- Main Page: https://stalw.art/
- Git: https://github.com/stalwartlabs/mail-server
- Licence: AGPL v3 & SELv1 for some features
- Docker: Yes
- Documentation: https://stalw.art/docs/install/docker
- Demo:
link
- Summary: Stalwart Mail Server is an open-source mail server solution with SMTP, JMAP, IMAP4, and POP3 support and a wide range of modern features. It is written in Rust and aims to be secure, fast, robust and scalable.
- Notes: Modern Mail server implementation with security features like Encryption at rest with S/MIME or OpenPGP
Key features:
- JMAP, IMAP4, POP3 and ManageSieve server:
- JMAP server with Sieve Scripts, WebSocket, Blob Management and Quotas extensions.
- IMAP4rev2 and IMAP4rev1 server with support for numerous extensions.
- POP3 server with extensions, STLS and SASL support.
- ManageSieve server for managing Sieve scripts.
- SMTP server:
- Built-in DMARC, DKIM, SPF and ARC support for message authentication.
- Strong transport security through DANE, MTA-STS and SMTP TLS reporting.
- Inbound throttling and filtering with granular configuration rules, sieve scripting, MTA hooks and milter integration.
- Distributed virtual queues with delayed delivery, priority delivery, quotas, routing rules and throttling support.
- Envelope rewriting and message modification.
- Built-in Spam and Phishing filter:
- Comprehensive set of filtering rules on par with popular solutions.
- LLM-driven spam filtering and message analysis.
- Statistical spam classifier with automatic training capabilities.
- DNS Blocklists (DNSBLs) checking of IP addresses, domains, and hashes.
- Collaborative digest-based spam filtering with Pyzor.
- Phishing protection against homographic URL attacks, sender spoofing and other techniques.
- Trusted reply tracking to recognize and prioritize genuine e-mail replies.
- Sender reputation monitoring by IP address, ASN, domain and email address.
- Greylisting to temporarily defer unknown senders.
- Spam traps to set up decoy email addresses that catch and analyze spam.
- Flexible and scalable:
- Pluggable storage backends with RocksDB, FoundationDB, PostgreSQL, mySQL, SQLite, S3-Compatible, Redis and ElasticSearch support.
- Clustering support with node autodiscovery and partition-tolerant failure detection.
- Full-text search available in 17 languages.
- Sieve scripting language with support for all registered extensions.
- Email aliases, mailing lists, subaddressing and catch-all addresses support.
- Automatic account configuration and discovery with autoconfig and autodiscover.
- Multi-tenancy support with domain and tenant isolation.
- Disk quotas per user and tenant.
- Secure and robust:
- Encryption at rest with S/MIME or OpenPGP.
- Automatic TLS certificate provisioning with ACME using TLS-ALPN-01, DNS-01 or HTTP-01 challenges.
- Automated blocking of IP addresses that attack, abuse or scan the server for exploits.
- Rate limiting.
- Security audited (read the report).
- Memory safe (thanks to Rust).
- Authentication and Authorization:
- OpenID Connect authentication.
- OAuth 2.0 authorization with authorization code and device authorization flows.
- LDAP, OIDC, SQL or built-in authentication backend support.
- Two-factor authentication with Time-based One-Time Passwords (2FA-TOTP)
- Application passwords (App Passwords).
- Roles and permissions.
- Access Control Lists (ACLs).
- Observability:
- Logging and tracing with OpenTelemetry, journald, log files and console support.
- Metrics with OpenTelemetry and Prometheus integration.
- Webhooks for event-driven automation.
- Alerts with email and webhook notifications.
- Live tracing and metrics.
- Web-based administration:
- Dashboard with real-time statistics and monitoring.
- Account, domain, group and mailing list management.
- SMTP queue management for messages and outbound DMARC and TLS reports.
- Report visualization interface for received DMARC, TLS-RPT and Failure (ARF) reports.
- Configuration of every aspect of the mail server.
- Log viewer with search and filtering capabilities.
- Self-service portal for password reset and encryption-at-rest key management.
- Screenshots: