Self-hosted personal email guardian with one-step deployment
Heimdall is a self-hosted email alias/forwarding service. I built this as a privacy tool to fight spam and also better manage access to my personal email address. As a self-hosted and self-managed service, you have complete control over your data. With 3rd party email forwarding services, you are forced to trust a company with your emails.
This has also been a really fun project for me to learn more about AWS and the Serverless framework.
Changelog can be found under Releases.
Heimdall operates as a whitelisting (default-deny) service. All incoming emails to your domain are rejected by default unless they are to valid aliases. Emails received on valid aliases will be forwarded to your personal email address.
Forwarded emails will preserve metadata information, such as any other recipients in the "to" or "CC" headers.
To reply, simply reply normally to the received email. Other recipients in the original email will not receive your reply.
You may include other recipients in the "to" and "CC" list, either by manually inserting them, or using "reply-all".
Note: If you do that, you will disclose your email address to them. However, the original sender will still not be able to see your email address, provided you are replying to the original sender through the alias. The original sender will also not be able to see the other recipients.
Attachments are supported, although size limits apply to the entire email message. This is a hard limitation imposed by AWS and cannot be circumvented. See Limitations below.
To interact with the service, send a single email to one of the following email addresses.
The description lets you identify an alias and its use. E.g. "Sign up for Service X".
Dev note: This reads up to a maximum of 1MB of data (due to AWS's limitations).
Supported usage stats:
Coming soon - not supported yet.
Received emails must be <30MB. Outgoing emails must be <10MB.
Pre-requisites: You need to own a domain and have an AWS account. For reasonable use cases, you should not exceed AWS's free tier (which is very generous).
Optional: To be able to reply to emails, you need to request AWS Support to un-sandbox your SES account.
.env.sample, and rename to
.env. It is important that
yarn global add serverless.
yarn run deploy-prod.
yourverifieddomain.com). Preferably, name your rule descriptively (e.g.
If you want to build new features or tweak existing features, you can set up a parallel development environment that runs alongside production (above).
DEV_SUBDOMAINenvironment variable is set in
yarn run deploy-dev. This creates a parallel development CloudFormation stack.
test.yourverifieddomain.com). Preferably, name your rule descriptively (e.g.
Note: You need to update your DNS records for
test.yourverifieddomain.comas you did when verifying your domain for AWS SES.
To run migration scripts, first compile using
tsc scripts/migrate_vX.ts, then run using