Using Mailgun with SummitPSA

·

Mailgun is a convenient way to run both outbound and inbound mail for a self-hosted SummitPSA. Outbound uses Mailgun's SMTP; inbound uses a Mailgun Route that forwards parsed mail to a SummitPSA webhook.

Outbound (SMTP)

Create an email account (Admin → Email accounts) using your Mailgun SMTP credentials — host smtp.mailgun.org, port 587, TLS on, and the SMTP login/password from your Mailgun domain. This account becomes the shared anchor for inbound bookkeeping too, so keep it active.

Inbound (webhook)

  1. Set the Mailgun signing key for your install via the mailgun_signing_key setting (deployed through the environment/config). The webhook verifies every request against it.
  2. In Mailgun, add a Route that matches your support address and forwards the parsed message to your install:
    match_recipient("hello@mail.summitpsa.com")
      -> forward("https://your-install/api/inbound/mailgun")

How it is secured

The endpoint POST /api/inbound/mailgun is public and unauthenticated — the credential is Mailgun's HMAC-SHA256 signature over timestamp + token, checked with the signing key. Responses follow Mailgun retry semantics:

StatusMeaning
200Processed, deduped, or ignored (Mailgun stops)
406Bad/forged signature (permanent drop)
503Signing key or SMTP account anchor not configured yet (retried)
500Transient processing error (retried)

Mailgun inbound reuses the same dedup, threading, contact creation, board routing and bounce/loop suppression as IMAP polling, so behaviour is identical regardless of transport.

Was this article helpful?
Still need help? Contact SummitPSA support.