MaiLoL is a free, open-source, self-hosted temporary/disposable email service. It allows anyone to create throwaway email addresses instantly β no registration required β to protect their real inbox from spam, phishing, and unwanted sign-ups.
Inspiration: This project is heavily inspired by mail.tm, an excellent disposable email service. MaiLoL aims to provide a similar experience as a fully self-hosted, open-source alternative that you can deploy on your own infrastructure with your own custom domain.
- π Instant Account Creation β Create a temporary email with a username + password in seconds
- π₯ Real-Time Inbox β Receive emails in real-time via Server-Sent Events (SSE)
- π Attachment Support β View and download email attachments (PDF, images, etc.)
- π JWT Authentication β Stateless, secure token-based authentication
- ποΈ Message Management β Read, view, and delete individual messages
- π₯ Multi-Account Switching β Manage multiple email accounts from a single browser session
- π Unread Indicators β Visual dot badges for accounts/messages with unread emails
- π Dark/Light Theme β Toggle between themes with persistence across sessions
- π One-Click Copy β Click to copy your email address to clipboard
- π¨ Modern UI β Glassmorphism, smooth animations (Framer Motion), responsive design
- π Password Reveal β Blur-masked password display with click-to-reveal
- π Storage Quota β Visual progress bar showing inbox usage
- π³ Fully Dockerized β One-command deployment with
docker compose up - π¨ Built-in MTA β Haraka SMTP server for receiving inbound emails
- β‘ Redis-Powered β All data stored in Redis with automatic TTL expiration
- π Standalone Build β Optimized Next.js standalone output for minimal Docker images
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Internet β
ββββββββββββ¬βββββββββββββββββββββββββββββββββββ¬ββββββββββββββββ
β SMTP (Port 25) β HTTPS (Port 443)
βΌ βΌ
βββββββββββββββββββββββ βββββββββββββββββββββββββββ
β mailol-mta β β Reverse Proxy β
β (Haraka MTA) β β (Nginx / Caddy) β
β β β β
β Receives inbound β β TLS termination β
β emails via SMTP β β β localhost:3000 β
ββββββββββββ¬βββββββββββ βββββββββββββ¬ββββββββββββββ
β β
β Parse & Store β HTTP
βΌ βΌ
βββββββββββββββββββββββ βββββββββββββββββββββββββββ
β mailol-redis βββββββββββββ mailol-app β
β (Redis 7) β β (Next.js 16) β
β β β β
β β’ User accounts β Pub/Sub β β’ REST API β
β β’ Messages (JSON) ββββββββββββΊβ β’ SSE real-time β
β β’ Attachments β β β’ React frontend β
β β’ Inbox indices β β β’ JWT auth β
βββββββββββββββββββββββ βββββββββββββββββββββββββββ
mailol/
βββ src/
β βββ app/
β β βββ api/
β β β βββ accounts/ # POST /api/accounts β Create account
β β β β βββ [id]/ # DELETE /api/accounts/:id β Delete account
β β β βββ token/ # POST /api/token β Login (get JWT)
β β β βββ me/ # GET /api/me β Current user info
β β β βββ messages/ # GET /api/messages β List inbox
β β β β βββ [id]/ # GET/DELETE /api/messages/:id
β β β β βββ attachments/
β β β β βββ [index]/ # GET β Download attachment
β β β βββ domains/ # GET /api/domains β Available domains
β β β βββ events/ # GET /api/events β SSE stream
β β β βββ dev/
β β β βββ mock/ # GET /api/dev/mock β Dev: inject test email
β β βββ globals.css # Tailwind + custom design tokens
β β βββ layout.tsx # Root layout
β β βββ page.tsx # Main page (landing / inbox / viewer)
β β
β βββ components/
β β βββ auth/ # CreateAccountModal, LoginModal, DeleteAccountModal
β β βββ layout/ # AppLayout, Sidebar, TopBar
β β βββ mail/ # EmailList, EmailViewer
β β βββ ui/ # Modal (reusable)
β β
β βββ lib/
β β βββ auth.ts # JWT verification middleware
β β βββ jwt.ts # JWT sign/verify helpers
β β βββ redis.ts # Redis client (ioredis) singleton
β β
β βββ store/
β βββ useMailStore.ts # Zustand global state management
β
βββ haraka_plugin/
β βββ mailol_processor.js # Haraka plugin: parse & store inbound email
β
βββ Dockerfile # Multi-stage Next.js production build
βββ Dockerfile.haraka # Haraka MTA container
βββ docker-compose.yml # Full stack orchestration
βββ .env.example # Environment variable template
βββ .env.production # Production environment template
- Node.js 20+ (for local development)
- Docker & Docker Compose (for deployment)
- A domain with MX record pointing to your server (for receiving real emails)
# 1. Clone the repository
git clone https://github.com/thelolna15/mailol.git
cd mailol/project
# 2. Install dependencies
npm install
# 3. Set up environment
cp .env.example .env
# Edit .env β set your REDIS_URL to a running Redis instance
# 4. Start development server
npm run devOpen http://localhost:3000 to see the app.
Since you likely don't have a local SMTP server during development, use the built-in mock endpoint:
# Inject a test email into any account
curl "http://localhost:3000/api/dev/mock?address=yourname@thelol.me"This will create a fake email with HTML content and a PDF attachment in the specified inbox.
cp .env.production .env
nano .envJWT_SECRET before deploying:
openssl rand -hex 32docker compose up -d --buildThis spins up three containers:
| Container | Port | Description |
|---|---|---|
mailol-app |
3000 | Next.js web app & API |
mailol-redis |
β | Redis data store (internal only) |
mailol-mta |
25 | Haraka SMTP server |
For your domain (e.g., thelol.me), configure these DNS records:
| Type | Name | Value | Priority |
|---|---|---|---|
| A | @ |
YOUR_SERVER_IP |
β |
| A | mail |
YOUR_SERVER_IP |
β |
| MX | @ |
mail.thelol.me |
10 |
Place Nginx or Caddy in front of port 3000 for TLS termination:
Caddy (recommended β automatic HTTPS)
thelol.me {
reverse_proxy localhost:3000
}
Nginx
server {
listen 443 ssl http2;
server_name thelol.me;
ssl_certificate /etc/letsencrypt/live/thelol.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thelol.me/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
}
}# Check all containers are running
docker compose ps
# View logs
docker compose logs -f app
docker compose logs -f mta
# Test SMTP connectivity
telnet YOUR_SERVER_IP 25All endpoints (except /api/accounts POST and /api/token POST) require a Bearer token in the Authorization header.
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/api/accounts |
Create a new account | β |
POST |
/api/token |
Login & get JWT token | β |
curl -X POST http://localhost:3000/api/accounts \
-H "Content-Type: application/json" \
-d '{"address": "myname@thelol.me", "password": "mypassword"}'curl -X POST http://localhost:3000/api/token \
-H "Content-Type: application/json" \
-d '{"address": "myname@thelol.me", "password": "mypassword"}'| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/api/me |
Get current account info | β |
GET |
/api/messages |
List inbox messages | β |
GET |
/api/messages/:id |
Get single message with HTML body | β |
DELETE |
/api/messages/:id |
Delete a message | β |
GET |
/api/messages/:id/attachments/:index |
Download attachment | β |
DELETE |
/api/accounts/:id |
Delete account & all data | β |
GET |
/api/domains |
List available domains | β |
GET |
/api/events?authorization=TOKEN |
SSE real-time stream | β (query) |
| Variable | Required | Default | Description |
|---|---|---|---|
DOMAIN |
β | thelol.me |
Email domain for account creation |
NEXT_PUBLIC_DOMAIN |
β | thelol.me |
Domain shown in the frontend UI |
REDIS_URL |
β | redis://localhost:6379 |
Redis connection string |
JWT_SECRET |
β | β | Secret key for signing JWT tokens |
JWT_EXPIRY |
β | 3600 |
Token expiration time in seconds |
DEFAULT_QUOTA |
β | 41943040 |
Max inbox storage per account (bytes) |
- Always change
JWT_SECRETin production β useopenssl rand -hex 32 - Never expose Redis to the public internet β it runs on an internal Docker network
- Use HTTPS in production β configure a reverse proxy with TLS
- Rate limiting is not yet implemented β consider adding Nginx rate limits
- Email content is sanitized with DOMPurify before rendering
- Passwords are hashed with bcrypt before storage
- Rate limiting middleware
- DKIM / SPF / DMARC configuration guide
- Outbound email support (compose & send)
- Custom domain support (multi-domain)
- Admin dashboard
- Webhook notifications
- S3-compatible attachment storage
- Account expiration policies
- mail.tm β The primary inspiration for this project. MaiLoL's API design, account model, and user experience are heavily influenced by mail.tm's elegant approach to disposable email.
- Haraka β High-performance Node.js SMTP server used as the Mail Transfer Agent.
- Next.js β React framework powering both the frontend and API.
- Redis β In-memory data store for lightning-fast message retrieval.
- Zustand β Lightweight state management for React.
- Framer Motion β Animation library for smooth UI transitions.
- Tailwind CSS β Utility-first CSS framework for the design system.
This project is open-source and available under the MIT License.
Built with β€οΈ as an open-source alternative to commercial disposable email services.