Mail-MCP
Provides secure access to a mailbox.org mailbox, enabling reading, organizing, sending, and deleting emails via IMAP/SMTP.
Provides secure access to a Zoho mailbox, enabling reading, organizing, sending, and deleting emails via IMAP/SMTP.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Mail-MCPshow me my last 3 emails from the inbox"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Mail-MCP
Secure access to your mailbox from any MCP-compatible client.
Mail-MCP connects to a single mailbox using standard IMAP and SMTP settings. It is provider-agnostic: use it with any provider that offers IMAP and SMTP access with a username/password or app password. Hostpoint, Fastmail, mailbox.org, Zoho, many custom domains, and similar providers are typical fits.
Mail-MCP is designed to run locally. To use it in ChatGPT without exposing it publicly, connect it through OpenAI Secure MCP Tunnel.
This project doesnot support providers that require provider-specific OAuth for IMAP/SMTP unless they also offer a compatible password or app-password login. Check your provider's IMAP/SMTP documentation first.
What it does
Read mail safely: list folders, search messages, and read bounded, sanitized content.
Organize mail: mark messages, move them, and create mailboxes or drafts.
Send and delete deliberately: sending and trashing require a reviewed preview plus a short-lived, single-use confirmation token.
Protect the server: local mode binds to loopback only; production mode uses OAuth/OIDC, scoped access, Redis-backed replay protection, rate limiting, and audit logging.
Treat email as untrusted input: HTML is converted to text, attachments are metadata only, and message content can never authorize an action.
delete always moves a message to the IMAP provider's Trash folder. Permanent deletion and EXPUNGE are intentionally not implemented.
Related MCP server: Email MCP Server
Quick start
Requirements: Node.js 20.9+ and a mailbox with IMAP + SMTP credentials.
git clone https://github.com/YOUR-USERNAME/Mail-MCP.git
cd Mail-MCP
npm install
cp .env.example .env.localOpen .env.local and enter the values supplied by your mail provider:
MAIL_ADDRESS=you@example.com
MAIL_PASSWORD=your-app-password
IMAP_HOST=imap.your-provider.com
IMAP_PORT=993
IMAP_SECURE=true
SMTP_HOST=smtp.your-provider.com
SMTP_PORT=465
SMTP_SECURE=trueThen start Mail-MCP:
npm run devLocal endpoints:
Endpoint | URL |
Status |
|
Health |
|
MCP (Streamable HTTP) |
|
Mail-provider settings
Mail-MCP uses the following variables, so it is not tied to a particular provider:
Variable | Purpose |
| Mail login; use an app password if the provider requires one. |
| Incoming-mail server. Port |
| Outgoing-mail server. Port |
For providers using STARTTLS, set *_SECURE=false and use the provider's STARTTLS port (often 587 for SMTP). Mail-MCP still requires TLS and certificate validation; it never accepts insecure plain-text connections.
.env.example documents every supported variable. It is safe to commit; .env.local is ignored by Git and must never be shared.
Optional: Hostpoint example
IMAP_HOST=imap.mail.hostpoint.ch
IMAP_PORT=993
IMAP_SECURE=true
SMTP_HOST=asmtp.mail.hostpoint.ch
SMTP_PORT=465
SMTP_SECURE=trueConnect an MCP client
Run the MCP Inspector:
npx @modelcontextprotocol/inspector@latestChoose Streamable HTTP, set the URL to http://127.0.0.1:3000/api/mcp, then try:
health_checkwith{ "checkImap": true }list_mailboxessearch_emailswith{ "mailbox": "INBOX", "limit": 5 }read_emailswith a returned UID
Available tools
Category | Tools |
Read-only |
|
Mailbox changes |
|
Confirmed actions |
|
Write actions are disabled by default. To enable them locally, generate a secret and set the relevant values in .env.local:
openssl rand -base64 48WRITE_ACTIONS_ENABLED=true
CONFIRMATION_SIGNING_SECRET=paste-the-generated-secret-here
CONFIRMATION_TTL_SECONDS=300Never commit, log, screenshot, or pass that secret in a visible command-line argument.
Security model
Local use is restricted to
127.0.0.1(or another loopback address).Production requires OAuth/OIDC, explicit scopes, HTTPS, and Redis for atomic confirmation tokens and global rate limits.
Send and Trash actions are previewed first and bound to a short-lived, one-time token.
IMAP/SMTP always use TLS with certificate verification.
Raw mail bodies, addresses, credentials, tokens, and complete message IDs are excluded from logs and audits.
Attachments are never downloaded or opened; HTML is sanitized to text.
Read SECURITY.md before exposing the server beyond your own machine. The production checklist is in docs/production-checklist.md.
Development
npm run typecheck
npm run lint
npm test
npm run buildRun everything locally:
npm run verifyAn optional IMAP connectivity test is disabled by default and never loads email bodies or sends email:
npm run test:integrationThe GitHub Actions workflow runs type checks, linting, tests, and a production build for pushes and pull requests to main.
Use Mail-MCP in ChatGPT with OpenAI Secure MCP Tunnel
Secure MCP Tunnel keeps Mail-MCP on your machine or private network. The tunnel-client makes an outbound HTTPS connection to OpenAI; no public domain, inbound port, or cloud deployment is required.
1. Start Mail-MCP locally
npm run devThe local HTTP MCP endpoint is http://127.0.0.1:3000/api/mcp.
2. Configure the OpenAI tunnel client
Create or select a tunnel in Platform tunnel settings, download the current tunnel-client, then use the tunnel ID and runtime API key supplied by OpenAI. Keep the API key in your shell or secret manager — never in Git.
export CONTROL_PLANE_API_KEY="sk-..."
export CONTROL_PLANE_TUNNEL_ID="tunnel_..."
tunnel-client doctor \
--control-plane.tunnel-id "$CONTROL_PLANE_TUNNEL_ID" \
--mcp.server-url http://127.0.0.1:3000/api/mcp \
--explain
tunnel-client run \
--control-plane.tunnel-id "$CONTROL_PLANE_TUNNEL_ID" \
--mcp.server-url http://127.0.0.1:3000/api/mcpKeep tunnel-client run running while using Mail-MCP. Its loopback-only admin UI shows the client health and tunnel connection status.
3. Add the tunnel in ChatGPT
In ChatGPT, open Settings → Plugins, use the plus button to create a developer-mode app, choose Tunnel as the connection type, then select your tunnel or paste its tunnel_id. Scan the tools and create the app.
The tunnel must be associated with the target ChatGPT workspace. If it is not listed, check the workspace association and ensure the app creator has Tunnels Read + Use permission.
Start script
After installing tunnel-client, Mail-MCP includes a start script that loads .env.local, starts the server, waits for /api/health, then starts the tunnel.
Add the two tunnel values at the end of .env.local:
CONTROL_PLANE_API_KEY=your-openai-runtime-api-key
CONTROL_PLANE_TUNNEL_ID=tunnel_your_tunnel_idThen start everything with:
npm run start:tunnelSet ENV_FILE=/path/to/your.env before the command if your environment file is not .env.local. Stop both processes with Ctrl+C.
Raspberry Pi autostart
Mail-MCP supports Raspberry Pi OS systems that use systemd. Install Node.js 20.9+ and the ARM-compatible OpenAI tunnel-client, then run this once from the project root:
npm run autostart:setupIt asks for sudo only to install and enable mail-mcp.service. The service runs as your normal Pi user, waits for the network, loads the existing .env.local, and restarts automatically if Mail-MCP or the tunnel exits.
# Check configured / enabled / active status
npm run autostart:detect
# Stop and remove the systemd service
npm run autostart:removeIf Node.js, npm, or tunnel-client live outside the standard system path on the Pi, set NODE_BIN, NPM_BIN, or TUNNEL_CLIENT_BIN in .env.local as shown in .env.example.
For a direct remote deployment, use any platform you trust. Configure HTTPS, OAuth/OIDC, a strict user allowlist, and a durable Redis store; never expose AUTH_MODE=local to the public internet.
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rafaelreverberi/Mail-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server