#smtp #mail #email #server #e-mail

app samotop-server

SMTP server with focus on privacy

5 releases (3 stable)

1.1.0 Feb 6, 2021
1.0.1 Aug 24, 2020
1.0.1-snapshot Aug 13, 2020

#10 in Email

MIT/Apache and GPL-3.0-or-later

727 lines

Build Status

samotop-server 1.1.0

You can run your own privacy focussed, resource efficient mail server. Samotop docker image is available for your convenience.



  • Tiny docker image - only contains statically compiled samotop and openssl, no OS clutter.

Common (MDA/MTA/MSA)

  • The server will receive mail and write it to a given maildir folder. Another program can pick the folder and process it further.
  • STARTTLS can be configured if you provide a cert and identity file.

Mail delivery agent (MDA)

  • Encryption at rest
  • Accounts
  • LMTP
  • Sockets

Mail transfer agent (MTA)

  • Mail relaying
  • Antispam features:
    • SPF - refuse mail with failing SPF check
    • Greylisting

Mail submission agent (MSA)

  • Authentication


  • Using cargo:
    cargo install samotop-server
  • Using docker:
    docker pull brightopen/samotop


  • locally, run samotop-server --help for command-line reference.
  • in docker, run docker run --rm -ti samotop

Both should produce a usage information not too different from this:

samotop 1.0.1

    samotop-server [FLAGS] [OPTIONS] --cert-file <cert file path> --identity-file <identity file path>

    -h, --help       Prints help information
        --no-tls     Disable TLS suport
    -V, --version    Prints version information

    -n, --name <SMTP service name>              Use the given name in SMTP greetings, or if absent, use hostname
    -b, --base-dir <base dir path>              What is the base dir for other relative paths? [default: .]
    -c, --cert-file <cert file path>            Use this cert file for TLS. If a relative path is given, it will be
                                                relative to base-dir
    -i, --identity-file <identity file path>    Use this identity file for TLS. If a relative path is given, it will be
                                                relative to base-dir
    -m, --mail-dir <mail dir path>              Where to store incoming mail? If a relative path is given, it will be
                                                relative to base-dir [default: inmail]
    -p, --port <port>...                        SMTP server address:port, such as or localhost:12345. The
                                                option can be set multiple times and the server will start on all given
                                                ports. If no ports are given, the default is to start on localhost:25


You can run these openssl commands in docker as well. This will run an openssl with the current folder mounted under /data and that is also the work dir:

docker run --rm -ti -v "$PWD:/data/" -w "/data/" --entrypoint openssl samotop help

Generate a cert and ID with openssl:

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out Samotop.crt -keyout Samotop.key


openssl s_client -connect localhost:25 -starttls smtp

Debug with STARTTLS:

openssl s_client -connect localhost:25 -debug -starttls smtp

Other useful hints for TLS

For native-tls, you'd convert to pfx:

openssl pkcs12 -export -out Samotop.pfx -inkey Samotop.key -in Samotop.crt

Extracting pub key from cert:

openssl x509 -pubkey -noout -in Samotop.crt  > Samotop.pem


MIT OR Apache-2.0


Unless you explicitly state otherwise, any contribution submitted for inclusion in samotop projects by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.


~441K SLoC