Payjoin Mailroom
payjoin-mailroom is a single, lightweight binary that bundles the two server-side roles required by BIP 77 Async Payjoin:
- Payjoin Directory: a store-and-forward mailbox that holds small, ephemeral, end-to-end encrypted payloads so a sender and receiver can complete a payjoin asynchronously (they don't need to be online at the same time).
- OHTTP Relay: an Oblivious HTTP proxy that separates client IP addresses from the directory, preventing the directory from correlating users with their network identity.
Note that this binary is under active development and thus the CLI and configuration file may be unstable.
Configuration
payjoin-mailroom reads configuration from config.toml (or the path given with --config). Every setting can also be supplied via environment variables prefixed with PJ_, using double underscores for nesting (e.g., PJ_TELEMETRY__ENDPOINT).
Usage
Cargo
Docker Compose
A simple docker-compose.yml is provided for convenience.
Nix
The rust-payjoin flake also provides payjoin-mailroom as a package.
systemd
# A minimal [payjoin-mailroom.example.service](payjoin-mailroom.example.service) unit file is provided for convenience. Edit paths and User= as your setup requires.
Telemetry
payjoin-mailroom supports optional OpenTelemetry-based telemetry (metrics).
Build with --features telemetry and configure via the [telemetry] config section.
When no telemetry configuration is present, it falls back to local-only console tracing.
Access Control
Build with --features access-control to enable:
IP Screening
Configured via the [access_control] config section for IP- and region-based filtering.
The auto-fetched GeoLite2 database is provided by MaxMind and distributed under the CC BY-SA 4.0 license.
V1 Address Screening
When the V1 protocol is enabled, payjoin-mailroom can screen PSBTs for blocked Bitcoin addresses.
Configure a local blocklist, a remote URL, or both via the [v1] config section.