Mail rules cookbook

A collection of ready-to-use rules.toml patterns for common setups. Each example shows both the TOML block for rules.toml and the equivalent admin CLI command.

For the full field reference, see Mail rules reference.

CLI note: The /mail rules create command accepts key=value pairs separated by spaces. Values that contain spaces (e.g., a subject phrase) must be set by editing rules.toml directly. For everything else the CLI and TOML are equivalent.

---

Restrict outbound to specific recipient domains

Block outbound delivery to a particular domain — for example, preventing internal servers from sending mail outside the organization.

Rules have no "allow" action, so outbound domain restriction works as a blocklist: add a reject rule for each blocked domain and leave everything else unrestricted. To block all outbound except to your own domain, control who can authenticate against the submission listener using Everlock access grants — that is the correct enforcement point for sender authorization.

Block outbound to one domain:

[[rule]]
id = "rule-outbound-block-competitor"
priority = 1
direction = "outbound"
receiver = "*@blocked.example"
type = "reject"

/mail rules create rule-outbound-block-competitor direction=outbound priority=1 receiver=*@blocked.example type=reject

Allow outbound to one domain only, block everything else:

Use allow at priority 1 to explicitly pass the permitted domain through, then a catch-all reject at a higher priority number to block the rest.

[[rule]]
id = "rule-outbound-allow-jens-dev"
priority = 1
direction = "outbound"
receiver = "*@jens.dev"
type = "allow"

[[rule]]
id = "rule-outbound-block-all"
priority = 100
direction = "outbound"
type = "reject"

/mail rules create rule-outbound-allow-jens-dev direction=outbound priority=1 receiver=*@jens.dev type=allow
/mail rules create rule-outbound-block-all direction=outbound priority=100 type=reject

Force all outbound through a relay address:

[[rule]]
id = "rule-outbound-relay"
priority = 100
direction = "outbound"
type = "forward"
address = "smarthost@relay.example.net"

/mail rules create rule-outbound-relay direction=outbound priority=100 type=forward address=smarthost@relay.example.net

---

Restrict inbound to a single domain

Inbound domain restriction is enforced automatically by Everlock's hosted-domain model. Once you create a mail domain, Everlock only accepts SMTP recipients for that domain — no rule is required.

/mail domains create example.com

If you want to add extra assurance at the rules layer as well, reject anything that reaches rules evaluation for an unexpected domain:

[[rule]]
id = "rule-inbound-reject-unexpected-domain"
priority = 1
direction = "inbound"
type = "reject"
domain = "unexpected.example"

/mail rules create rule-inbound-reject-unexpected-domain direction=inbound priority=1 domain=unexpected.example type=reject

---

Admin catch-all for unknown recipients

Route all mail that would otherwise have no matching mailbox to a central admin address. Useful to catch contact form submissions, typos, or old addresses.

[[rule]]
id = "rule-admin-catchall"
priority = 100
direction = "inbound"
domain = "example.com"
type = "store_as"
mailbox = "admin@example.com"
folder = "catchall"

/mail rules create rule-admin-catchall direction=inbound priority=100 domain=example.com type=store_as mailbox=admin@example.com folder=catchall

Put this at a high priority number so more specific rules run first.

---

Shared alias for a team inbox

Route all mail sent to support@example.com into a shared mailbox that the whole team reads.

[[rule]]
id = "rule-support-alias"
priority = 5
direction = "inbound"
receiver = "support@example.com"
type = "store_as"
mailbox = "team@example.com"
folder = "support"

/mail rules create rule-support-alias direction=inbound priority=5 receiver=support@example.com type=store_as mailbox=team@example.com folder=support

---

Auto-forward to an external address

Forward a copy of all inbound mail for one address to an external mailbox, for example while someone is away or using a legacy address.

[[rule]]
id = "rule-forward-alice"
direction = "inbound"
receiver = "alice@example.com"
type = "store_and_forward"
address = "alice@gmail.com"
folder = "inbox"

/mail rules create rule-forward-alice direction=inbound receiver=alice@example.com type=store_and_forward address=alice@gmail.com folder=inbox

store_and_forward keeps a local copy. Use forward instead to skip local storage entirely:

[[rule]]
id = "rule-forward-alice-only"
direction = "inbound"
receiver = "alice@example.com"
type = "forward"
address = "alice@gmail.com"

/mail rules create rule-forward-alice-only direction=inbound receiver=alice@example.com type=forward address=alice@gmail.com

---

Send mailing list traffic to a folder

Any message that carries a List-Id header is a mailing list message. Route them all to a dedicated folder before the default catch-all fires.

[[rule]]
id = "rule-lists-folder"
priority = 1
direction = "inbound"
has_header = "List-Id"
type = "put_in_folder"
folder = "lists"

/mail rules create rule-lists-folder direction=inbound priority=1 has_header=List-Id type=put_in_folder folder=lists

---

Mark newsletters as read automatically

Newsletters you subscribe to are usually not urgent. Accept them but mark them as already-read so they don't inflate your unread count.

[[rule]]
id = "rule-newsletter-seen"
priority = 2
direction = "inbound"
has_header = "List-Unsubscribe"
type = "set_flags"
seen = true

/mail rules create rule-newsletter-seen direction=inbound priority=2 has_header=List-Unsubscribe type=set_flags seen=true

Combine with the list folder rule above by putting this at a higher priority number so it runs after the folder rule.

---

Reject mail from a specific sender

Block a known bad sender before any storage or processing happens.

[[rule]]
id = "rule-block-spammer"
priority = 1
direction = "inbound"
sender = "*@known-spam.example"
type = "reject"

/mail rules create rule-block-spammer direction=inbound priority=1 sender=*@known-spam.example type=reject

Use drop instead of reject if you want to accept silently without bouncing — useful when you suspect the sender address is forged and you do not want to generate backscatter:

[[rule]]
id = "rule-drop-spammer"
priority = 1
direction = "inbound"
sender = "*@known-spam.example"
type = "drop"

/mail rules create rule-drop-spammer direction=inbound priority=1 sender=*@known-spam.example type=drop

---

Reject oversized messages

Block inbound messages over a size threshold to protect storage.

[[rule]]
id = "rule-reject-large-inbound"
priority = 1
direction = "inbound"
size_gt = 26214400
type = "reject"

/mail rules create rule-reject-large-inbound direction=inbound priority=1 size_gt=26214400 type=reject

Do the same for outbound:

[[rule]]
id = "rule-reject-large-outbound"
priority = 1
direction = "outbound"
size_gt = 26214400
type = "reject"

/mail rules create rule-reject-large-outbound direction=outbound priority=1 size_gt=26214400 type=reject

---

Route build and alert notifications

CI systems and monitoring tools usually send from a predictable address or use a subject prefix. Put them in their own folder.

By sender domain:

[[rule]]
id = "rule-monitoring-alerts"
priority = 3
direction = "inbound"
sender = "*@monitoring.example.com"
type = "put_in_folder"
folder = "alerts"

/mail rules create rule-monitoring-alerts direction=inbound priority=3 sender=*@monitoring.example.com type=put_in_folder folder=alerts

By subject prefix (edit rules.toml directly since the value contains brackets):

[[rule]]
id = "rule-ci-alerts"
priority = 3
direction = "inbound"
subject_contains = "[build]"
type = "put_in_folder"
folder = "ci"

---

A complete minimal setup

A rules.toml for a single hosted domain with the most common cases covered. Create the domain first, then add the rules:

/mail domains create example.com
/mail rules create rule-reject-large direction=inbound priority=1 size_gt=26214400 type=reject
/mail rules create rule-lists direction=inbound priority=2 has_header=List-Id type=put_in_folder folder=lists
/mail rules create rule-support direction=inbound priority=5 receiver=support@example.com type=store_as mailbox=admin@example.com folder=support
/mail rules create rule-outbound-size direction=outbound priority=1 size_gt=26214400 type=reject
/mail rules create rule-default direction=inbound priority=100 receiver=* type=store folder=inbox

Equivalent rules.toml:

# Block oversized inbound
[[rule]]
id = "rule-reject-large"
priority = 1
direction = "inbound"
size_gt = 26214400
type = "reject"

# Route list traffic to a folder
[[rule]]
id = "rule-lists"
priority = 2
direction = "inbound"
has_header = "List-Id"
type = "put_in_folder"
folder = "lists"

# Route support to shared mailbox
[[rule]]
id = "rule-support"
priority = 5
direction = "inbound"
receiver = "support@example.com"
type = "store_as"
mailbox = "admin@example.com"
folder = "support"

# Block oversized outbound
[[rule]]
id = "rule-outbound-size"
priority = 1
direction = "outbound"
size_gt = 26214400
type = "reject"

# Catch-all inbound
[[rule]]
id = "rule-default"
priority = 100
direction = "inbound"
receiver = "*"
type = "store"
folder = "inbox"

---

Read next

• Mail rules reference
• Mail backend
• Getting started: Inbound mail
• Getting started: Outbound mail