Using Mailgun with SummitPSA
Mailgun is a convenient way to run both outbound and inbound mail for a self-hosted SummitPSA. Outbound uses Mailgun's SMTP; inbound uses a Mailgun Route that forwards parsed mail to a SummitPSA webhook.
Outbound (SMTP)
Create an email account (Admin → Email accounts) using your Mailgun SMTP credentials — host smtp.mailgun.org, port 587, TLS on, and the SMTP login/password from your Mailgun domain. This account becomes the shared anchor for inbound bookkeeping too, so keep it active.
Inbound (webhook)
- Set the Mailgun signing key for your install via the
mailgun_signing_keysetting (deployed through the environment/config). The webhook verifies every request against it. - In Mailgun, add a Route that matches your support address and forwards the parsed message to your install:
match_recipient("hello@mail.summitpsa.com") -> forward("https://your-install/api/inbound/mailgun")
How it is secured
The endpoint POST /api/inbound/mailgun is public and unauthenticated — the credential is Mailgun's HMAC-SHA256 signature over timestamp + token, checked with the signing key. Responses follow Mailgun retry semantics:
| Status | Meaning |
|---|---|
200 | Processed, deduped, or ignored (Mailgun stops) |
406 | Bad/forged signature (permanent drop) |
503 | Signing key or SMTP account anchor not configured yet (retried) |
500 | Transient processing error (retried) |
Mailgun inbound reuses the same dedup, threading, contact creation, board routing and bounce/loop suppression as IMAP polling, so behaviour is identical regardless of transport.