simplelogin-aio

Overview

SimpleLogin is an open-source email alias platform that lets you shield your real inbox behind forwarding aliases.

All-In-One Unraid Edition
simplelogin-aio packages the web UI, background jobs, inbound email handler, Postfix, PostgreSQL, and Redis into one Unraid-first container with persistent appdata paths.

Quick Install (Beginners)

Install this template in Unraid.
Set [code]URL[/code], [code]EMAIL_DOMAIN[/code], [code]SUPPORT_EMAIL[/code], and [code]FLASK_SECRET[/code].
Registration is disabled by default for safety. Temporarily set [code]DISABLE_REGISTRATION[/code] to [code]false[/code] only if you need web sign-up for first boot, then switch it back to [code]true[/code] and restart.
Choose an outbound relay mode if your ISP blocks outbound TCP 25.
Forward inbound TCP 25 from your router/firewall to the Unraid host if you want internet mail delivery.
Start the container, wait for first boot to finish, then add the required DNS records from the setup guide.

Power Users (Advanced View)

Advanced View exposes the full official upstream self-hosting environment surface plus wrapper-specific relay and AIO controls.
Leave defaults in place for the easiest install. Only set overrides you actually need.
You can point the app at external PostgreSQL or Redis, customize alias domain behavior, enable SSO providers, tune anti-spam and analytics integrations, and provide custom asset/key files through the optional [code]/custom-assets[/code] mount.

Important Notes

Current upstream packaging is [code]linux/amd64[/code] only.
This is still a real self-hosted mail stack. DNS, deliverability, router/firewall port forwarding, and sender reputation still matter.
For the simplest operation, keep the internal Postgres/Redis/Postfix defaults and only set the small required config set above.

Requirements

For full inbound mail delivery: a public domain, correct DNS records, and inbound TCP 25 forwarded to your Unraid host. If outbound TCP 25 is blocked, use an SMTP relay mode instead of direct delivery.

Runtime arguments

Web UI: http://[IP]:[PORT:7777]
Network: bridge
Shell: sh
Privileged: false

Template configuration

Appdata DirectoryPathrw

Primary persistent directory for PostgreSQL, Redis, DKIM keys, uploads, generated JWT keys, and application state.

Target: /appdata
Default: /mnt/user/appdata/simplelogin-aio
Value: /mnt/user/appdata/simplelogin-aio

PGP Keyring DirectoryPathrw

Persistent directory for your GnuPG keyring and optional server-generated PGP signing keys.

Target: /pgp
Default: /mnt/user/appdata/simplelogin-aio/pgp

Custom Assets DirectoryPathrw

Optional host path mounted at /custom-assets for advanced file-based settings such as custom words lists, OpenID keys, Paddle public keys, or imported PGP material.

Target: /custom-assets

Web UI PortPorttcp

Port used by the SimpleLogin web UI.

Target: 7777
Default: 7777
Value: 7777

SMTP Inbound PortPorttcp

Inbound SMTP port. Forward TCP 25 from your router or firewall to the Unraid host if you want aliases to receive internet mail.

Target: 25
Default: 25
Value: 25

App URLVariable

Canonical HTTPS URL for the dashboard, for example https://app.example.com. This does not need to be the same as your SMTP/MX hostname.

Target: URL
Default: https://app.example.com

Primary Email DomainVariable

Real public alias domain, for example example.com. Do not use a private-only tailnet domain here. First-account registration must use a separate existing mailbox, not this alias domain.

Target: EMAIL_DOMAIN
Default: example.com

Support EmailVariable

Working mailbox used for system mail, for example support@example.com. Use an address that already exists.

Target: SUPPORT_EMAIL
Default: support@example.com

Flask SecretVariable

Long random app secret. Generate with: openssl rand -hex 32

Target: FLASK_SECRET

SMTP Relay ModeVariable

Outbound mail mode. Choose one of the built-in dropdown values only: direct, brevo, protonmail, gmail, mailgun, or custom. Use a relay provider if your ISP blocks outbound TCP 25.

Target: RELAY_MODE
Default: direct|brevo|protonmail|gmail|mailgun|custom
Value: direct

Brevo UsernameVariable

Brevo SMTP username, usually your account email. Required when RELAY_MODE=brevo.

Target: BREVO_USERNAME

Brevo PasswordVariable

Brevo SMTP key or password. Required when RELAY_MODE=brevo.

Target: BREVO_PASSWORD

Proton Mail SMTP TokenVariable

Proton SMTP token. Required when RELAY_MODE=protonmail. The username stays SUPPORT_EMAIL.

Target: PROTONMAIL_TOKEN

Gmail UsernameVariable

Full Gmail address used for relay auth. Required when RELAY_MODE=gmail.

Target: GMAIL_USERNAME

Gmail App PasswordVariable

16-character Gmail app password. Required when RELAY_MODE=gmail.

Target: GMAIL_APP_PASSWORD

Mailgun UsernameVariable

Mailgun SMTP username, usually postmaster@yourdomain. Required when RELAY_MODE=mailgun.

Target: MAILGUN_USERNAME

Mailgun PasswordVariable

Mailgun SMTP password. Required when RELAY_MODE=mailgun.

Target: MAILGUN_PASSWORD

Custom Relay HostVariable

Required when RELAY_MODE=custom. Example: [smtp.provider.com]:587

Target: CUSTOM_RELAYHOST

Custom Relay UsernameVariable

SMTP username for your custom relay. Required when RELAY_MODE=custom.

Target: CUSTOM_USERNAME

Custom Relay PasswordVariable

SMTP password for your custom relay. Required when RELAY_MODE=custom.

Target: CUSTOM_PASSWORD

External PostgreSQL DB_URIVariable

Leave blank for the bundled database. When set to an external host, the bundled PostgreSQL stays idle. Format: postgresql://user:pass@host:5432/dbname

Target: DB_URI

External Redis URLVariable

Leave blank for the bundled Redis. When set to an external host, the bundled Redis stays idle. Format: redis://:pass@host:6379/0

Target: REDIS_URL

Postfix Server OverrideVariable

Advanced escape hatch. Leave at 127.0.0.1 to keep the bundled Postfix path.

Target: POSTFIX_SERVER
Default: 127.0.0.1
Value: 127.0.0.1

Postfix Port OverrideVariable

Advanced escape hatch. Leave at 25 for the bundled Postfix path.

Target: POSTFIX_PORT
Default: 25
Value: 25

DNS NameserversVariable

Comma-separated resolvers used for lookups, for example 1.1.1.1,1.0.0.1.

Target: NAMESERVERS
Default: 1.1.1.1,1.0.0.1
Value: 1.1.1.1,1.0.0.1

Custom Temp DirectoryVariable

Optional temp directory path inside the container or a mounted path.

Target: TEMP_DIR

Words File PathVariable

Advanced path override for the words file used for random alias generation. Use /custom-assets if you mount your own file.

Target: WORDS_FILE_PATH
Default: /code/local_data/test_words.txt
Value: /code/local_data/test_words.txt

Local File UploadsVariable

Leave true for local file storage inside /appdata.

Target: LOCAL_FILE_UPLOAD
Default: true|false
Value: true

GnuPG HomeVariable

GnuPG home directory path used for PGP features.

Target: GNUPGHOME
Default: /pgp
Value: /pgp

Partner API Token SecretVariable

Optional partner token secret. Generate with: openssl rand -hex 32. Blank uses FLASK_SECRET.

Target: PARTNER_API_TOKEN_SECRET

Disable RegistrationVariable

Recommended default. Keep true to block public sign-up. Temporarily switch to false only while creating a first account, then set true again and restart.

Target: DISABLE_REGISTRATION
Default: true|false
Value: true

Disable Onboarding EmailsVariable

Recommended for self-hosted installs.

Target: DISABLE_ONBOARDING
Default: true|false
Value: true

Disable Alias SuffixVariable

Recommended for self-hosted installs to allow cleaner aliases without the random suffix.

Target: DISABLE_ALIAS_SUFFIX
Default: true|false
Value: true

Enable SPF EnforcementVariable

Enable SPF enforcement using the extra headers provided by Postfix.

Target: ENFORCE_SPF
Default: true|false
Value: true

Print Emails Instead of SendingVariable

For testing only. When true, email bodies are logged instead of sent.

Target: NOT_SEND_EMAIL
Default: false|true
Value: false

Enable Colored LogsVariable

Optional colored log output for debugging.

Target: COLOR_LOG

Admin EmailVariable

General stats and admin alert email recipient. This is not a login credential.

Target: ADMIN_EMAIL

Support NameVariable

Display name used alongside SUPPORT_EMAIL.

Target: SUPPORT_NAME

Postmaster AddressVariable

Postmaster email used by some mail-related features.

Target: POSTMASTER

Max Free Plan Email CountVariable

Max number of emails a non-premium user can generate.

Target: MAX_NB_EMAIL_FREE_PLAN
Default: 10
Value: 10

Alias Rate LimitVariable

Alias creation rate limit. Example: 100/day;50/hour;5/minute

Target: ALIAS_LIMIT

Automatically Disable AliasesVariable

Optional automatic alias disable behavior.

Target: ALIAS_AUTOMATIC_DISABLE

Allowed Redirect DomainsVariable

JSON list of allowed redirect domains. Example: ["app.example.com"]

Target: ALLOWED_REDIRECT_DOMAINS

Landing Page URLVariable

Optional landing page URL shown by the app.

Target: LANDING_PAGE_URL

Status Page URLVariable

Optional status page URL shown by the app.

Target: STATUS_PAGE_URL

hCaptcha SecretVariable

hCaptcha secret key from your hCaptcha site. Set both hCaptcha fields to enable.

Target: HCAPTCHA_SECRET

hCaptcha Site KeyVariable

hCaptcha site key from your hCaptcha site. Set both hCaptcha fields to enable.

Target: HCAPTCHA_SITEKEY

Email Servers With PriorityVariable

Leave blank to auto-use mail.EMAIL_DOMAIN. Set this only if your MX host should be something else, for example [(10, "mx.example.com.")].

Target: EMAIL_SERVERS_WITH_PRIORITY

Other Alias DomainsVariable

JSON list of extra alias domains. Example: ["example.net","example.org"]

Target: OTHER_ALIAS_DOMAINS

Alias Domains OverrideVariable

Full alias-domain override as a JSON list. If set, it replaces OTHER_ALIAS_DOMAINS.

Target: ALIAS_DOMAINS

Premium Alias DomainsVariable

JSON list of premium-only domains. Example: ["vip.example.com"]

Target: PREMIUM_ALIAS_DOMAINS

First Alias DomainVariable

Alias domain used when creating the first alias.

Target: FIRST_ALIAS_DOMAIN

Bounce PrefixVariable

VERP bounce prefix. Must end with + if used.

Target: BOUNCE_PREFIX

Bounce SuffixVariable

VERP bounce suffix. Must start with + if used.

Target: BOUNCE_SUFFIX

Bounce Prefix For Reply PhaseVariable

Reply-phase bounce prefix without a trailing +.

Target: BOUNCE_PREFIX_FOR_REPLY_PHASE

GitHub Client IDVariable

GitHub OAuth app client ID.

Target: GITHUB_CLIENT_ID

GitHub Client SecretVariable

GitHub OAuth app client secret.

Target: GITHUB_CLIENT_SECRET

Google Client IDVariable

Google OAuth client ID.

Target: GOOGLE_CLIENT_ID

Google Client SecretVariable

Google OAuth client secret.

Target: GOOGLE_CLIENT_SECRET

Facebook Client IDVariable

Facebook OAuth client ID.

Target: FACEBOOK_CLIENT_ID

Facebook Client SecretVariable

Facebook OAuth client secret.

Target: FACEBOOK_CLIENT_SECRET

Proton Client IDVariable

Proton OAuth client ID.

Target: PROTON_CLIENT_ID

Proton Client SecretVariable

Proton OAuth client secret.

Target: PROTON_CLIENT_SECRET

Proton Base URLVariable

Proton API base URL override.

Target: PROTON_BASE_URL

Proton Validate CertsVariable

Certificate verification for Proton integration.

Target: PROTON_VALIDATE_CERTS
Default: true|false
Value: true

Connect With ProtonVariable

Enable Proton login integration.

Target: CONNECT_WITH_PROTON

Proton Cookie NameVariable

Cookie name for Proton login integration.

Target: CONNECT_WITH_PROTON_COOKIE_NAME

OIDC IconVariable

Font Awesome icon slug for generic OIDC login button.

Target: CONNECT_WITH_OIDC_ICON

OIDC Discovery URLVariable

OIDC discovery URL, usually ending in /.well-known/openid-configuration.

Target: OIDC_WELL_KNOWN_URL

OIDC ScopesVariable

Space-separated OIDC scopes. Default works for most providers.

Target: OIDC_SCOPES
Default: openid email profile
Value: openid email profile

OIDC Name FieldVariable

OIDC user-info field used for display name.

Target: OIDC_NAME_FIELD
Default: name
Value: name

OIDC Client IDVariable

OIDC client ID.

Target: OIDC_CLIENT_ID

OIDC Client SecretVariable

OIDC client secret.

Target: OIDC_CLIENT_SECRET

Enable SimpleLogin OIDC ProviderVariable

Set to 1 to enable SimpleLogin as an OpenID provider.

Target: ENABLE_OIDC_SERVER
Default: 0|1
Value: 0

OpenID Private Key PathVariable

Optional OpenID private key path. Blank auto-generates when ENABLE_OIDC_SERVER=1.

Target: OPENID_PRIVATE_KEY_PATH

OpenID Public Key PathVariable

Optional OpenID public key path matching the private key above.

Target: OPENID_PUBLIC_KEY_PATH

Apple API SecretVariable

Apple sign-in API secret.

Target: APPLE_API_SECRET

Mac App Apple API SecretVariable

Apple sign-in secret for the native Mac app.

Target: MACAPP_APPLE_API_SECRET

Sentry DSNVariable

Sentry DSN for backend error tracking.

Target: SENTRY_DSN

Sentry Front-End DSNVariable

Optional separate Sentry DSN for front-end error tracking.

Target: SENTRY_FRONT_END_DSN

Plausible HostVariable

Plausible Analytics host.

Target: PLAUSIBLE_HOST

Plausible DomainVariable

Plausible tracked domain.

Target: PLAUSIBLE_DOMAIN

Flask Profiler PathVariable

Optional Flask profiler sqlite path.

Target: FLASK_PROFILER_PATH

Flask Profiler PasswordVariable

Optional Flask profiler password.

Target: FLASK_PROFILER_PASSWORD

Enable SpamAssassinVariable

Set to 1 to enable SpamAssassin integration.

Target: ENABLE_SPAM_ASSASSIN
Default: 0|1
Value: 0

SpamAssassin HostVariable

SpamAssassin server host or IP.

Target: SPAMASSASSIN_HOST

HIBP Scan Interval DaysVariable

How often to check Have I Been Pwned data.

Target: HIBP_SCAN_INTERVAL_DAYS
Default: 7
Value: 7

HIBP API KeysVariable

JSON list of HIBP API keys. Example: ["key1","key2"]

Target: HIBP_API_KEYS

Auto-Generate PGP Server KeyVariable

Set to 1 to auto-generate a PGP server key pair.

Target: AUTO_GENERATE_PGP
Default: 0|1
Value: 0

PGP Sender Private Key PathVariable

Optional path to a private PGP key used to sign forwarding emails. Use /custom-assets or /pgp if you provide your own key.

Target: PGP_SENDER_PRIVATE_KEY_PATH

DKIM Private Key PathVariable

Advanced DKIM private key path override. Leave at /dkim.key for the wrapper-managed default.

Target: DKIM_PRIVATE_KEY_PATH
Default: /dkim.key
Value: /dkim.key

S3 BucketVariable

Bucket name used by upstream S3-backed features.

Target: BUCKET

AWS Access Key IDVariable

AWS or S3-compatible access key ID.

Target: AWS_ACCESS_KEY_ID

AWS Secret Access KeyVariable

AWS or S3-compatible secret access key.

Target: AWS_SECRET_ACCESS_KEY

AWS RegionVariable

AWS region.

Target: AWS_REGION

Paddle Vendor IDVariable

Paddle vendor ID.

Target: PADDLE_VENDOR_ID

Paddle Monthly Product IDVariable

Paddle monthly product ID.

Target: PADDLE_MONTHLY_PRODUCT_ID

Paddle Yearly Product IDVariable

Paddle yearly product ID.

Target: PADDLE_YEARLY_PRODUCT_ID

Paddle Public Key PathVariable

Path to your Paddle public key file, for example /custom-assets/paddle_public.pem.

Target: PADDLE_PUBLIC_KEY_PATH

Paddle Auth CodeVariable

Paddle auth code.

Target: PADDLE_AUTH_CODE

Coinbase Webhook SecretVariable

Coinbase webhook secret.

Target: COINBASE_WEBHOOK_SECRET

Coinbase Checkout IDVariable

Coinbase checkout ID.

Target: COINBASE_CHECKOUT_ID

Coinbase API KeyVariable

Coinbase API key.

Target: COINBASE_API_KEY

Coinbase Yearly PriceVariable

Coinbase yearly price value.

Target: COINBASE_YEARLY_PRICE

Custom Config File PathVariable

Expert-only alternate dotenv file path. Usually leave blank and use the template fields instead.

Target: CONFIG

Monitoring EmailVariable

Optional monitoring report email recipient.

Target: MONITORING_EMAIL

Unsubscriber AddressVariable

Optional address that receives unsubscribe requests.

Target: UNSUBSCRIBER

Legacy Unsubscriber AddressVariable

Legacy alias for unsubscribe routing.

Target: OLD_UNSUBSCRIBER

Users With HTTP UnsubscribeVariable

Comma-separated users allowed to use HTTP unsubscribe.

Target: USERS_WITH_HTTP_UNSUBSCRIBE

Legacy Free Plan Alias LimitVariable

Legacy free-plan alias cap used for old accounts.

Target: MAX_NB_EMAIL_OLD_FREE_PLAN

DB Connection NameVariable

Optional PostgreSQL application_name override.

Target: DB_CONN_NAME

AWS Endpoint URLVariable

Optional custom S3-compatible endpoint URL.

Target: AWS_ENDPOINT_URL

Paddle Monthly Product IDsVariable

JSON list of extra Paddle monthly product IDs. Example: [12345,67890]

Target: PADDLE_MONTHLY_PRODUCT_IDS

Paddle Yearly Product IDsVariable

JSON list of extra Paddle yearly product IDs. Example: [12345,67890]

Target: PADDLE_YEARLY_PRODUCT_IDS

Paddle Coupon IDVariable

Optional Paddle coupon product ID.

Target: PADDLE_COUPON_ID

Proton Extra Header NameVariable

Optional Proton integration header name override.

Target: PROTON_EXTRA_HEADER_NAME

Proton Extra Header ValueVariable

Optional Proton integration header value.

Target: PROTON_EXTRA_HEADER_VALUE

Prevent Linked Proton ChangeVariable

Presence-based upstream flag. Set true to prevent linked Proton account changes.

Target: PROTON_PREVENT_CHANGE_LINKED_ACCOUNT
Default: false|true
Value: false

Sentry Trace RateVariable

Optional Sentry trace sample rate. Example: 0.001

Target: SENTRY_TRACE_RATE

Postfix Backup ServersVariable

Comma-separated backup outbound SMTP servers.

Target: POSTFIX_BACKUP_SERVERS

Postfix Submission TLSVariable

Presence-based upstream flag. Set true to use Postfix submission with TLS on port 587.

Target: POSTFIX_SUBMISSION_TLS
Default: false|true
Value: false

Postfix TimeoutVariable

Postfix send timeout in seconds.

Target: POSTFIX_TIMEOUT

Postfix Connect TimeoutVariable

Postfix connect timeout in seconds.

Target: POSTFIX_CONNECT_TIMEOUT

Proton MX ServersVariable

Comma-separated Proton MX servers.

Target: PROTON_MX_SERVERS

Proton Email DomainsVariable

Comma-separated Proton email domains.

Target: PROTON_EMAIL_DOMAINS

Load PGP In Email HandlerVariable

Presence-based upstream flag for niche local PGP loading behavior.

Target: LOAD_PGP_EMAIL_HANDLER
Default: false|true
Value: false

Apple Webhook Secret CheckVariable

Presence-based upstream flag to validate Apple webhook shared secret.

Target: APPLE_WEBHOOK_SECRET_CHECK_ENABLED
Default: false|true
Value: false

Max Spam ScoreVariable

SpamAssassin spam score threshold for forwarded mail.

Target: MAX_SPAM_SCORE

Max Reply Spam ScoreVariable

SpamAssassin spam score threshold for reply-phase mail.

Target: MAX_REPLY_PHASE_SPAM_SCORE

PGP Signer AddressVariable

Optional signer address used for outgoing encrypted email.

Target: PGP_SIGNER

No Reply AddressVariable

Formatted no-reply address override.

Target: NOREPLY

Partner No Reply AddressVariable

Formatted partner no-reply address override.

Target: PARTNER_NOREPLY

HIBP API RPMVariable

Have I Been Pwned requests-per-minute limit.

Target: HIBP_API_RPM

Skip HIBP For Partner AliasesVariable

Optional HIBP behavior override for partner aliases.

Target: HIBP_SKIP_PARTNER_ALIAS

Save Unsent DirectoryVariable

Optional directory where unsent emails are stored.

Target: SAVE_UNSENT_DIR

Rspamd Signs DKIMVariable

Presence-based upstream flag indicating DKIM signing is handled by Rspamd.

Target: RSPAMD_SIGN_DKIM
Default: false|true
Value: false

Twilio Auth TokenVariable

Optional Twilio auth token for phone-related integrations.

Target: TWILIO_AUTH_TOKEN

Phone Provider 1 SecretVariable

Optional phone provider secret.

Target: PHONE_PROVIDER_1_SECRET

Phone Provider 2 HeaderVariable

Optional phone provider header name.

Target: PHONE_PROVIDER_2_HEADER

Phone Provider 2 SecretVariable

Optional phone provider secret.

Target: PHONE_PROVIDER_2_SECRET

Zendesk HostVariable

Optional Zendesk host for support integrations.

Target: ZENDESK_HOST

Zendesk API TokenVariable

Optional Zendesk API token.

Target: ZENDESK_API_TOKEN

Zendesk EnabledVariable

Presence-based upstream flag to enable Zendesk integration.

Target: ZENDESK_ENABLED
Default: false|true
Value: false

DMARC Check EnabledVariable

Presence-based upstream flag to enable DMARC checks.

Target: DMARC_CHECK_ENABLED
Default: false|true
Value: false

VERP PrefixVariable

VERP prefix override.

Target: VERP_PREFIX

VERP Email SecretVariable

Custom VERP secret. Generate with: openssl rand -hex 32. Must be at least 32 chars.

Target: VERP_EMAIL_SECRET

Transactional Bounce PrefixVariable

Optional transactional bounce prefix.

Target: TRANSACTIONAL_BOUNCE_PREFIX

Transactional Bounce SuffixVariable

Optional transactional bounce suffix.

Target: TRANSACTIONAL_BOUNCE_SUFFIX

Alias Transfer Token SecretVariable

Alias transfer token secret. Generate with: openssl rand -hex 32

Target: ALIAS_TRANSFER_TOKEN_SECRET

Disable Create Contacts For Free UsersVariable

Optional upstream behavior override for free-user contact creation.

Target: DISABLE_CREATE_CONTACTS_FOR_FREE_USERS

Alias Random Suffix LengthVariable

Length of generated alias random suffix.

Target: ALIAS_RAND_SUFFIX_LENGTH

Event Webhook URLVariable

Optional event webhook destination URL.

Target: EVENT_WEBHOOK

Event Webhook Skip Verify SSLVariable

Presence-based upstream flag to skip SSL verification for the event webhook.

Target: EVENT_WEBHOOK_SKIP_VERIFY_SSL
Default: false|true
Value: false

Event Webhook DisabledVariable

Presence-based upstream flag to disable event webhooks.

Target: EVENT_WEBHOOK_DISABLE
Default: false|true
Value: false

Event Webhook Enabled User IDsVariable

Comma-separated user IDs allowed to emit event webhooks.

Target: EVENT_WEBHOOK_ENABLED_USER_IDS

Event Listener DB URIVariable

Optional dedicated DB URI for the event listener.

Target: EVENT_LISTENER_DB_URI

Max API KeysVariable

Maximum number of API keys per user.

Target: MAX_API_KEYS

Memory Store URIVariable

Optional memory store URI override.

Target: MEM_STORE_URI

Recovery Code HMAC SecretVariable

Recovery-code HMAC secret. Generate with: openssl rand -hex 32. Must be at least 16 chars.

Target: RECOVERY_CODE_HMAC_SECRET

Min Rspamd Score For Failed DMARCVariable

Rspamd score threshold for quarantining DMARC-failed email.

Target: MIN_RSPAMD_SCORE_FOR_FAILED_DMARC

Enable All Reverse Alias ReplacementVariable

Presence-based upstream flag to replace all reverse aliases.

Target: ENABLE_ALL_REVERSE_ALIAS_REPLACEMENT
Default: false|true
Value: false

Max Reverse Alias ReplacementsVariable

Maximum reverse aliases replaced when the related feature is enabled.

Target: MAX_NB_REVERSE_ALIAS_REPLACEMENT

Disable Rate LimitVariable

Presence-based upstream flag to disable rate limiting.

Target: DISABLE_RATE_LIMIT
Default: false|true
Value: false

Alias Create Rate Limit FreeVariable

Free-user alias create rate limits in hits,seconds:hits,seconds format.

Target: ALIAS_CREATE_RATE_LIMIT_FREE

Alias Create Rate Limit PaidVariable

Paid-user alias create rate limits in hits,seconds:hits,seconds format.

Target: ALIAS_CREATE_RATE_LIMIT_PAID

Alias Restore One Rate LimitVariable

Single-alias restore rate limits in hits,seconds:hits,seconds format.

Target: ALIAS_RESTORE_ONE_RATE_LIMIT

Alias Restore All Rate LimitVariable

Bulk alias restore rate limits in hits,seconds:hits,seconds format.

Target: ALIAS_RESTORE_ALL_RATE_LIMIT

Max Bounces Per DayVariable

Maximum daily bounces before automatic handling triggers.

Target: MAX_BOUNCES_1D

Max Bounces Per WeekVariable

Maximum weekly bounces before automatic handling triggers.

Target: MAX_BOUNCES_1W

Partner DNS Custom DomainsVariable

Expert partner mapping in key=value;key=value format. Example: a.com=x.com;b.com=y.com

Target: PARTNER_DNS_CUSTOM_DOMAINS

Partner Domain Validation PrefixesVariable

Expert validation prefixes in key=value;key=value format.

Target: PARTNER_CUSTOM_DOMAIN_VALIDATION_PREFIXES

Mailbox Verification Override CodeVariable

Optional mailbox verification override code for controlled environments.

Target: MAILBOX_VERIFICATION_OVERRIDE_CODE

Audit Log Max DaysVariable

Maximum audit log retention in days.

Target: AUDIT_LOG_MAX_DAYS

Alias Trash DaysVariable

Days before trashed aliases are purged.

Target: ALIAS_TRASH_DAYS

Allowed OAuth SchemesVariable

Comma-separated allowed OAuth callback schemes.

Target: ALLOWED_OAUTH_SCHEMES

Max Email Forward RecipientsVariable

Maximum forward recipients per email.

Target: MAX_EMAIL_FORWARD_RECIPIENTS

Master Encryption Key HexVariable

Hex-encoded master encryption key. Generate with: openssl rand -hex 32

Target: MASTER_ENC_KEY_HEX

MAC Key HexVariable

Hex-encoded MAC key. Generate with: openssl rand -hex 32

Target: MAC_KEY_HEX

Abuser HKDF SaltVariable

Hex-encoded HKDF salt. Generate with: openssl rand -hex 32

Target: ABUSER_HKDF_SALT

Invalid MX IPsVariable

Comma-separated invalid MX IPs ignored by validation logic.

Target: INVALID_MX_IPS

Use Rust PGPVariable

Presence-based upstream flag to use the Rust PGP implementation.

Target: USE_RUST_PGP
Default: false|true
Value: false

SMTP Size LimitVariable

Maximum SMTP message size in bytes.

Target: SMTP_SIZE_LIMIT

Partner Support URLVariable

Optional partner support URL shown by the app.

Target: PARTNER_SUPPORT_URL

Admin FIDO RequiredVariable

Admin FIDO requirement. Choose one of the built-in dropdown values only: none, any, or hardware. Leave this at none unless you already intend to enforce admin FIDO or security keys.

Target: ADMIN_FIDO_REQUIRED
Default: none|any|hardware
Value: none

Admin Grace PeriodVariable

Admin grace period in seconds before FIDO enforcement.

Target: ADMIN_GRACE_PERIOD

Drop PGP Key Attachments On ReplyVariable

Presence-based upstream flag to drop PGP key attachments on reply.

Target: DROP_PGP_KEY_ATTACHMENTS_ON_REPLY
Default: false|true
Value: false

UpCloud UsernameVariable

Optional UpCloud username for niche upstream integrations.

Target: UPCLOUD_USERNAME

UpCloud PasswordVariable

Optional UpCloud password for niche upstream integrations.

Target: UPCLOUD_PASSWORD

UpCloud DB IDVariable

Optional UpCloud database ID for niche upstream integrations.

Target: UPCLOUD_DB_ID

Store Transactional EmailsVariable

Presence-based upstream flag to store transactional emails.

Target: STORE_TRANSACTIONAL_EMAILS
Default: false|true
Value: false

Links

Template Support Docker Hub Project

Details

Repository

jsonbored/simplelogin-aio:latest

Registry

https://hub.docker.com/r/jsonbored/simplelogin-aio

Last Updated2026-05-28

First Seen2026-05-01

Run simplelogin-aio on Unraid.

simplelogin-aio is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS