Rust MCP server for Sulkta email (SMTP send + IMAP read). Replaces scripts/kayos_mail.py.

Find a file

Kayos 5e1c63eeaa final-approval audit fixes: HIGH-1/2/3 Three findings from the post-cleanup approval audit, all blockers before the rename to a real codename: HIGH-1: ReadOutput.headers map kept LAST occurrence of duplicate headers, not FIRST. Comment said 'keep the first occurrence' but the code used Message::header_raw(name) which internally does .iter().rev().find(...) — returns the last one. For load-bearing headers like References this is usually singular so the bug was latent, but an attacker who could inject a second References: line would have gotten to override the first one used by mail_reply for threading. Switched to parsed.headers_raw() which iterates in arrival order — first-occurrence guaranteed. HIGH-2: tokio-rustls default features pulled aws-lc-rs + aws-lc-sys into the dep tree even though we explicitly went ring-only on rustls. The default feature chain on tokio-rustls v0.26 enables 'aws_lc_rs' via rustls. Pinned tokio-rustls to default-features=false and the matching small feature set: logging, tls12, ring. Verified via `cargo tree` — no aws-lc-* in the build, single ring v0.17.14 shared between rustls + tokio-rustls. ~9s shorter cmake step in cold builds, smaller binary, no C-FFI crypto surface area. HIGH-3: IntoMcpError trait was introduced in the cleanup pass but applied at only 2 of 10 tools — the other 8 still used the manual .map_err(\|e\| format!('{e:#}'))? + serde_json::to_string chain. Maintenance trap. Applied to_mcp() at all 8 sites (mail_inbox_list, mail_folder_list, mail_search, mail_thread, mail_attachment_get, mail_inbox_read; mail_move and mail_mark stay with literal {"ok":true} returns — no value to serialize). Tool methods are now uniformly: imap_mod::xxx(...).await.to_mcp() or for the few that need pre-arg work, three lines instead of seven. Wire smoke verified — read on uid 34 returns the same 13 headers shape, no empties, all canonical fields populated. cargo test 31/31. Repo chain: `2240bf7` -> `4251f51` -> `f4b3199` -> `6432a1f` -> `54a1a6b` -> `6fb63b0` -> `f7e698b` -> `b681953` -> `7c8e246` -> this.		2026-05-21 09:22:39 -07:00
crates/mail-mcp	final-approval audit fixes: HIGH-1/2/3	2026-05-21 09:22:39 -07:00
.gitignore	mail-mcp v0.1 — Rust MCP server for Sulkta email	2026-05-21 06:50:25 -07:00
Cargo.lock	final-approval audit fixes: HIGH-1/2/3	2026-05-21 09:22:39 -07:00
Cargo.toml	final-approval audit fixes: HIGH-1/2/3	2026-05-21 09:22:39 -07:00
config.example.toml	mail-mcp v0.1 — Rust MCP server for Sulkta email	2026-05-21 06:50:25 -07:00
README.md	mail-mcp v0.1 — Rust MCP server for Sulkta email	2026-05-21 06:50:25 -07:00

README.md

mail-mcp

Rust MCP server for Sulkta-hosted email. SMTP send + IMAP read with RFC-correct headers, multipart/alternative when HTML is included, multipart/mixed for attachments, threading via In-Reply-To/References.

Replaces the scripts/kayos_mail.py CLI path that lived in kayos/openclaw-workspace since 2026-04-23.

Why a server, not a CLI

kayos_mail.py shipped without Date or Message-ID headers until a 2026-05-18 patch — exactly the kind of header-discipline regression a typed Rust server prevents at compile time. The "no spam bin" framing is mostly upstream of any client (Rackham postfix + rspamd DKIM-sign at the relay; mail-tester scored 10/10 and port25 SpamAssassin −7.31 on 2026-05-20), but a correct client doesn't trip filters with bad MIME structure, broken threading, or missing headers.

Tools (v0.1)

mail_send — send mail. Args: account?, to, cc[]?, bcc[]?, subject, body, body_html?, attachments[]?, in_reply_to?, references[]?. Returns {message_id, sent_at}.
mail_inbox_list — list folder messages newest-first. Args: account?, since? (YYYY-MM-DD), unread_only?, limit? (default 50, max 500), folder? (default INBOX). Uses BODY.PEEK so it does not toggle \Seen.
mail_inbox_read — fetch one message by UID. Args: account?, uid, folder?, format? (text|html|raw_eml). Attachment payloads are not inlined — only filename/mime_type/size metadata.

Headers we guarantee on outbound

Date — UTC, RFC 5322 (lettre auto)
Message-ID — <UUIDv4@<from_addr_domain>> — own-domain, never the container hostname
From — name <addr>
MIME-Version: 1.0
User-Agent: mail-mcp/<version>
In-Reply-To + References when threading args present
Content-Type correct for the body shape (text-only / alternative / mixed)

DKIM-Signature is applied by the relay (rspamd on Rackham), not the client.

Build

cargo build --release

Binary lands at target/release/mail-mcp.

Config

mkdir -p ~/.config/mail-mcp
cp config.example.toml ~/.config/mail-mcp/config.toml
chmod 600 ~/.config/mail-mcp/config.toml

Edit accounts as needed. Passwords are NEVER inline:

Looked up from the env var named in password_env
Falling back to password_file (shell-format: KEY=VALUE per line)
Hard-failing with a vault-pointer hint if neither resolves

Vault canonical: bw.sulkta.com → kayos@sulkta.com — IMAP/SMTP.

MCP wiring (Claude Code / kayos-house)

{
  "mcpServers": {
    "mail-mcp": {
      "command": "/usr/local/bin/mail-mcp",
      "args": []
    }
  }
}

Logging is stderr-only — stdout is the JSON-RPC transport.

Future phases

Phase B (~200 LOC): multi-account routing across all configured [accounts.*], plus mail_thread and mail_search.
Phase C (~150 LOC): mail_mark (read/unread/flag/trash/archive), mail_attachment_get, mail_reply helper.

Full locked spec: kayos/openclaw-workspace → memory/spec-mail-mcp.md.

README.md Unescape Escape