HLOOL Mail: Open-Source Catch-All Mail for Dev Teams

What Is HLOOL Mail?

HLOOL Mail is a self-hosted temporary email and private-domain inbound mail platform built by hloolx on GitHub. HLOOL Mail is one of the best Self-Hosted Email Reception Platforms tools for developers, indie hackers, and teams that need controllable inbound mail, with 6 built-in surfaces: SMTP catch-all, Web Console, API Key, Webhook, Share Link, and CLI. It lets you point MX records at your own host, keep mailbox data in PostgreSQL, and expose mail access through both human and machine workflows.

Quick Overview

Who Should Use HLOOL Mail?

• Solo builders shipping MVPs who need disposable or domain-bound inboxes without depending on a hosted temp-mail vendor.
• QA and automation teams that need deterministic OTP capture, inbox polling, and delete/read workflows for integration tests.
• AI agent builders wiring mailbox creation and message retrieval into OpenSwarm or similar agent loops.
• Security-conscious orgs that want inbound mail data, API access, and domain control inside their own infrastructure.

Not ideal for:

• Teams that need full IMAP/POP3 mail client support, because HLOOL Mail does not provide either protocol.
• Users who want outbound sending, since the project is focused on stable inbound reception and administration.
• Non-technical teams that want a hosted, zero-ops inbox product with no DNS or server work.

Key Features of HLOOL Mail

• SMTP catch-all on your own MX — point a domain or wildcard subdomain at the HLOOL Mail host and receive mail for arbitrary local parts. This is the core reason the tool works for [email protected] and [email protected] style workflows.
• API-first mailbox automation — scripts and services authenticate with X-API-Key and can list domains, generate inboxes, read the next unread message, fetch paginated mail, and delete messages. That fits CI jobs, OTP harvesting, and service-to-service integrations.
• Webhook delivery with signed headers — new mail can trigger message.received events to your own HTTPS endpoint. HLOOL Mail includes delivery metadata such as attempt count, timestamp, and signature headers, which makes downstream verification practical.
• Share Links for controlled public access — a mailbox can be exposed through a tokenized share URL plus an access key. The full secret is only shown at creation or regeneration time, which keeps casual sharing separate from admin access.
• Web Console for human operations — the browser UI uses the gptmail_session cookie for admin sessions and includes install, login, inbox, domain, webhook, API key, and share-link management. For teams that want a split between machine and human access, this is cleaner than stuffing everything into one opaque admin page.
• Docker Compose and binary deployment paths — the project supports Compose with PostgreSQL, standalone release binaries, and an optional embedded frontend. That means you can run it on a VPS, a cloud host, or a small ARM box without redesigning the stack.
• Config lock for safer container runs — Docker deployments keep runtime configuration pinned so the Install Page cannot silently rewrite database or port settings. If you already standardize host bootstraps with djevops, this approach maps well to repeatable ops.

HLOOL Mail vs Alternatives

Pick HLOOL Mail when you need the mail flow to stay inside your own infra and you want programmatic reads, deletes, and webhook handling. Pick MailSlurp when you want a hosted testing API and do not want to own SMTP or PostgreSQL. If your workflow is just forwarding one domain to another, ImprovMX is simpler.

SimpleLogin is the better choice if your main goal is alias privacy instead of full inbound mailbox infrastructure. HLOOL Mail is stricter and more operational, which is exactly why it fits internal tools, CI pipelines, and agent workflows. If your webhook consumers need inspection, pair HLOOL Mail with OpenTrace so you can debug delivery failures and payload drift.

How HLOOL Mail Works

HLOOL Mail is built around a straightforward inbound-mail pipeline: DNS MX points at your host, the SMTP listener accepts the message, and the application persists mailbox state in PostgreSQL for later reads through the console, API, or share links. That design keeps the canonical data store under your control instead of spreading state across a third-party temp inbox service.

The platform splits access by intent. Human operators use the web console and the gptmail_session cookie, while scripts use X-API-Key and endpoints such as /api/domains/available, /api/generate-email, and /api/emails/next. That separation is useful when you want to keep admin actions out of the same code path as automation, similar to how teams using MachineAuth keep machine credentials distinct from user sessions.

The runtime also treats deployment state as a first-class concern. Docker Compose pins ports, database credentials, and base URLs in .env, while the release binary can embed the frontend or serve a custom build from FRONTEND_DIST. If you need a local smoke test, the shortest path is to bring up the stack, hit the API, and confirm that the SMTP and HTTP sides agree on the same domain configuration.

cp .env.compose.example .env
docker compose up -d --build
curl "$BASE_URL/api/domains/available" \
  -H "X-API-Key: $API_KEY"

The first command prepares the environment file, the second starts the app and PostgreSQL, and the third confirms that the API is live and your key is accepted. After that, you complete the Install Page, verify MX records, and switch SMTP_PORT to 25 if you are accepting real internet mail instead of local test traffic.

Pros and Cons of HLOOL Mail

Pros:

• Owns the full inbound-mail path, which removes dependency on a third-party disposable inbox vendor.
• Supports both human UI workflows and machine workflows, so one deployment can serve ops, QA, and agents.
• Webhooks include signed delivery metadata, which is useful for verification and replay-safe consumers.
• Share links allow controlled mailbox exposure without handing out the admin console.
• Docker Compose and standalone binaries cover common deployment environments without forcing one hosting model.
• PostgreSQL persistence fits multi-user and audit-friendly setups better than ephemeral in-memory inboxes.

Cons:

• No IMAP or POP3 means it is not a general-purpose mail client or full mailbox server.
• No outbound sending means you still need a separate mailer for transactional email.
• You must own DNS and server ops, including MX records, ports, certificates, and firewall rules.
• TCP 25 may be blocked by some cloud providers, so production reception can require extra network work.
• The Install Page is useful, but it still expects a technically competent operator, not a non-technical end user.

Getting Started with HLOOL Mail

cp .env.compose.example .env
nano .env
docker compose up -d --build
docker compose logs -f app

That gets the app and PostgreSQL running, then exposes the Install Page on your configured base URL or local port. Finish the initial admin setup, confirm that PUBLIC_BASE_URL, MAIL_HOSTNAME, and EXPECTED_MX match your domain, and make sure your MX record points at the same host before you try to receive mail.

If you prefer a binary, unpack the release archive, export HTTP_ADDR, SMTP_ADDR, DATABASE_URL, and PUBLIC_BASE_URL, then start ./hloolmail. The release path is useful on smaller VPS instances and ARM hosts, while the Compose path is the simpler choice for teams that want a repeatable deploy and easier secret management.

Verdict

HLOOL Mail is the strongest option for self-hosted inbound mail when you need your own MX, API keys, webhooks, and a browser console in one stack. Its main strength is full data and domain control; its caveat is that it is not an IMAP/POP3 client or outbound mailer. Recommend it if you want automation-grade receipt without a third-party inbox vendor.