Stalwart Mail Server on Cloudron - Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)

I really love all the features here.

@m-si said in Is there a possibility in cloudron to propagate a mta-sts policy?:

Recently I played arround, to improve e-mail security with MTA-STS. I was able to simply use surfer app to publish the mta-sts.txt file and set up the necessary DNS entries. But the solution is somewhat clunky, so may be it might be an easy win @girish , to make this directly possible through cloudron ui, until we implement DANE into cloudron.

Steps to reproduce working MTA-STS setup in cloudron useing surfer app

1. setup surfer app at the following subdomain mta-sts.<DOMAIN.TLD>

2. make folder .well-known inside folder public

3. create mta-sts.txt

version: STSv1
mode: enforce
max_age: 86400
mx: mail.<DOMAIN.TLD>

(where any mail server which it should belong should have an entry. I'am not quite shure wethere we need mx: my.<DOMAIN.TLD> as well, but for the tests the above has been sufficient.)

4. set up following DNS records

_mta-sts in TXT v=STSv1; id=20221123132400Z

(where the id is a simple Timestamp or a uniq number to identify the entry)

_smtp._tls in TXT v=TLSRPTv1; rua=mailto:<USERNAME>@<DOMAIN.TLD> 

(where the rua-Mail-Adress is an Address one want's to get the reports)

EDIT:
We can easily check if the setup is correct via check tls.

Is this tutorial still relevant to be added to the documentation page regarding the MTA-STS, @james?

Thank you @james

@james, yes, I have access to the site, and you can invite me to the translator group.

Hello everyone,

I want to share some good news regarding the translation contributions I have been working on over the past few weeks.

The Cloudron translation for Indonesian (Bahasa Indonesia) is now 100% complete.

Today, I have also performed a thorough review of the strings, with a particular focus on the following:

• Ensuring consistency in Indonesian terminology across all translations
• Correcting capitalization to align with the original English strings
• Retaining original English terms where no clear or widely accepted Indonesian equivalent exists, to avoid ambiguity

If any Cloudron users from Indonesia have suggestions or feedback regarding the Indonesian translation, please don't hesitate to reach out to me via direct message or by replying to this post.

I hope this contribution will be helpful for Cloudron users, especially those in Indonesia.

Thank you,
Best regards

@james thank you James for the information

@andreasdueren said in Cloudron documentation outdated? Bitwarden now supports SSO:

SSO_AUTHORITY=

I encountered an issue when attempting to activate SSO using Cloudron OpenID.

I don't know why SSO_AUTHORITY, I just input my Cloudron URL (my.cloudron.example), but the SSO failed.

Do you face the same problem?

@paradoxbound if I enable Dane, should I enable MTA-STS?

When clicking on an application in the Cloudron App Store to view its details, a popup appears showing relevant information about the selected app, such as the description and other metadata.

However, after closing this popup, the page automatically scrolls back to the top.

This behavior makes it somewhat inconvenient, especially when browsing multiple applications further down the list.

Would it be possible to keep the scroll position unchanged after closing the app details popup, so the user remains at the same position in the App Store list instead of being taken back to the top automatically?

Maintaining the scroll position would make it much easier to review and compare applications without having to repeatedly scroll back to the previous location.

Thank you

@james said in Vaultwarden fails to start after update – DB migration error (SSO):

Hello @archos
I think, I have the same issue.
This is the log:

[2025-12-29 19:23:43.075][panic][ERROR] thread 'main' panicked at 'Error running migrations: QueryError(DieselMigrationName { name: "2024-03-06-170000_add_sso_users", version: MigrationVersion("20240306170000") }, DatabaseError(Unknown, "Referencing column 'user_uuid' and referenced column 'uuid' in foreign key constraint 'sso_users_ibfk_1' are incompatible."))': src/db/mod.rs:505

And seems to be already reported upstream: https://github.com/dani-garcia/vaultwarden/issues/6611

---

EDIT:
I followed the guided instructions and was able to fix it => https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MariaDB-(MySQL)-Backend#foreign-key-errors-collation-and-charset

be sure to replace "vaultwarden" in the SQL querries with your cloudron database name.

I experienced the exact same issue when upgrading to the latest version. I managed to resolve it following @james's suggestion.

Here is a recap of the step-by-step process I executed, which might help others:

• 1. Enter Recovery Mode
     Go to the Cloudron dashboard and enable Recovery Mode for your Vaultwarden application.
• 2. Access the MySQL Database
     Open the application Terminal and click the MySQL button to access the database console..
• 3. Identify the Vaultwarden Database Name
     Run the following command to see the list of databases:

SHOW DATABASES;

Note the database name that appears (it is usually a random string like 9121d...). You will need this for the next steps.

• 4. Change the Database Charset

Replace YourDatabaseVaultwarden in the command below with the actual database name retrieved in Step 3, then run:

ALTER DATABASE `YourDatabaseVaultwarden` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 

• 5. Generate Table Modification Commands
     Run this query to generate the specific ALTER TABLE commands for your existing tables:

SELECT CONCAT('ALTER TABLE `', TABLE_NAME,'` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;') 
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_SCHEMA="YourDatabaseVaultwarden"
AND TABLE_TYPE="BASE TABLE";

Copy the output generated by this command. You can paste this list into ChatGPT or Gemini and ask it to format it for the next step (wrapping it between the foreign key check commands).

• 6. Execute the Final Fix
     The final command block should follow this structure:

SET foreign_key_checks=0;
-- Copy/Paste the output from above here
SET foreign_key_checks=1;

If you are unsure about the formatting, I simply copied the raw table list from the terminal in Step 5 and asked an AI to format it into valid MySQL syntax using the structure above.

Here is an example of what the final command looks like (Note: Do not copy-paste the specific table list below; use the one generated from your own database in Step 5, as your tables might differ):

SET foreign_key_checks=0;
ALTER TABLE `__diesel_schema_migrations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `attachments` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `devices` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `emergency_access` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `favorites` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders_ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `invitations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `org_policies` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `sends` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor_incomplete` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
SET foreign_key_checks=1;

Once you have adapted the command to your specific tables, execute it in the MySQL terminal.

Finally, disable Recovery Mode and restart your Vaultwarden app. Hopefully, this serves as a solution for you as well.

Apologies if there are any technical inaccuracies; I utilized AI to guide me through this solution, and thankfully, it worked perfectly.

Thanks,
Regards

After doing more research on this email topic, I’ve gained some very useful insights.

As mentioned earlier by @andreasdueren, the ActiveSync support is a strong point for SOGo.

I also took note of @fbartels’s comment that Roundcube generally feels faster and lighter compared to the Mail app in Nextcloud.

To better understand the security aspect, I asked ChatGPT and Gemini about Roundcube vs SOGo.

Based on their answers and some public vulnerability data, the rough conclusion I got is:

• SOGo appears to be “more secure” than Roundcube if we look purely at the frequency and severity of reported vulnerabilities,
• For example, there have been fewer recent high‑impact issues (such as major RCE vulnerabilities) publicly associated with SOGo than with Roundcube.

Do you agree with this assessment, or is there important context I might be missing?

Thank you again for all the insights shared so far. They’ve been very helpful.

Hi everyone,

I’d like to ask for some opinions and experiences regarding email apps on Cloudron.

If you already have Nextcloud installed on your server, do you also install a separate webmail app such as SOGo or Roundcube on the same Cloudron instance?

I noticed that Nextcloud has a Mail app that can integrate with Cloudron’s email system. Because of this, I’m wondering:

• What are the reasons or advantages for still installing SOGo or Roundcube
  when Nextcloud already provides email functionality?
• Are there any limitations or issues with Nextcloud Mail that make SOGo or Roundcube a better choice in some situations?

I’m looking for different points of view because I’m not yet fully familiar with the pros and cons of each approach.

Any recommendations, example setups, or best practices from your own deployments would be very helpful.

Thank you in advance for your insights.

Best regards.

@james said in New Cloudron Docs Framework - Requesting feedback:

Docusaurus

Thank you, James. I really appreciate the useful tips from the forum thread compilations and the additional details on the documentation website.

I have a suggestion regarding the filter function in Cloudron.

Would it be possible to improve the current filter so that we can save filter presets and access them later from the dashboard?

Right now, filters are temporary. Once we move to another page or refresh, the filter is lost, and we have to set it up again.

What I’m imagining is something like this:

• We define a filter based on certain criteria (for example:
  • only show apps on a specific domain,
  • that have updates available,
  • and include a particular tag).
• Then we can save this filter with a name (e.g. “Client A – apps with pending updates”).
• Later, we can quickly select this saved filter from a dropdown or sidebar and apply it with a single click.

Possible use cases:

• Quickly checking which apps for a specific client or domain need updates
• Grouping apps by tags (e.g. production, staging, internal tools) and switching views easily
• Having different saved views for different admins or workflows

A simple “Save filter” / “Manage saved filters” option on the dashboard would already make daily management much easier, especially for users handling many apps and domains.

I hope this feature can be useful for others as well.

Thank you.
Regards.

@joseph said in Add Bulk Start/Stop Controls for Multiple Apps:

The last time I brought this up, the idea was to bring to the list view (but not Grid view). Especially updating multiple apps is a pain if you are updating manually.

If I am not mistaken, the Grid view and the List view on NextCloud (when viewing files) can be selected simultaneously. Maybe the same technology can be implemented?

@joseph said in Show Server Time Information in the Cloudron Server Menu:

The server timezone is always UTC no? Or do you want System -> Settings to also be shown in Server page?

Maybe the current time can be shown on Server > System Information

It displays like:
Current server time: 2025-12-19 14:32
Timezone: Europe/Berlin (UTC+1)

@jdaviescoates said in Add Bulk Start/Stop Controls for Multiple Apps:

Personally I'd like to be able to update lots of apps like this too.

Yes, I agree with you. It's like an update feature, theme, or plugin in WordPress. We're able to update many of the apps in bulk

I’d like to suggest a feature to start or stop multiple apps at once.

At the moment (please cmiiw), if we want to stop an app, we have to open the app’s settings and then click the Stop/Running button for each app individually.

This works, but it can be time‑consuming when managing many apps.

It would be very helpful if Cloudron provided a way to:

• Select multiple apps from the app list (for example with checkboxes), and
• Perform actions on all selected apps at once, such as:
  • Stop apps
  • Start/Restart apps
  • (Optionally) Recovery mode or Task error

Some possible use cases:

• Temporarily stopping a group of non‑critical apps during maintenance or server load issues
• Quickly bringing multiple apps back online after maintenance
• Managing apps across different clients or projects more efficiently

This bulk action feature would save a lot of clicks and time, especially for users hosting many apps on a single Cloudron instance.

Thank you for considering this suggestion, and thanks again for all the work on Cloudron.

Best Regards.

I’d like to suggest adding a small piece of information to the Server menu: the current server time and timezone.

When I move to a new hosting provider, I often forget whether I have already adjusted the server time settings or not.

If Cloudron showed the current server time and timezone directly in the Server section, I could immediately see whether the server is still using the hosting provider’s default timezone or if it has already been changed to my own country’s timezone.

Even a simple read‑only display like:

• Current server time: 2025-12-19 14:32
• Timezone: Europe/Berlin (UTC+1)

would help a lot. This could:

• Reduce confusion when checking logs, backups, and scheduled tasks (cron, app restarts, etc.)
• Help ensure that all time‑based operations are aligned with the admin’s local time
• Make it easier to verify the configuration quickly after migrating to a new server

I believe this little detail could be very helpful for many users.

Thank you for considering this suggestion and for all the work you put into improving Cloudron.

I really like the new menu design in the latest Cloudron release. The layout feels very similar to Cloudflare; it’s cleaner, easier to navigate, and it makes switching between sections noticeably faster.

Would it be possible to bring a similar structure and usability improvements to the File Manager as well?

Right now, the File Manager works fine, but compared with something like the cPanel file manager, navigation could be more flexible. For example, cPanel offers:

• A collapsible folder tree on the left, so you can quickly jump between directories without repeatedly going “up” and “down” the path
• Clear information about each item, such as:
  • File permissions (e.g., 0644, 0755)
  • File type (file, directory, symlink, etc.)
  • Optional metadata like size and last modified time, all in one view

Having a similar folder-tree view and basic file details directly visible in Cloudron’s File Manager would make it much easier to manage files.

Some ideas that might fit well with the new UI direction:

• Left-hand sidebar with an expandable folder tree.
• Main panel showing:
  • Name
  • Type (file/folder)
  • Size
  • Last modified
  • Permissions/owner (even read‑only would already be very helpful)

Thank you for all the work on the new UI, it’s a great step forward already.