Why nmailx
- Serverless 2 Lambda functions, 5 DynamoDB tables, 1 API Gateway HTTP API. No EC2, no containers in production.
- Cheap Comfortably under $10/month at 500+ emails/day - mostly SES's $0.10 per 1,000 emails.
- Secure by default Origin-derived domain resolution (never client-supplied), Cloudflare Turnstile spam protection, atomic rate limiting, sandboxed Jinja2 templates, argon2id + JWT auth, CSRF protection.
- Self-contained UI HTMX + Bootstrap, all vendored - no CDN dependency for the admin dashboard itself.
-
One-command deploy
make deploy- AWS SAM under the hood, real CloudFormation, not a bespoke deploy script. - Fully torn down on request Every piece of infrastructure this creates can be deleted just as easily as it was created.
How it works
Static site (GitHub Pages, etc.)
| POST /send (Origin header identifies the domain)
v
API Gateway (HTTP API)
|-- /send -> SendApiFunction (public, narrow IAM, never touches Users/SES identities)
`-- /admin/* -> AdminApiFunction (cookie-authenticated dashboard, never sends email)
|
v
5 DynamoDB tables (domains, users, templates, rate-limits, send-logs)
SES (send + domain identity verification)
Quick start
git clone [email protected]:napalm255/nmailx.git
cd nmailx
make venv # creates .venv/, installs requirements-dev.txt
export JWT_SIGNING_SECRET=$(openssl rand -hex 32)
export TURNSTILE_SECRET_KEY=<from the Cloudflare Turnstile dashboard>
make deploy-guided # first time only - sam build, then sam deploy --guided
Full walkthrough - creating your first admin user, verifying a sending domain with SES, adding DKIM records, creating a template, and dropping the contact-form snippet into your static site - is in the README and the GitHub Wiki.
Learn more
- README - overview, prerequisites, quick start, configuration reference
- GitHub Wiki - in-depth architecture, setup, custom domain, teardown, and local-development guides
- Source code - AWS SAM template, Lambda functions, shared layer, tests