mailcow

mailcow.email
Awesome PrivacyNetworkingMail Serversmailcow
mailcow

A mail server with everything you need (SMTP, IMAP, webmail, NextCloud support..) using Docker.

Also Consider

Open Source

mailcow Source Code

Author

mailcow

Description

mailcow: dockerized - 🐮 + 🐋 = 💕

#acme#clamav#docker#docker-compose#dovecot#groupware#hacktoberfest#imap#mail#mailcow#mailserver#olefy#postfix#rspamd#servercow#smtp#sogo

Homepage

https://mailcow.email

License

GPL-3.0

Created

09 Dec 16

Last Updated

09 Jun 26

Latest version

2026-05

Primary Language

JavaScript

Size

49,885 KB

Stars

12,912

Forks

1,717

Watchers

12,912

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

mailcow Security

5.8/10

Repo Security Summary

Updated 25 May 26

  • Code-Review 4/10
  • Maintained 10/10
  • Dangerous-Workflow 10/10
  • Security-Policy 10/10
  • CII-Best-Practices 0/10
  • Token-Permissions 0/10
  • Binary-Artifacts 10/10
  • License 10/10
  • Signed-Releases N/A
  • Branch-Protection N/A
  • Fuzzing 0/10
  • Packaging 10/10
  • SAST 0/10
  • Pinned-Dependencies 0/10

Security Advisories (22)

  • low Patched

    CVE-2026-40878 Reflected Parameter Injection / Wrong-Context XSS Escaping in mailcow-dockerized Login Page

  • high Patched CVSS 7.2

    CVE-2026-40871 Second Order SQL Injection in quarantine category via API

  • critical Patched

    CVE-2026-40872 Stored XSS in autodiscover logs email address field

  • high Patched

    CVE-2026-40873 Stored XSS in Quarantine attachment filenames

  • medium Patched

    CVE-2026-40874 Missing authorization on Forwarding Hosts delete action

  • high Patched

    CVE-2026-40875 Stored XSS in user login history real_rip

  • critical Patched CVSS 9.1

    CVE-2025-53909 SSTI in Quota and Quarantine Notification Template

  • high Patched CVSS 7.1

    CVE-2025-25198 Password reset poisoning

  • high Patched CVSS 7

    CVE-2024-56529 Session Fixation on mailcow web panel

  • low Patched CVSS 3.8

    CVE-2024-41960 XSS Vulnerability via Relay Hosts Configuration

  • high Patched CVSS 7.6

    CVE-2024-41959 XSS Vulnerability via API Logs

  • medium Patched CVSS 6.6

    CVE-2024-41958 Two-Factor Authentication (2FA) Bypass Vulnerability

  • medium Patched CVSS 6.8

    CVE-2024-31204 XSS Vulnerability via Exception Handler

  • medium Patched CVSS 6.7

    CVE-2024-30270 Path Traversal and Arbitrary Code Execution Vulnerability

  • high Patched CVSS 8.8

    CVE-2024-24760 Docker Container Exposure to Local Network

  • medium Patched CVSS 4.7

    CVE-2024-23824 Pixel flood attack leads to Denial of Service in admin page

  • high Patched CVSS 8.3

    CVE-2023-49077 XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

  • high Patched CVSS 8.8

    CVE-2023-34108 Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

  • high Patched

    CVE-2023-26490 Shell command injection via xoauth2 authentication in imapsync​

  • medium Patched

    CVE-2022-39258 Possible Phishing attacks through Swagger UI

  • critical Patched

    CVE-2022-31138 CVE-2022-31138: IMAPSYNC (Syncjobs) Debug Extended Rights (hidden options)

  • critical Patched

    CVE-2022-31245 CVE-2022-31245: IMAPSYNC (Syncjobs) Debug Extended Rights (pipemess)

mailcow Website

Website

mailcow: dockerized - Blog

The mailserver suite with the 'moo' – 🐮 + 🐋 = 💕 | Official Blog Page

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address 185.199.111.153
  • Hostname cdn-185-199-111-153.github.com
  • Location California, Pennsylvania, United States of America, NA
  • ISP GitHub Inc.
  • ASN AS54113

Associated Countries

  • DE DE
  • US US

Safety Score

Website marked as safe

100%

Blacklist Check

mailcow.email was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview
View full report at web-check.xyz

mailcow Reviews

More Mail Servers

View More...

About the Data: mailcow

Change History

API

You can access mailcow's data programmatically via our API. Simply make a GET request to: 

https://api.awesome-privacy.xyz/v1/services/mailcow

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share mailcow

Help your friends compare Mail Servers, and pick privacy-respecting software and services.
Share mailcow and Awesome Privacy with your network!

← Previous

Docker Mailserver
View Mail Servers (3)