Open-source SMTP relay

A minimal SMTP server in Rust.

Hedwig is a high-performance, minimalist SMTP server implemented in Rust. It receives, queues, and forwards email to destination SMTP servers using a durable on-disk queue and a straightforward configuration.

Docs Configuration

DKIM + TLS Filesystem queue AGPL v3

Core capabilities

Focused on SMTP relay, nothing extra.

Fast and efficient

Optimized for high-speed email processing with a lean, async core.

Minimalist design

Focuses on core SMTP relay flows without unnecessary complexity.

Persistent queue

Emails are queued on the filesystem for durable processing.

Forward-only

Specializes in receiving and forwarding, not full server semantics.

Security features

Supports DKIM, TLS, and SMTP authentication with practical defaults.

Rate limiting

Per-domain rate limiting keeps outbound delivery healthy.

Architecture snapshot

From inbound handshake to outbound delivery.

Inbound

Listener intake

Plaintext or TLS listeners accept mail and negotiate SMTP.

Policy

Callbacks

Authentication, domain filtering, and rate limiting are enforced.

Storage

Queue

Messages land in a persistent on-disk queue for durability.

Workers

Processing

Workers parse, sign with DKIM, and resolve MX records.

Outbound

Delivery

Outbound pools relay to destination servers with retries.

Quickstart

Build and run locally.

git clone https://github.com/iamd3vil/hedwig.git
cd hedwig
cargo build --release
HEDWIG_LOG_LEVEL=info ./target/release/hedwig

Next: configure and run

Set up listeners, optional TLS, and storage paths in a single TOML file.

Open the full guide

Configuration

Listeners, auth, DKIM, and storage.

[server]
workers = 4
max_retries = 5
pool_size = 100

[[server.listeners]]
addr = "0.0.0.0:25"

[[server.listeners]]
addr = "0.0.0.0:465"
[server.listeners.tls]
cert_path = "/path/to/cert.pem"
key_path = "/path/to/key.pem"

[storage]
storage_type = "fs"
base_path = "/var/lib/hedwig/mail"

Configuration guide

Optional auth, rate limiting, metrics, and health checks live here.

Open configuration docs

Metrics (optional)

Expose Prometheus metrics when enabled.

Queue depth

Track queued, deferred, bounced, and dropped messages.

Send attempts

Monitor per-domain successes, failures, and latency.

Worker throughput

Measure job processing time and DKIM signing latency.