Skip to main content

Environment Variables Reference

Complete reference for all EmailEngine environment variables. These settings are loaded at application startup and require a restart to take effect.

.env File Support

EmailEngine automatically loads environment variables from a .env file located in the current working directory. This is the recommended way to configure EmailEngine as it ensures variables persist across restarts.

# Create .env file
echo "EENGINE_REDIS=redis://localhost:6379" > .env
echo "EENGINE_SECRET=$(openssl rand -hex 32)" >> .env

# Start EmailEngine (will load .env automatically)
emailengine
Command-Line Alternative

Every environment variable can also be set via command-line arguments using the format --section.key=value. For example, EENGINE_HOST=0.0.0.0 can be set as --api.host=0.0.0.0. See CLI reference →

Quick Start

Minimal production configuration:

Using environment variables:

EENGINE_REDIS=redis://localhost:6379
EENGINE_HOST=0.0.0.0
EENGINE_PORT=3000

Using command-line arguments:

emailengine \
  --dbs.redis="redis://localhost:6379" \
  --api.host="0.0.0.0" \
  --api.port=3000

Complete CLI reference →

Server & Connection

Configure HTTP server and connection settings.

VariableTypeDefaultDescriptionExample
EENGINE_HOSTstring127.0.0.1HTTP server bind address0.0.0.0
EENGINE_PORTnumber3000HTTP server port8080
PORTnumber3000Alternative to EENGINE_PORT (used by some platforms)8080
EENGINE_TIMEOUTnumber10000HTTP request timeout (ms)30000
EENGINE_API_PROXYbooleanfalseTrust reverse proxy headers (X-Forwarded-For) for client IPtrue

Access token management →

Examples:

Public deployment:

EENGINE_HOST=0.0.0.0
EENGINE_PORT=3000

Behind reverse proxy (Nginx, Apache, etc):

EENGINE_HOST=127.0.0.1
EENGINE_PORT=3000
EENGINE_API_PROXY=true  # Trust X-Forwarded-For headers for client IP

Redis

Redis database connection and configuration.

VariableTypeDefaultDescriptionExample
EENGINE_REDISstringredis://127.0.0.1:6379/8Redis connection URL (primary)redis://user:pass@redis.example.com:6379/0
REDIS_URLstringredis://127.0.0.1:6379/8Redis connection URL (fallback if EENGINE_REDIS not set)redis://localhost:6379
EENGINE_REDIS_PREFIXstringnoneOptional key prefix for Redis keys{ee-prod}

Connection URL Format:

redis://[username:password@]host[:port][/database]
rediss://...  (with TLS)

Examples:

Basic connection:

EENGINE_REDIS=redis://localhost:6379

With authentication:

EENGINE_REDIS=redis://username:password@redis.example.com:6379

With TLS:

EENGINE_REDIS=rediss://redis.example.com:6380

With database selection:

EENGINE_REDIS=redis://localhost:6379/8

Custom Redis key prefix:

EENGINE_REDIS_PREFIX="{emailengine-prod}"

Detailed Redis configuration →

Email Protocol Settings

Email protocol timeouts and limits.

VariableTypeDefaultDescriptionExample
EENGINE_MAX_SIZEbytes5242880Max attachment size (5 MB)10485760
EENGINE_MAX_BODY_SIZEbytes52428800Max POST body size for message uploads (50 MB)104857600
EENGINE_MAX_SMTP_MESSAGE_SIZEbytes26214400Max message size for SMTP submission (25 MB)52428800
EENGINE_MAX_PAYLOAD_TIMEOUTms10000Payload reception timeout for message uploads30000
EENGINE_TIMEOUTms10000General timeout for operations30000
EENGINE_FETCH_TIMEOUTms90000Timeout for HTTP fetch operations (90 seconds)120000
EENGINE_FETCH_BATCH_SIZEnumber1000Messages per batch during synchronization500
EENGINE_IMAP_SOCKET_TIMEOUTmsnoneCustom socket timeout for IMAP connections60000
EENGINE_CONNECTION_SETUP_DELAYms0Delay before setting up account connections5000
EENGINE_CHUNK_SIZEbytes1000000Download chunk size for streaming attachments (1 MB)5000000
EENGINE_MAX_IMAP_AUTH_FAILURE_TIMEms259200000Max time to wait before disabling IMAP on auth failures (3 days)86400000

Examples:

High attachment limit:

EENGINE_MAX_SIZE=20971520  # 20 MB

Extended timeouts for slow servers:

EENGINE_TIMEOUT=30000      # 30 seconds
EENGINE_FETCH_TIMEOUT=60000  # 60 seconds

Delay connection setup on startup (useful for high account count):

EENGINE_CONNECTION_SETUP_DELAY=10000  # 10 seconds

Worker Threads

Control worker thread configuration for processing workload.

VariableTypeDefaultDescriptionExample
EENGINE_WORKERSnumber4IMAP worker thread count8
EENGINE_WORKERS_SUBMITnumber1Worker threads for email submission2
EENGINE_WORKERS_WEBHOOKSnumber1Worker threads for webhook delivery2

Examples:

High-performance setup:

EENGINE_WORKERS=8
EENGINE_WORKERS_SUBMIT=4
EENGINE_WORKERS_WEBHOOKS=4

Resource-constrained environment:

EENGINE_WORKERS=2
EENGINE_WORKERS_SUBMIT=1
EENGINE_WORKERS_WEBHOOKS=1

Queue Management

Configure job queue retention, cleanup, and concurrency.

VariableTypeDefaultDescriptionExample
EENGINE_QUEUE_REMOVE_AFTERnumber0Number of completed jobs to keep in queue (0 = remove immediately)5000
EENGINE_SUBMIT_QCnumber1Concurrency for email submission queue4
EENGINE_NOTIFY_QCnumber1Concurrency for notification/webhook queue4
EENGINE_SUBMIT_DELAYmsnoneDelay between email submissions1000

Examples:

Keep job history (retain last 1000 completed jobs):

EENGINE_QUEUE_REMOVE_AFTER=1000

Higher queue concurrency:

EENGINE_SUBMIT_QC=4
EENGINE_NOTIFY_QC=4

Rate limit email submissions:

EENGINE_SUBMIT_DELAY=1000  # 1 second between submissions

IMAP Proxy Server

Enable and configure the built-in IMAP proxy server feature.

VariableTypeDefaultDescriptionExample
EENGINE_IMAP_PROXY_ENABLEDbooleanfalseEnable IMAP proxy servertrue
EENGINE_IMAP_PROXY_HOSTstring127.0.0.1IMAP proxy bind address0.0.0.0
EENGINE_IMAP_PROXY_PORTnumber2993IMAP proxy server port993
EENGINE_IMAP_PROXY_SECRETstringnoneIMAP proxy authentication password. If not set, API tokens with imap-proxy scope can be usedyour-secret-key
EENGINE_IMAP_PROXY_PROXYbooleanfalseEnable PROXY protocol for IMAP proxy servertrue

Examples:

Enable IMAP proxy with shared secret:

EENGINE_IMAP_PROXY_ENABLED=true
EENGINE_IMAP_PROXY_HOST=0.0.0.0
EENGINE_IMAP_PROXY_PORT=2993
EENGINE_IMAP_PROXY_SECRET=my-secure-secret-key

Enable IMAP proxy with API token authentication:

# No secret set - use API tokens with "imap-proxy" scope for authentication
EENGINE_IMAP_PROXY_ENABLED=true
EENGINE_IMAP_PROXY_HOST=0.0.0.0
EENGINE_IMAP_PROXY_PORT=2993

SMTP Proxy Server

Enable and configure the built-in SMTP proxy server feature.

VariableTypeDefaultDescriptionExample
EENGINE_SMTP_ENABLEDbooleanfalseEnable SMTP proxy servertrue
EENGINE_SMTP_HOSTstring127.0.0.1SMTP server bind address0.0.0.0
EENGINE_SMTP_PORTnumber2525SMTP server port587
EENGINE_SMTP_SECRETstringnoneSMTP authentication password. If not set, API tokens with smtp scope can be usedyour-secret-key
EENGINE_SMTP_PROXYbooleanfalseEnable PROXY protocol for SMTP proxy servertrue
EENGINE_MAX_SMTP_MESSAGE_SIZEbytes26214400Max message size the SMTP proxy accepts (25 MB)52428800

Examples:

Enable SMTP proxy with shared secret:

EENGINE_SMTP_ENABLED=true
EENGINE_SMTP_HOST=0.0.0.0
EENGINE_SMTP_PORT=2525
EENGINE_SMTP_SECRET=my-secure-secret-key

Enable SMTP proxy with API token authentication:

# No secret set - use API tokens with "smtp" scope for authentication
EENGINE_SMTP_ENABLED=true
EENGINE_SMTP_HOST=0.0.0.0
EENGINE_SMTP_PORT=2525

TLS Configuration

Configure TLS/SSL settings for secure connections.

VariableTypeDefaultDescriptionExample
EENGINE_TLS_MIN_VERSIONstringTLSv1Minimum TLS versionTLSv1.2
EENGINE_TLS_MIN_DH_SIZEnumber1024Minimum Diffie-Hellman key size2048
EENGINE_TLS_CIPHERSstringDEFAULT@SECLEVEL=0TLS cipher suite listTLS_AES_256_GCM_SHA384
EENGINE_API_TLSbooleanfalseEnable TLS for the API servertrue

Examples:

Enforce TLS 1.2 minimum:

EENGINE_TLS_MIN_VERSION=TLSv1.2

Stronger DH parameters:

EENGINE_TLS_MIN_DH_SIZE=2048

Custom cipher suite:

EENGINE_TLS_CIPHERS="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"

Security & Access Control

Security settings and access restrictions.

VariableTypeDefaultDescriptionExample
EENGINE_SECRETstringnoneEncryption secret for credentials and sessions (required for production)your-random-secret-key
EENGINE_ADMIN_ACCESS_ADDRESSESstringallComma-separated list of IP addresses allowed to access admin interface192.168.1.0/24,10.0.0.1
EENGINE_REQUIRE_API_AUTHbooleantrueRequire API authentication tokensfalse
EENGINE_ENABLE_OAUTH_TOKENS_APIbooleanfalseAllow retrieving raw OAuth tokens via APItrue
EENGINE_DISABLE_SETUP_WARNINGSbooleanfalseDisable admin password setup warningstrue

Examples:

Set encryption secret:

# Generate a secret
openssl rand -hex 32

# Add to .env file:
EENGINE_SECRET=generated-value-here

Restrict admin access to specific IPs:

EENGINE_ADMIN_ACCESS_ADDRESSES="192.168.1.0/24,10.0.0.1"

Development mode (disable API auth):

# WARNING: Never use in production
EENGINE_REQUIRE_API_AUTH=false

Advanced Settings

Advanced configuration options for debugging and performance tuning.

VariableTypeDefaultDescriptionExample
EENGINE_LOG_RAWbooleanfalseLog raw IMAP protocol traffic (debug only)true
EENGINE_DISABLE_COMPRESSIONbooleanfalseDisable IMAP COMPRESS extensiontrue
EENGINE_DISABLE_MESSAGE_BROWSERbooleanfalseDisable web-based message browsertrue
EENGINE_CORS_ORIGINstringnoneCORS allowed origins (space or comma separated)https://app.example.com

Examples:

Enable protocol debugging:

EENGINE_LOG_RAW=true
EENGINE_LOG_LEVEL=trace

Enable CORS for API:

EENGINE_CORS_ORIGIN="https://app.example.com https://admin.example.com"

Disable IMAP compression (for debugging):

EENGINE_DISABLE_COMPRESSION=true

Logging & Monitoring

Logging configuration and error tracking.

VariableTypeDefaultDescriptionExample
EENGINE_LOG_LEVELstringtraceLog level (trace, debug, info, warn, error, fatal)info
BUGSNAG_API_KEYstringnoneBugsnag API key for error trackingyour-bugsnag-key
NODE_ENVstringproductionNode.js environmentdevelopment

Log Levels:

  • trace - Very detailed, includes all protocol messages
  • debug - Detailed operational information
  • info - General operational messages
  • warn - Warning messages
  • error - Error messages only
  • fatal - Fatal errors only

Examples:

Development/debugging:

NODE_ENV=development
EENGINE_LOG_LEVEL=trace

Production:

NODE_ENV=production
EENGINE_LOG_LEVEL=info

Enable error tracking:

BUGSNAG_API_KEY=your-bugsnag-api-key-here

Monitoring and logging →

Prepared Configuration

Pre-configured settings for automated deployments.

VariableTypeDescriptionExample
EENGINE_SETTINGSJSONPre-configured runtime settingsSee below
EENGINE_PREPARED_TOKENstringExported token hash (from emailengine tokens export)hKJpZNlAMzAxZThjNTFh...
EENGINE_PREPARED_PASSWORDstringPassword hash (from emailengine password --hash)JHBia2RmMi1zaGE1MTIk...
EENGINE_PREPARED_LICENSEstringPre-configured license keylicense-key-string

Examples:

Prepared settings:

EENGINE_SETTINGS='{
  "webhooks": "https://your-app.com/webhook",
  "webhookEvents": ["messageNew", "messageSent"]
}'

Docker Compose (multiline):

environment:
  EENGINE_SETTINGS: >
    {
      "webhooks": "https://your-app.com/webhook",
      "webhookEvents": [
        "messageNew",
        "messageDeleted",
        "messageSent"
      ]
    }

Prepared token (requires exported hash, not the raw token):

# 1. Generate token
TOKEN=$(emailengine tokens issue -d "API Token" -s "*")

# 2. Export token to get the hash
EXPORTED=$(emailengine tokens export -t $TOKEN)

# 3. Use the exported hash (not the raw token)
EENGINE_PREPARED_TOKEN=$EXPORTED

Prepared password (requires password hash, not plain password):

# Generate password hash
emailengine password -p "your-secure-password" --hash
# Output: JHBia2RmMi1zaGE1MTIkaTEwMDAwMCRhYmNkZWYx...

# Use the hash
EENGINE_PREPARED_PASSWORD=JHBia2RmMi1zaGE1MTIkaTEwMDAwMCRhYmNkZWYx...

Prepared license:

EENGINE_PREPARED_LICENSE=your-license-key-here

Prepared configuration guide →

Complete Examples

Minimal Production

# Required
EENGINE_REDIS=redis://localhost:6379
EENGINE_HOST=0.0.0.0
EENGINE_PORT=3000

# Recommended
EENGINE_LOG_LEVEL=info

High-Performance Production

# Server
EENGINE_HOST=0.0.0.0
EENGINE_PORT=3000

# Redis
EENGINE_REDIS=redis://redis-cluster:6379
EENGINE_REDIS_PREFIX={ee-prod}

# Performance
EENGINE_WORKERS=8
EENGINE_WORKERS_SUBMIT=4
EENGINE_WORKERS_WEBHOOKS=4

# Limits
EENGINE_MAX_SIZE=20971520  # 20 MB attachments
EENGINE_TIMEOUT=30000

# Queue
EENGINE_QUEUE_REMOVE_AFTER=5000

# TLS
EENGINE_TLS_MIN_VERSION=TLSv1.3
EENGINE_TLS_MIN_DH_SIZE=2048

# Logging
EENGINE_LOG_LEVEL=info
BUGSNAG_API_KEY=your-bugsnag-key

Development Setup

# Server
EENGINE_HOST=127.0.0.1
EENGINE_PORT=3001

# Redis (separate DB for dev)
EENGINE_REDIS=redis://localhost:6379/8
EENGINE_REDIS_PREFIX={ee-dev}

# Debugging
NODE_ENV=development
EENGINE_LOG_LEVEL=trace

# Relaxed limits for testing
EENGINE_MAX_SIZE=104857600  # 100 MB
EENGINE_TIMEOUT=180000

Docker Compose Example

version: '3.8'

services:
  redis:
    image: redis:7-alpine
    command: redis-server --appendonly yes
    volumes:
      - redis-data:/data

  emailengine:
    image: postalsys/emailengine:latest
    depends_on:
      - redis
    ports:
      - "3000:3000"
    environment:
      # Server
      - EENGINE_HOST=0.0.0.0
      - EENGINE_PORT=3000

      # Redis
      - EENGINE_REDIS=redis://redis:6379
      - EENGINE_REDIS_PREFIX={ee-prod}

      # Performance
      - EENGINE_WORKERS=4
      - EENGINE_WORKERS_SUBMIT=2
      - EENGINE_WORKERS_WEBHOOKS=2

      # Settings
      - EENGINE_SETTINGS=${EENGINE_SETTINGS}

      # Credentials (EENGINE_PREPARED_PASSWORD requires hash, not plain password)
      # Generate hash: emailengine password -p "your-password" --hash
      - EENGINE_PREPARED_PASSWORD=${ADMIN_PASSWORD_HASH}
      - EENGINE_PREPARED_LICENSE=${LICENSE_KEY}

      # Logging
      - EENGINE_LOG_LEVEL=info

volumes:
  redis-data:

With Proxy Servers Enabled

# Server
EENGINE_HOST=0.0.0.0
EENGINE_PORT=3000

# Redis
EENGINE_REDIS=redis://localhost:6379

# IMAP Proxy
EENGINE_IMAP_PROXY_ENABLED=true
EENGINE_IMAP_PROXY_HOST=0.0.0.0
EENGINE_IMAP_PROXY_PORT=2993
EENGINE_IMAP_PROXY_SECRET=imap-proxy-secret

# SMTP Proxy
EENGINE_SMTP_ENABLED=true
EENGINE_SMTP_HOST=0.0.0.0
EENGINE_SMTP_PORT=2525
EENGINE_SMTP_SECRET=smtp-proxy-secret

# Logging
EENGINE_LOG_LEVEL=info

Environment Variable to CLI Mapping

Common environment variables and their command-line equivalents:

Environment VariableCLI ArgumentDescription
EENGINE_REDIS or REDIS_URL--dbs.redisRedis connection URL
EENGINE_HOST--api.hostHTTP server bind address
EENGINE_PORT or PORT--api.portHTTP server port
EENGINE_LOG_LEVEL--log.levelLog level
EENGINE_SECRET--service.secretEncryption secret
EENGINE_WORKERS--workers.imapIMAP worker count
EENGINE_WORKERS_WEBHOOKS--workers.webhooksWebhook worker count
EENGINE_WORKERS_SUBMIT--workers.submitSubmission worker count
EENGINE_MAX_SIZE--api.maxSizeMax attachment size
EENGINE_TIMEOUT--service.commandTimeoutCommand timeout

Pattern: Most environment variables follow the pattern EENGINE_*--section.key. To find the CLI equivalent, check the wild-config documentation or use --help.

See Also