fuckmail is now structured as a full mail platform rather than a receive-only prototype.
cmd/server/main.gois a thin entrypoint.internal/appowns startup, graceful shutdown, TLS fallback certificate creation, SMTP receive, SMTP Submission, IMAP, Web/API, and the outbound worker.- Startup no longer kills ports or installs external tools.
- Hosted domains are stored in
domains. - Unknown recipient addresses are accepted when the hosted domain is enabled and configured as catch-all.
- Unknown recipients create virtual
mailboxes; admins can assign them to a user, convert them into a login account, or block them. aliasescan map one incoming address to another mailbox address.- Incoming messages are saved with raw RFC822 data, parsed bodies, attachments, and recipient mailbox links in one transaction.
- Web/API access is admin-only.
- IMAP and SMTP Submission authenticate normal users through the shared
authservice. - New passwords are bcrypt hashed; legacy plaintext passwords still verify.
- IMAP lists only mail owned by the authenticated user unless the account is an admin.
- Web/API compose and SMTP Submission enqueue messages in
outbound_messages. - The outbound worker signs with DKIM when configured, resolves MX records, sends through SMTP, and records sent/retry/failed state with backoff.
The stable API path is /api/v1; /api remains as a compatibility alias.
- Health/statistics
- Mailboxes and mailbox email inspection
- Users
- Domains
- Aliases
- Outbound queue
- Certificates
- Audit logs
- Bounces
API errors are normalized to JSON.
The embedded no-build UI is split into:
web/static/index.htmlweb/static/styles.cssweb/static/app.js
It provides overview, webmail, mailbox management, users, domains, aliases, outbound queue, SSL, and audit screens.