2026-03-08 06:08:09 +00:00
# GoWebMail
2026-03-07 06:20:39 +00:00
2026-03-15 19:33:51 +00:00
A self-hosted, encrypted web email client written entirely in Go. Supports Gmail and Outlook via OAuth2, plus any standard IMAP/SMTP provider.
2026-03-07 06:20:39 +00:00
2026-03-15 19:33:51 +00:00
# Notes:
- work still in progress ( gmail and hotmail email not tested yet, just prepared the app for it)
- AI is involved in making this work, as I do not have the skill and time to do it on my own
- looking for any advice and suggestions to improve it!
2026-03-07 06:30:14 +00:00
2026-03-07 06:20:39 +00:00
## Features
- **Unified inbox** — view emails from all connected accounts in one stream
2026-03-15 19:33:51 +00:00
- **Gmail & Outlook OAuth2** — modern, token-based auth (no storing raw passwords for these providers)
- **IMAP/SMTP** — connect any provider (ProtonMail Bridge, Fastmail, iCloud, etc.)
- **AES-256-GCM encryption** — all email content encrypted at rest in SQLite
2026-03-08 06:08:09 +00:00
- **bcrypt password hashing** — GoWebMail account passwords hashed with cost=12
2026-03-15 19:33:51 +00:00
- **Send / Reply / Forward** — full compose workflow
- **Folder navigation** — per-account folder/label browsing
- **Full-text search** — across all accounts locally
- **Dark-themed web UI** — clean, keyboard-shortcut-friendly interface
<img width="1213" height="848" alt="image" src="https://github.com/user-attachments/assets/955eda04-e358-4779-80e7-0a9b299ac110" />
<img width="1261" height="921" alt="image" src="https://github.com/user-attachments/assets/40ee58e8-6c4b-45c3-974d-98cc8ccc45a5" />
<img width="1153" height="907" alt="image" src="https://github.com/user-attachments/assets/ebc92335-f6b7-46ed-b9a2-84512f70e1b2" />
<img width="551" height="669" alt="image" src="https://github.com/user-attachments/assets/412585c0-434a-4177-ab04-7db69da9d08a" />
2026-03-07 17:18:42 +00:00
2026-03-07 06:20:39 +00:00
## Quick Start
2026-03-07 17:24:27 +00:00
### Option 1: Build executable
2026-03-07 06:20:39 +00:00
```bash
2026-03-15 19:33:51 +00:00
# 1. Clone / copy the project
2026-03-07 17:24:27 +00:00
git clone https://github.com/ghostersk/gowebmail && cd gowebmail
go build -o gowebmail ./cmd/server
2026-03-15 19:33:51 +00:00
# if you want smaller exe ( strip down debuginformation):
2026-03-08 06:51:04 +00:00
go build -ldflags="-s -w" -o gowebmail ./cmd/server
2026-03-07 17:24:27 +00:00
./gowebmail
2026-03-07 06:20:39 +00:00
```
2026-03-15 19:33:51 +00:00
Visit http://localhost:8080, default login admin/admin, register an account, then connect your email.
2026-03-07 06:20:39 +00:00
### Option 2: Run directly
```bash
2026-03-07 17:24:27 +00:00
git clone https://github.com/ghostersk/gowebmail && cd gowebmail
go run ./cmd/server/main.go
2026-03-15 19:33:51 +00:00
# check ./data/gowebmail.conf what gets generated on first run if not exists, update as needed.
# then restart the app
2026-03-07 06:20:39 +00:00
```
2026-03-15 19:33:51 +00:00
### Reset Admin password, MFA
2026-03-07 06:20:39 +00:00
2026-03-07 20:36:53 +00:00
```bash
2026-03-15 19:33:51 +00:00
# List all admins with MFA status
2026-03-07 20:36:53 +00:00
./gowebmail --list-admin
# USERNAME EMAIL MFA
# -------- ----- ---
# admin admin@example.com ON
2026-03-15 19:33:51 +00:00
# Reset an admin's password (min 8 chars)
2026-03-07 20:36:53 +00:00
./gowebmail --pw admin "NewSecurePass123"
2026-03-15 19:33:51 +00:00
# Disable MFA so a locked-out admin can log in again
2026-03-07 20:36:53 +00:00
./gowebmail --mfa-off admin
```
2026-03-07 06:20:39 +00:00
## Setting up OAuth2
### Gmail
1. Go to [Google Cloud Console ](https://console.cloud.google.com/ ) → New project
2. Enable **Gmail API **
2026-03-15 19:33:51 +00:00
3. Create **OAuth 2.0 Client ID ** (Web application)
4. Add Authorized redirect URI: `http://localhost:8080/auth/gmail/callback`
5. Set env vars: `GOOGLE_CLIENT_ID` , `GOOGLE_CLIENT_SECRET`
> **Important:** In the Google Cloud Console, add the scope `https://mail.google.com/` to allow IMAP access. You'll also need to add test users while in "Testing" mode.
2026-03-07 06:20:39 +00:00
### Outlook / Microsoft 365
1. Go to [Azure portal ](https://portal.azure.com/ ) → App registrations → New registration
2026-03-15 19:33:51 +00:00
2. Set redirect URI: `http://localhost:8080/auth/outlook/callback`
3. Under API permissions, add:
2026-03-07 06:20:39 +00:00
- `https://outlook.office.com/IMAP.AccessAsUser.All`
- `https://outlook.office.com/SMTP.Send`
- `offline_access` , `openid` , `profile` , `email`
2026-03-15 19:33:51 +00:00
4. Create a Client secret
5. Set env vars: `MICROSOFT_CLIENT_ID` , `MICROSOFT_CLIENT_SECRET` , `MICROSOFT_TENANT_ID`
2026-03-07 06:20:39 +00:00
2026-03-08 18:37:52 +00:00
## Security Notes
2026-03-07 06:20:39 +00:00
2026-03-15 19:33:51 +00:00
- **ENCRYPTION_KEY** is critical — back it up. Without it, the encrypted SQLite database is unreadable.
- Email content (subject, from, to, body) is encrypted at rest using AES-256-GCM.
- OAuth2 tokens are stored encrypted in the database.
- Passwords for GoWebMail accounts are bcrypt hashed (cost=12).
- All HTTP responses include security headers (CSP, X-Frame-Options, etc.).
- In production, run behind HTTPS (nginx/Caddy) and set `SECURE_COOKIE=true` .
## Dependencies
2026-03-07 06:20:39 +00:00
2026-03-15 19:33:51 +00:00
```
github.com/emersion/go-imap IMAP client
github.com/emersion/go-smtp SMTP client
github.com/emersion/go-message MIME parsing
github.com/gorilla/mux HTTP routing
github.com/mattn/go-sqlite3 SQLite driver (CGO)
golang.org/x/crypto bcrypt
golang.org/x/oauth2 OAuth2 + Google/Microsoft endpoints
```
2026-03-07 06:20:39 +00:00
## Building for Production
```bash
2026-03-08 06:06:38 +00:00
CGO_ENABLED=1 GOOS=linux go build -ldflags="-s -w" -o gowebmail ./cmd/server
2026-03-07 06:20:39 +00:00
```
2026-03-15 19:33:51 +00:00
CGO is required by `go-sqlite3` . Cross-compilation requires a C cross-compiler.
2026-03-07 06:20:39 +00:00
## License
2026-03-07 20:00:15 +00:00
This project is licensed under the [GPL-3.0 license ](LICENSE ).
