GitHub Repository

VaultSandbox is a self-hosted SMTP testing gateway designed to replicate production email behavior—including TLS, DNS, authentication, and spam scoring—so your email tests reflect real-world conditions.

26 starsTypeScript

VaultSandbox – Real SMTP testing that works on localhost (Apache 2.0)

Name: VaultSandbox – Real SMTP testing that works on localhost (Apache 2.0)
Availability: InStock
Author: vaultsandbox

by vaultsandbox·Feb 25, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemCozy

SMTP sandbox with SPF/DKIM/DMARC validation, but Mailhog and Subethamail exist.

Strengths

•Zero-config localhost setup (encryption/auth off by default) removes friction vs. real SMTP servers.
•Chaos mode (greylisting, latency injection, SMTP errors per-inbox) tests resilience that naive mocks miss.
•Proper architectural isolation: each test gets its own inbox with scoped webhooks, preventing state leaks.

Weaknesses

•Direct competitor space (Mailhog, Subethamail, Ethereal) is mature; main differentiation is chaos tooling, not unique.
•Still in beta; feature completeness and stability untested against production email flows.

Post Description

Hi HN,

I posted VaultSandbox two months ago and the main feedback was AGPL concerns. I've listened: it's now Apache 2.0. I've also overhauled the local experience to make it "just work" on localhost with zero config.

VaultSandbox is a self-hosted SMTP receiver and programmable debugger. It bridges the gap between "it sent" and "it was delivered" by simulating production-grade email lifecycles. It is architected for parallel testing: each test runs in its own isolated inbox with dedicated webhooks and chaos settings...no state leaks.

What’s New: -Local-First: Encryption (TLS) and email auth (SPF/DKIM) are now optional toggles. On localhost, they are off by default so you can test instantly. -Chaos Mode: Trigger greylisting, latency, or specific SMTP errors per-inbox to test your app's resilience. -Webhooks & Spam Scores: Inbox-scoped webhooks and integrated spam scoring (via rspamd) to predict deliverability before you send. -Instant DNS (vsx.email): Any public IP running VaultSandbox gets a subdomain with pre-configured MX, SPF, DKIM, and DMARC records for high-fidelity testing. -Deterministic Testing: Use our SDKs to "wait" for emails based on specific criteria instead of using sleep() in your tests.

Workflow: 1-Start local: One container gives you SMTP, Web UI, and SDKs. 2-Scale to production: Deploy to a public IP to test real flows from SES/SendGrid with the same test code. No mocks, just reality.

Repo: https://github.com/vaultsandbox/gateway (Apache 2.0) Quick start: https://vaultsandbox.dev/deployment/local-development/

What would it take for you to switch from your current email testing setup?

Similar Projects

Infrastructure●●Solid

Posthorn, self-hosted mail without the mail server

Routes Ghost and Gitea email through one transactional provider to bypass VPS SMTP blocks.

Solve My ProblemCozy

craigmccaskill

836023d ago

AI/ML●Mid

Consciousness Gateway – AI routing with consciousness-first alignment

Product Algebra routing plus an explicit 'dharma' pipeline (no-self regularization, entropy/mindfulness metrics, compassion and ethos scores) is a strikingly specific approach — it moves beyond cost/capability heuristics into cross-modal interaction scoring and reputation-driven incentives. There's real engineering here (1s perception loop, SQLite memory, Telegram UX, multi-provider SDK support), but the repo reads young and claim-heavy: I want reproducible benchmark artifacts, links from the code to the cited 439-model experiments, and clearer deployment/security guidance before trusting it for critical workloads.

Bold BetBig Brain

AIconscious

204mo ago

Developer Tools●●Solid