Gray Duck Mail

Easy to use email discussion lists

Important Security Concerns

Take the time to understand special security concerns with your installation of Gray Duck Mail


Gray Duck Mail segments its web interface between two ports, one internal and one external. The Docker image utilizes port 80 as its designated internal point of ingress, and port 5000 as its designated external point of ingress. This means that care should be taken to expose only port 5000 of the docker container to the public internet.

Utilizing the external port allows utilization of a "one click" unsubscribe link. The unsubscribe link takes the form of http[s]://hostname/Unsubscribe/{contactID}/{discussionListID}. This might look like, assuming a user with the internal identifier 529 is unsubscribing from discussion list with internal identifier 187, utilizing HTTPS through the hostname

The unsubscribe link is the only externally accessible route in Gray Duck Mail. Attempting to load any other route from port 5000 will result in a 403 Forbidden access error.

Gray Duck Mail should ideally be placed behind a reverse proxy forwarding web traffic only to port 5000 (or the port being forwarded to the external ingress port in the Docker container). It is highly recommended to utilize reverse proxy such as nginx serving SSL content. While not recommended, it might be possible to pair the secure ingress port with HTTP basic authentication.

Gray Duck Mail stores email login credentials in a local database. These credentials are not encrypted. Additionally, the web administration interface has no concept of users or content segmentation beyond its internal and external designations. This means that anyone with access to the internal web interface through port 80 will have access to the login credentials of each email discussion list, as well as the list users' contact information (name and email address) and message archive list (sender and message content).

The database files used by Gray Duck Mail are not encrypted and store all data in plain text. When making backups of the /database docker volume or exporting copies of the database, care should be taken to ensure that file access is restricted.