Overview & Philosophy
Platform Guides
Proton Mail Bridge

Proton Mail Bridge

Proton Mail Bridge allows you to use neomd with ProtonMail accounts by running a local IMAP/SMTP bridge.

Installation

  1. Install Proton Mail Bridge: https://proton.me/mail/bridge
  2. Launch the bridge and configure your ProtonMail account
  3. Note the IMAP and SMTP connection details (typically 127.0.0.1:1143 and 127.0.0.1:1025)

neomd Configuration

Add the following to your ~/.config/neomd/config.toml - notice that you cannot use folder named Scheduled as it’s internally used for scheduled emails:

[[accounts]]
  name = "ProtonMail"
  imap = "127.0.0.1:1143"
  smtp = "127.0.0.1:1025"
  user = "your-proton-email@proton.me"
  password = "bridge-password-here"  # Get this from Proton Bridge settings
  from = "Your Name <your-proton-email@proton.me>"
  starttls = false  # Proton Bridge uses TLS on non-standard ports
  tls_cert_file = "~/ProtonBridge/cert.pem"  # optional: exported Bridge certificate


[folders]
  inbox = "INBOX"
  sent = "Sent"
  trash = "Trash"
  drafts = "Drafts"
  to_screen = "Folders/ToScreen"
  feed = "Folders/Feed"
  papertrail = "Folders/PaperTrail"
  screened_out = "Folders/ScreenedOut"
  archive = "Archive"
  waiting = "Folders/Waiting"
  scheduled = "Folders/sched"
  someday = "Folders/Someday"
  spam = "Spam"
  work = ""
  tab_order = ["inbox", "to_screen", "feed", "papertrail", "waiting", "scheduled", "someday", "archive", "sent", "screened_out", "trash"]

Key Configuration Details

  • IMAP Port: Proton Bridge defaults to 1143 with TLS
  • SMTP Port: Proton Bridge defaults to 1025 with STARTTLS
    • If you need STARTTLS for SMTP, set starttls = true
  • Password: Use the bridge-generated password (not your ProtonMail password)
  • TLS/STARTTLS: neomd automatically detects the correct security mode based on:
    • Standard ports (993→TLS, 143→STARTTLS for IMAP; 465→TLS, 587→STARTTLS for SMTP)
    • Non-standard ports default to TLS unless starttls = true is set
    • Explicit starttls = true always forces STARTTLS
  • Certificate: Proton Bridge uses a self-signed certificate because the IMAP/SMTP server only runs on your own computer. neomd now handles this in two ways:
    • Best: export the Bridge certificate and set tls_cert_file
    • Fallback: for 127.0.0.1 / localhost, neomd retries once if verification fails with an unknown-authority error

Troubleshooting

“refusing unencrypted connection to 127.0.0.1:1143”

This error occurred in older versions of neomd that didn’t respect the starttls config or handle non-standard ports correctly. This is now fixed (v0.4.15+).

If you still see this error:

  1. Ensure you’re running the latest version: neomd --version
  2. Check your config has the correct IMAP/SMTP addresses
  3. Verify Proton Bridge is running: ps aux | grep bridge

“tls: failed to verify certificate”

This usually means Proton Bridge presented its local self-signed certificate and your client did not trust it yet.

Recommended fix:

  1. In Proton Mail Bridge, export the TLS certificates
  2. Point tls_cert_file at the exported cert.pem
  3. Keep starttls = false for IMAP on 1143 unless your Bridge shows otherwise

Without tls_cert_file, neomd now retries once for loopback hosts only, which keeps common Proton Bridge setups working without affecting normal remote IMAP servers.

Connection Refused

  • Make sure Proton Mail Bridge is running
  • Verify the bridge ports in its settings (they may differ from the defaults)
  • Check firewall settings allow localhost connections

Custom Ports

If your Proton Bridge uses different ports, adjust the config accordingly:

imap = "127.0.0.1:YOUR_IMAP_PORT"
smtp = "127.0.0.1:YOUR_SMTP_PORT"

For non-standard ports, neomd defaults to TLS. If your bridge uses STARTTLS on a custom port, add:

starttls = true
Gmail ConfigurationAndroid (Termux)