mcp-email-server

Name: mcp-email-server
Author: ai-zerolab

Verified Safe

by ai-zerolab

View Source

Overview

This server allows MCP clients to interact with email accounts via IMAP and SMTP protocols, enabling functionalities like listing, fetching, sending, and deleting emails.

Installation

Run Command

uv run mcp-email-server@latest stdio

Environment Variables

MCP_EMAIL_SERVER_ACCOUNT_NAME
MCP_EMAIL_SERVER_FULL_NAME
MCP_EMAIL_SERVER_EMAIL_ADDRESS
MCP_EMAIL_SERVER_USER_NAME
MCP_EMAIL_SERVER_PASSWORD
MCP_EMAIL_SERVER_IMAP_HOST
MCP_EMAIL_SERVER_IMAP_PORT
MCP_EMAIL_SERVER_IMAP_SSL
MCP_EMAIL_SERVER_SMTP_HOST
MCP_EMAIL_SERVER_SMTP_PORT
MCP_EMAIL_SERVER_SMTP_SSL
MCP_EMAIL_SERVER_SMTP_START_SSL
MCP_EMAIL_SERVER_SMTP_VERIFY_SSL
MCP_EMAIL_SERVER_ENABLE_ATTACHMENT_DOWNLOAD
MCP_EMAIL_SERVER_SAVE_TO_SENT
MCP_EMAIL_SERVER_SENT_FOLDER_NAME
MCP_EMAIL_SERVER_IMAP_USER_NAME
MCP_EMAIL_SERVER_IMAP_PASSWORD
MCP_EMAIL_SERVER_SMTP_USER_NAME
MCP_EMAIL_SERVER_SMTP_PASSWORD
MCP_EMAIL_SERVER_CONFIG_PATH
MCP_EMAIL_SERVER_LOG_LEVEL

Security Notes

The server relies on user-provided IMAP/SMTP credentials. The `download_attachment` tool allows saving attachments to a user-specified path, which could lead to arbitrary file writes if running with elevated privileges and combined with a malicious client providing an unsanitized path. However, this feature is explicitly disabled by default and requires user opt-in. File attachments for outgoing emails are validated to ensure they are actual files and exist. A Codecov token is hardcoded in `codecov.yaml`, which is a minor repository-level information leak but does not directly impact the runtime security of the server itself.