A complete email stack in pure C. Full SMTP MTA, IMAP4rev1 server, TLS via mbedTLS, DKIM signing, mail queuing, and a lightweight CLI client. Zero external dependencies beyond libcurl for the client.
The scorpiox email subsystem provides two complementary binaries: scorpiox-server-email (a full MTA and IMAP server) and scorpiox-email (a CLI client). Together they handle sending, receiving, storing, and reading email — all from pure C with no runtime dependencies.
Full SMTP MTA + IMAP4rev1. Inbound delivery, outbound relay, and mailbox access — all in one binary.
CLI email sender via libcurl. STARTTLS, SSL, plaintext. Queue, flush, HTML body support.
mbedTLS for SMTP STARTTLS and IMAP implicit TLS. No OpenSSL dependency. Certificate-based server authentication.
Automatic DKIM signing on outbound mail. RSA key generation and DNS TXT record output built in.
| Port | Protocol | Component | Security | Description |
|---|---|---|---|---|
| 25 | SMTP | scorpiox-server-email | STARTTLS (optional) | Inbound MTA — receives mail from other servers |
| 587 | SMTP Submission | scorpiox-server-email | STARTTLS (required) | Authenticated submission from local users |
| 993 | IMAPS | scorpiox-server-email | TLS from connect | Mailbox access — IMAP4rev1 over implicit TLS |
| 587 | SMTP | scorpiox-email (client) | STARTTLS / SSL / Plain | Outbound via any relay — libcurl backend |
Source: scorpiox/scorpiox-server-email.c
Source: scorpiox/scorpiox-email.c
# ── Email Server Configuration ── EMAIL_SMTP_PORT=25 # SMTP MTA listen port EMAIL_SUBMISSION_PORT=587 # SMTP submission port (authenticated) EMAIL_IMAP_PORT=993 # IMAP4rev1 port (implicit TLS) EMAIL_DOMAIN=mail.scorpiox.net # Primary mail domain EMAIL_MAILDIR=/var/mail # Maildir root directory EMAIL_TLS_CERT=/etc/ssl/mail.crt # TLS certificate path EMAIL_TLS_KEY=/etc/ssl/mail.key # TLS private key path EMAIL_ACCOUNTS_FILE=/etc/scorpiox/email-accounts.txt # User accounts file
# ── Email Client Configuration ── SMTP_HOST=smtp.scorpiox.net # SMTP relay server SMTP_PORT=587 # SMTP port (587=submission, 465=SMTPS) SMTP_USER=admin@scorpiox.net # SMTP auth username SMTP_PASS=•••••••• # SMTP auth password SMTP_FROM=noreply@scorpiox.net # Default sender address SMTP_TLS=starttls # TLS mode: starttls, ssl, none
scorpiox-email send \
--to user@example.com \
--subject "Deployment complete" \
--body "Build v3.2.1 deployed to production."
scorpiox-email send \
--to team@scorpiox.net \
--subject "Weekly Report" \
--body-file /tmp/report.html \
--html
# Queue emails for later scorpiox-email queue --to a@x.com --subject "Hello" --body "Hi" scorpiox-email queue --to b@x.com --subject "Hello" --body "Hi" # List queued emails scorpiox-email list # Flush (send all queued) scorpiox-email flush # Clear queue scorpiox-email clear
scorpiox-server-email --daemon # Or run in TUI mode for monitoring scorpiox-server-email --tui
# Add a mail account scorpiox-server-email account add user@scorpiox.net # List accounts scorpiox-server-email account list # Remove an account scorpiox-server-email account remove user@scorpiox.net
All TLS operations use mbedTLS — no OpenSSL dependency. SMTP supports STARTTLS upgrade on ports 25 and 587. IMAP uses implicit TLS on port 993. Server and client certificate validation with configurable cert/key paths.
Outbound messages are automatically signed with DKIM. The server generates RSA keys and outputs the DNS TXT record for your domain. This ensures receiving servers can verify message authenticity and improves deliverability.
SMTP submission (port 587) requires authentication via AUTH PLAIN or AUTH LOGIN. Credentials are verified against the accounts file. Only authenticated users can relay mail through the submission port.
Each user's mail is stored in a separate Maildir directory under EMAIL_MAILDIR. One file per message with cur/new/tmp structure. No shared database, no corruption risk from concurrent access.
# MX record — route incoming mail @ IN MX 10 mail.scorpiox.net. # SPF — authorize sending servers @ IN TXT "v=spf1 mx a:mail.scorpiox.net ~all" # DKIM — public key for signature verification sx._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGf..." # DMARC — policy for authentication failures _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@scorpiox.net"