Stalwart Mail Server on Cloudron - Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)
-
@nebulon Is there a way to set this up besides the cloudron E-Mail server? What ports could I map this to if I wanted to test package this for cloudron?
I was thinking ofIMAP:
1143(with TLS) for a balance of simplicity and firewall compatibility. Alternatively, a high port like50000.SMTP:
2525(with STARTTLS) as it’s widely supported and rarely blocked. Alternatively2587or a high port like55000. -
I believe all used ports are listed here: https://docs.cloudron.io/security/#cloud-firewall
Does that help? -
I believe all used ports are listed here: https://docs.cloudron.io/security/#cloud-firewall
Does that help?@necrevistonnezr Yes I've seen those, just wanted to know if there were any other considerations from the devs
-
- Main Page: https://stalw.art/
- Git: https://github.com/stalwartlabs/mail-server
- Licence: AGPL v3 & SELv1 for some features
- Docker: Yes
- Documentation: https://stalw.art/docs/install/docker
- Demo:
link
- Summary: Stalwart Mail Server is an open-source mail server solution with SMTP, JMAP, IMAP4, and POP3 support and a wide range of modern features. It is written in Rust and aims to be secure, fast, robust and scalable.
- Notes: Modern Mail server implementation with security features like Encryption at rest with S/MIME or OpenPGP
Key features:
- JMAP, IMAP4, POP3 and ManageSieve server:
- JMAP server with Sieve Scripts, WebSocket, Blob Management and Quotas extensions.
- IMAP4rev2 and IMAP4rev1 server with support for numerous extensions.
- POP3 server with extensions, STLS and SASL support.
- ManageSieve server for managing Sieve scripts.
- SMTP server:
- Built-in DMARC, DKIM, SPF and ARC support for message authentication.
- Strong transport security through DANE, MTA-STS and SMTP TLS reporting.
- Inbound throttling and filtering with granular configuration rules, sieve scripting, MTA hooks and milter integration.
- Distributed virtual queues with delayed delivery, priority delivery, quotas, routing rules and throttling support.
- Envelope rewriting and message modification.
- Built-in Spam and Phishing filter:
- Comprehensive set of filtering rules on par with popular solutions.
- LLM-driven spam filtering and message analysis.
- Statistical spam classifier with automatic training capabilities.
- DNS Blocklists (DNSBLs) checking of IP addresses, domains, and hashes.
- Collaborative digest-based spam filtering with Pyzor.
- Phishing protection against homographic URL attacks, sender spoofing and other techniques.
- Trusted reply tracking to recognize and prioritize genuine e-mail replies.
- Sender reputation monitoring by IP address, ASN, domain and email address.
- Greylisting to temporarily defer unknown senders.
- Spam traps to set up decoy email addresses that catch and analyze spam.
- Flexible and scalable:
- Pluggable storage backends with RocksDB, FoundationDB, PostgreSQL, mySQL, SQLite, S3-Compatible, Redis and ElasticSearch support.
- Clustering support with node autodiscovery and partition-tolerant failure detection.
- Full-text search available in 17 languages.
- Sieve scripting language with support for all registered extensions.
- Email aliases, mailing lists, subaddressing and catch-all addresses support.
- Automatic account configuration and discovery with autoconfig and autodiscover.
- Multi-tenancy support with domain and tenant isolation.
- Disk quotas per user and tenant.
- Secure and robust:
- Encryption at rest with S/MIME or OpenPGP.
- Automatic TLS certificate provisioning with ACME using TLS-ALPN-01, DNS-01 or HTTP-01 challenges.
- Automated blocking of IP addresses that attack, abuse or scan the server for exploits.
- Rate limiting.
- Security audited (read the report).
- Memory safe (thanks to Rust).
- Authentication and Authorization:
- OpenID Connect authentication.
- OAuth 2.0 authorization with authorization code and device authorization flows.
- LDAP, OIDC, SQL or built-in authentication backend support.
- Two-factor authentication with Time-based One-Time Passwords (2FA-TOTP)
- Application passwords (App Passwords).
- Roles and permissions.
- Access Control Lists (ACLs).
- Observability:
- Logging and tracing with OpenTelemetry, journald, log files and console support.
- Metrics with OpenTelemetry and Prometheus integration.
- Webhooks for event-driven automation.
- Alerts with email and webhook notifications.
- Live tracing and metrics.
- Web-based administration:
- Dashboard with real-time statistics and monitoring.
- Account, domain, group and mailing list management.
- SMTP queue management for messages and outbound DMARC and TLS reports.
- Report visualization interface for received DMARC, TLS-RPT and Failure (ARF) reports.
- Configuration of every aspect of the mail server.
- Log viewer with search and filtering capabilities.
- Self-service portal for password reset and encryption-at-rest key management.
- Screenshots:
I really love all the features here.
-
I just started using Jmap because of ThunderMail (not Thunderbird), but I really like that server.
@andreasdueren I think having an additional mail server app would be great, but the actual mail server is perfectly integrated into Cloudron itself. Nice find!If this server becomes more stable (see the breaking changes when updating: https://github.com/stalwartlabs/stalwart/blob/main/UPGRADING/v0_15.md), it could be a very nice drop-in replacement for the internal mail server as long as the licence (https://github.com/stalwartlabs/stalwart?tab=readme-ov-file#license) fits. However, reading the 'Enterprise' options (https://stalw.art/enterprise/), it may not be suitable because 'Multi-Tenant' is an 'Enterprise' feature.
If I find some time, I can do some tests and post the results here, but that's low priority.
-
I'm experimenting with packaging this. Please help me test it: https://git.due.ren/andreas/stalwart-cloudron/-/raw/main/CloudronVersions.json?ref_type=heads
-
I'm experimenting with packaging this. Please help me test it: https://git.due.ren/andreas/stalwart-cloudron/-/raw/main/CloudronVersions.json?ref_type=heads
Hello @andreasdueren, thank you stalwart always interested me but the built-in email in Cloudron is so efficient that I didn't took the time to test it further.
So just to help you and for curiosity I tried to install the software using your json. The install was quick and okay, but I was unable to log in.
Using the redirect to openID with the cloudron admin email adress leads me to this error:
Failed to load the admin panel configuration. API error 403So in a new window I've insert the /admin adress and admin as a user and the password stored in /app/data/env in STALWART_RECOVERY_ADMIN=admin:XXXXXXXXXXX
Token exchange failed: 400 Back to loginSo I've changed STALWART_RECOVERY_MODE=false to true, restarted the app but got still the same error...
-
Hello @andreasdueren, thank you stalwart always interested me but the built-in email in Cloudron is so efficient that I didn't took the time to test it further.
So just to help you and for curiosity I tried to install the software using your json. The install was quick and okay, but I was unable to log in.
Using the redirect to openID with the cloudron admin email adress leads me to this error:
Failed to load the admin panel configuration. API error 403So in a new window I've insert the /admin adress and admin as a user and the password stored in /app/data/env in STALWART_RECOVERY_ADMIN=admin:XXXXXXXXXXX
Token exchange failed: 400 Back to loginSo I've changed STALWART_RECOVERY_MODE=false to true, restarted the app but got still the same error...
@josephcosta Yes, openID isn't working yet. working on that. But the package should auto create admin credentials you can extract from the env. At least it does for me. Doesn't it have a
STALWART_RECOVERY_ADMIN=admin:xxxxxxxxxxxxxxxxentry already? -
@josephcosta Yes, openID isn't working yet. working on that. But the package should auto create admin credentials you can extract from the env. At least it does for me. Doesn't it have a
STALWART_RECOVERY_ADMIN=admin:xxxxxxxxxxxxxxxxentry already?Hello @andreasdueren
Doesn't it have a
STALWART_RECOVERY_ADMIN=admin:xxxxxxxxxxxxxxxxentry already?Yes it does, as I wrote you I tried to access using admin as username and the password after
admin:but I had this error:Token exchange failed: 400 Back to login -
Hello @andreasdueren
Doesn't it have a
STALWART_RECOVERY_ADMIN=admin:xxxxxxxxxxxxxxxxentry already?Yes it does, as I wrote you I tried to access using admin as username and the password after
admin:but I had this error:Token exchange failed: 400 Back to login@josephcosta Hmm. I'll check it out later today or tomorrow. Thanks for testing!
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login