Your mailbox.
No spam.
PostfixMe is a native iOS app and supporting API layer that puts your email aliases and password control in your pocket. Highly secure. No snooping. Your server. Your data. Full stop.
Narrow purpose by design. This app only works if you use your own Postfix-based mail server with PostfixAdmin and the PostfixMe API extension. If that's not you, then this app won't be useful to you. If your mail administrator sent you here, then welcome; you're in the right place!
Deliberately,
narrowly useful.
PostfixMe is not a general-purpose email client. It does not send or receive messages. If you're already using PostfixAdmin to administer your own mail domain and you're tired of opening a browser every time you need to manage a forwarding alias or change a password (for you or one of your users), then PostfixMe is exactly what you need.
- You run a Postfix-based mail server that you administer yourself (or someone administers for you)
- You use PostfixAdmin to manage mailboxes and aliases
- You want to manage those aliases from an iPhone or iPad
- You care about privacy and don't want any snooping third-party telemetry
Right for this app
Personal family mail server, small business with self-hosted email, privacy-conscious self-hosters who use aliases as disposable addresses, sysadmins who already operate PostfixAdmin.
Not for this app
Gmail, Outlook, iCloud, or any hosted email service. This app cannot create accounts, manage DNS, or send/receive messages. It has no value without a PostfixMe API endpoint you control or have access to.
Everything you need.
Nothing you don't.
PostfixMe is a focused, native iOS application. Every feature exists because a real mail server administrator -- this app's author -- actually needed it.
Full Alias Management
Create, edit, enable, disable, and delete email aliases on your server directly from your iPhone or iPad. View all aliases for your mailbox in a clean, searchable list.
Password Management
Change your mailbox password directly from the app. Server-enforced passowrd policy is managed only by your mail server administrator.
Quick Search
Sticky search bar filters aliases as you type. Always visible, find the right alias in seconds.
Keychain Storage
Server URL and JWT tokens are stored exclusively in the iOS Keychain, the same secure enclave used by banking apps and password managers. Never in UserDefaults. Never in plaintext.
15 Themes
Light, Dark, System, Amber 🍂, Beach 🏖️, Crimson 🌹, Forest 🌲, Lavender 💜, Midnight 🌙, Mint 🌿, Ocean 🌊, Pro, Sakura 🌸, Space 🪐, and Viest 🦂. Each theme is fully accessible and supports Dynamic Type.
Accessibility-First
Full Dynamic Type support across all text sizes. VoiceOver-compatible throughout. Passes WCAG AA contrast ratios in all 15 themes. Respects system Reduce Motion settings.
JWT Authentication
Log in with your PostfixAdmin (mailbox) credentials. Access tokens expire in quickly; secure refresh tokens last longer and live only on your server. No credentials are ever cached or transmitted in plaintext.
Flexible Server Config
Point the app at any PostfixMe API endpoint such as your home lab, a VPS, or inside a corporate VPN. No app update required when you change servers. HTTPS required in production.
Zero Telemetry
No analytics. No crash reporters phoning home. No ad SDKs. No third-party frameworks. The app talks to exactly one server: the one you configure. That's the entire network footprint.
Aliases are your
best anti-spam tool.
Spam filters let spam reach you, then react to it. Aliases prevent delivery entirely. Here's the three-step playbook:
[email protected] → [email protected]
[email protected]? That vendor sold or leaked your address. No guessing. No circumstantial evidence. Irrefutable.- Spam still arrives; it's just sorted to another folder
- Legitimate mail gets caught in the crossfire
- No insight into who is sharing or selling your address
- Spammer keeps sending; you keep filtering
- Reactive: always cleaning up after the fact
- See spam? Kill the compromised alias. No more spam.
- One tap permanently silences all mail to the compromised alias
- Know exactly which contact leaked your address
- Proactive: prevent delivery, don't just sort it
- Real mail flows to your inbox untouched
One alias per contact
Create a dedicated alias for each service, shop, or person. Your real address stays completely hidden from the wider Internet.
Pinpoint the leak
Spam lands in [email protected]? You know exactly which vendor sold or leaked your address. No guessing, no circumstantial evidence.
Kill it in seconds
Disable or delete the compromised alias from your phone the moment spam appears. The sender is silenced immediately everywhere, with one tap.
Primary address stays clean
Your real mailbox address never appears anywhere on the public Internet provided you never share it with anyone, ever. It's your permanent backstage pass. Never expose it, never need to change it, never lose it to a vendor data breach.
Many recipients, one alias
Each alias can forward to multiple inboxes on the same domain which is handy for shared department addresses, household aliases, or small team routing. Adjust recipients at any time.
Your infrastructure, your data
Throwaway addressing at scale with none of the third-party services, subscriptions, or privacy trade-offs. Your aliases live on your server and nowhere else.
Security that holds up
under scrutiny.
PostfixMe is built by a systems administrator for systems administrators with open source code you can review yourself. Every security decision has a rationale you can audit.
RS256 (2048-bit RSA, asymmetric)
Private key signs; public key verifies. Protect your private key, share your public key. Keys are generated by you and stored as Docker secrets. Rotate your keys at any time.
X-Forwarded-Proto). CIDR-based proxy validation prevents header spoofing.
whenUnlockedThisDeviceOnly protection. No iCloud sync. No plaintext fallback.
We collect nothing,
because we receive nothing.
PostfixMe has no backend, no cloud service, no analytics endpoint, and no developer server that your app ever contacts. Privacy isn't a setting you enable; it's the entire architecture.
No analytics
No Mixpanel, Amplitude, Firebase, or any other analytics service. Usage data is yours alone.
No location
The app never requests location permissions. There is no use case for your GPS coordinates.
No contacts
Your address book is never accessed. The app only sees email aliases you explicitly manage.
No device IDs
No IDFA, IDFV, or device fingerprinting. Your device is anonymous even to the app itself.
What is stored on-device: your server URL, your JWT tokens (Keychain), and your theme + biometric preference (UserDefaults). Nothing else. None of it ever leaves your device to us.
Read the full Privacy Policy →The API you deploy.
The source you can read.
PostfixMe doesn't require you to trust a closed-source backend. The entire server component is open source under GPL-2.0-or-later, with no obfuscation and no telemetry hooks to remove.
It's a clean PHP 8.1+ REST API that adds a layered authentication and alias-management endpoint on top of your existing PostfixAdmin database without modifying any PostfixAdmin tables or source code.
# Clone with submodules git clone --recursive \ https://github.com/wwkimball/postfixadmin-postfixme-api.git # Generate sample secrets cd postfixadmin-postfixme-api ./docker/scripts/generate-sample-secrets.sh # Start the development stack ./build.sh --start # Test authentication curl -s -X POST \ http://localhost:8080/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"username":"[email protected]", "password":"testpass123"}' | jq # Response { "access_token": "eyJ...", "refresh_token": "abc123", "token_type": "Bearer", "expires_in": 900 }
Clean, versioned endpoints.
All endpoints return structured JSON. Auth errors include code, message, and details fields.
Three components.
All under your control.
PostfixMe has no cloud subscription, no vendor lock-in. If you already run a self-hosted mail server, you already have the hard part out of the way.
You are strongly encouraged to run PostfixAdmin and PostfixMe API in a Docker Compose stack to isolate them from your main mail server and vastly simplify deployment and updates. An example for doing this is provided with the PostfixMe API source.
An iPhone or iPad
The PostfixMe app runs on any Apple device meeting the system requirements.
- iOS 18.0 or later
- Any iPhone or iPad
- Available on the App Store
A Postfix Mail Server
Your own Postfix-based mail server, already running and serving real email.
- Postfix MTA (any recent version)
- PostfixAdmin installed and configured
- MySQL/MariaDB, PostgreSQL, or SQLite (for PostfixAdmin and PostfixMe API)
- A reverse proxy with TLS (Apache, nginx, Caddy, Traefik, etc.)
The PostfixMe API
The open source PHP extension that adds the mobile API layer to your existing PostfixAdmin database.
- PHP 8.1+ with PDO and OpenSSL
- Docker Compose quickstart included
- RSA key pair you generate yourself
- Reachable by HTTPS from your iPhone
- Source: GitHub ↗
Your peace of mind is waiting.
Deploy the API (or have your mail administrator do so), install the app, and manage your aliases and mailbox password from anywhere.
Free and open source.
No subscription. No vendor lock-in. No server you don't control. No mysterious third-party services. Just you,
your private mail server, and your phone.