iCloud Mail Setup
Configure Mailpilot to work with Apple iCloud Mail (@icloud.com, @me.com, @mac.com).
Prerequisites
- Apple ID with iCloud Mail enabled
- 2-Factor Authentication enabled (required for app-specific passwords)
- IMAP access (enabled by default)
Supported iCloud Domains
iCloud Mail supports multiple email domains:
@icloud.com- Primary iCloud email domain@me.com- Legacy MobileMe domain@mac.com- Legacy .Mac domain
All use the same IMAP server configuration.
Step 1: Enable 2-Factor Authentication
App-specific passwords require 2FA to be enabled on your Apple ID.
- Go to Apple ID Account
- Sign in with your Apple ID
- Navigate to Security section
- If 2FA is not enabled, click Turn On Two-Factor Authentication
- Follow the prompts to set up 2FA
Step 2: Generate App-Specific Password
Never use your Apple ID password! App-specific passwords are required for third-party apps like Mailpilot.
- Go to Apple ID Account
- Sign in with your Apple ID
- In the Security section, find App-Specific Passwords
- Click Generate Password...
- Enter a label:
MailpilotorEmail Automation - Click Create
- Copy the password displayed (format:
xxxx-xxxx-xxxx-xxxx)
The app-specific password is shown only once. Store it securely or you'll need to generate a new one.
Step 3: Configure Mailpilot
Add iCloud Mail to your config.yaml:
accounts:
- name: icloud
imap:
host: imap.mail.me.com
port: 993
username: ${ICLOUD_USER} # your.email@icloud.com
password: ${ICLOUD_APP_PASSWORD} # App-specific password
tls: true
folders:
- name: INBOX
llm_provider: openai
prompt: |
Classify this email...Step 4: Set Environment Variables
Set your iCloud credentials:
export ICLOUD_USER="your.email@icloud.com"
export ICLOUD_APP_PASSWORD="xxxx-xxxx-xxxx-xxxx"Or use a .env file:
ICLOUD_USER=your.email@icloud.com
ICLOUD_APP_PASSWORD=xxxx-xxxx-xxxx-xxxxYou can include or omit the hyphens in the app-specific password - both work.
Step 5: Test Connection
pnpm startCheck the dashboard at http://localhost:8080 for connection status.
IMAP Server Settings
| Setting | Value |
|---|---|
| IMAP Server | imap.mail.me.com |
| Port | 993 |
| Encryption | TLS/SSL |
| Username | Your full iCloud email address |
| Password | App-specific password (not Apple ID password) |
All iCloud email domains (@icloud.com, @me.com, @mac.com) use the same IMAP server: imap.mail.me.com
iCloud Mail Folder Names
iCloud uses standard IMAP folder names:
| IMAP Folder Name | iCloud Mail Folder |
|---|---|
INBOX | Inbox |
Sent Messages | Sent |
Drafts | Drafts |
Deleted Messages | Trash |
Junk | Junk |
Archive | Archive |
Multiple iCloud Accounts
Process multiple iCloud accounts (if you have multiple Apple IDs):
accounts:
- name: personal
imap:
host: imap.mail.me.com
username: ${ICLOUD_PERSONAL_USER}
password: ${ICLOUD_PERSONAL_APP_PASSWORD}
- name: work
imap:
host: imap.mail.me.com
username: ${ICLOUD_WORK_USER}
password: ${ICLOUD_WORK_APP_PASSWORD}Set separate environment variables for each account.
Troubleshooting
"Username and password not accepted"
Causes:
- Using Apple ID password instead of app-specific password
- 2-Factor Authentication not enabled
- Incorrect email format
- App-specific password expired or revoked
Solutions:
- Generate a new app-specific password
- Ensure 2FA is enabled on your Apple ID
- Use your full email address (e.g.,
you@icloud.com) - Verify the app-specific password is correct
- Check that you didn't accidentally revoke the password
"IMAP is disabled for this account"
Cause: IMAP access is disabled in iCloud Mail settings.
Solution:
- Sign in to iCloud.com
- Go to Account Settings
- Ensure Mail is enabled
- IMAP is enabled by default - contact Apple Support if disabled
"Account temporarily locked"
Cause: Multiple failed login attempts triggered Apple's security protection.
Solution:
- Wait 15-30 minutes before retrying
- Check your Apple ID account for security alerts
- Verify you're using the correct app-specific password
- Generate a fresh app-specific password if needed
- Visit iforgot.apple.com if locked
Connection timeout
Cause: Firewall blocking port 993 or iCloud server issues.
Solution:
imap:
host: imap.mail.me.com
port: 993
timeout: 60000 # Increase timeout to 60 seconds
keepalive: true"Certificate verify failed"
Cause: SSL/TLS certificate validation issue.
Solution: This is rare with iCloud. If it occurs:
imap:
host: imap.mail.me.com
port: 993
tls: true
tls_options:
minVersion: 'TLSv1.2'"Too many simultaneous connections"
Cause: iCloud limits concurrent IMAP connections (typically 15-20).
Solution:
- Close other email clients accessing the same account
- Reduce
polling_intervalin your config - Use separate app-specific passwords for different applications
iCloud-Specific Considerations
App-Specific Password Management
You can manage your app-specific passwords at appleid.apple.com:
- View active passwords: See which apps have access
- Revoke passwords: Click the x next to a password to revoke it
- Generate new passwords: Create new passwords as needed
Each password shows:
- Name you gave it (e.g., "Mailpilot")
- Creation date
- No expiration (unless revoked manually)
Rate Limits
iCloud applies rate limits to IMAP connections:
- Connection limit: ~15-20 concurrent connections
- Throttling: Aggressive polling may trigger temporary blocks
To avoid issues:
polling_interval: 120s # Poll every 2 minutes
accounts:
- name: icloud
imap:
host: imap.mail.me.com
keepalive: true
timeout: 60000iCloud+ Features
If you have iCloud+ (paid storage plan):
- IMAP access works the same way
- "Hide My Email" addresses work with IMAP
- Custom domain emails use the same server
- Same app-specific password requirements
Custom Domain Email
If you use a custom domain with iCloud Mail:
accounts:
- name: custom-domain
imap:
host: imap.mail.me.com
port: 993
username: ${CUSTOM_DOMAIN_USER} # you@yourdomain.com
password: ${ICLOUD_APP_PASSWORD} # Same app-specific passwordSecurity Best Practices
- Always use app-specific passwords - never your Apple ID password
- Keep 2FA enabled on your Apple ID
- Monitor sign-in activity in Apple ID Security
- Revoke unused passwords when you stop using an application
- Use environment variables for credentials
- Never commit passwords to version control
- Rotate app-specific passwords periodically
Advanced Configuration
Per-Folder Settings
Process different iCloud folders with different settings:
accounts:
- name: icloud
imap:
host: imap.mail.me.com
username: ${ICLOUD_USER}
password: ${ICLOUD_APP_PASSWORD}
folders:
- name: INBOX
llm_provider: openai
model: gpt-4o-mini
prompt: |
Classify inbox emails...
- name: Junk
llm_provider: ollama # Use local model for junk folder
model: llama3.2
prompt: |
Review spam classifications...
- name: Archive
llm_provider: openai
model: gpt-4o-mini
prompt: |
Organize archived emails...Connection Pool Settings
For high-volume email processing:
imap:
host: imap.mail.me.com
port: 993
maxConnections: 5 # Max concurrent connections
keepalive: true # Keep connections alive
timeout: 60000 # 60 second timeoutTesting IMAP Connection Manually
Verify IMAP settings with openssl:
openssl s_client -connect imap.mail.me.com:993 -crlfYou should see:
* OK iCloud IMAP4 service readyTest authentication (replace with your credentials):
a1 LOGIN your.email@icloud.com xxxx-xxxx-xxxx-xxxxSuccessful login shows:
a1 OK LOGIN completedMigrating from Other Email Providers
If you're migrating from another provider to iCloud:
- Forward emails from old provider to iCloud (temporary)
- Update configuration with iCloud settings
- Generate new app-specific password for Mailpilot
- Test thoroughly before removing old provider config
- Update environment variables with iCloud credentials
Hide My Email Integration
If you use Apple's "Hide My Email" feature:
- Each hide-my-email address appears as a separate folder in IMAP
- These are aliased to your main inbox
- Classification rules apply to the main INBOX folder
- Replies maintain the hide-my-email address