedjey/mailpit-mcp-server:2"]
}
}
}Or without Docker (Node 20+): clone the repo, npm ci, and use "command": "node", "args": ["/path/to/server.js"] with MCP_TRANSPORT=stdio.
Built-in agent context
The server ships the context an AI agent needs — no extra prompting required by consumers:
Server instructions (delivered via the MCP initialize handshake): what the mailbox is, the standard workflows (inspect, e2e wait-then-verify, template QA, attachments), search syntax, and warnings — clients inject these into the model's context automatically.
Tool annotations: the read-only tools carry
readOnlyHint; the side-effecting ones (send_message,send_smtp_message,set_read_status,check_links,delete_messages) do not — so clients can auto-approve reads and gate writes.check_linksis deliberately not read-only (it performs real GETs and can trigger one-click links);delete_messagesadditionally carriesdestructiveHint.MCP prompts:
verify_email(wait for a message matching a query, then verify structure, links and client compatibility against an optional checklist) andinspect_mailbox(summarize mailbox state, flag anomalies). Claude Code exposes these as slash commands.
Claude Code plugin
The easiest way to use this from Claude Code — one install, prompted for your endpoint and token, no manual MCP or skill setup:
/plugin marketplace add CeDJeY/mailpit-mcp-server
/plugin install mailpit@cedjeyOn enable, Claude Code asks for:
Mailpit MCP endpoint URL — e.g.
http://your-host:3000/mcpBearer token — the server's
MCP_AUTH_TOKEN(leave empty if auth is disabled)
The plugin bundles the MCP connection plus two skills:
verify-email— the verification workflow: wait for the email, inspect structure, extract links safely, check HTML compatibility, report a PASS/FAIL verdict.route-mail-to-mailpit— the prerequisite the verification depends on: configure the application under test to send SMTP to Mailpit, prove it with a canary email, and flag configurations that could leak test mail to real SMTP providers.
Plugin source lives in plugin/; non-plugin users can copy the skills into their project's .claude/skills/ manually.
Configuration
Variable | Default | Description |
|
| Base URL of the Mailpit instance |
|
|
|
|
| Port for the HTTP endpoint |
| (empty = auth off) | When set, |
| (none) | Basic-auth credentials if Mailpit's API is protected |
| required | SMTP |
| (empty = any host) | Comma-separated allowlist of |
The HTTP mode also serves GET /healthz (no auth) for container healthchecks.
Security notes
Mailpit captures every email your app sends — treat the MCP endpoint as sensitive. Set MCP_AUTH_TOKEN whenever the port is reachable beyond localhost, and prefer keeping it off the public internet (private network or VPN). delete_messages is destructive; scope access accordingly.
Development
npm ci
MAILPIT_URL=http://localhost:8025 npm start # HTTP mode on :3000
node mcp-test.js # e2e check against a running servermcp-test.js honours MCP_URL and MCP_AUTH_TOKEN.
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/CeDJeY/mailpit-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server