Stalwart

Secure, scalable mail & collaboration server with comprehensive protocol support (IMAP, JMAP, SMTP, CalDAV, CardDAV, WebDAV)

Features

Stalwart is an open-source mail & collaboration server with JMAP, IMAP4, POP3, SMTP, CalDAV, CardDAV and WebDAV support and a wide range of modern features. It is written in Rust and designed to be secure, fast, robust and scalable.

Key features:

• Email server with complete protocol support:

  • JMAP:
    • JMAP for Mail server.
    • JMAP for Sieve Scripts.
    • WebSocket, Blob Management and Quotas extensions.
  • IMAP:
    • IMAP4rev2 and IMAP4rev1 server.
    • ManageSieve server.
    • Numerous extensions supported.
  • POP3:
    • POP3 server.
    • STLS and SASL support as well as other extensions.
  • SMTP:
    • SMTP server with built-in DMARC, DKIM, SPF and ARC support for message authentication.
    • Strong transport security through DANE, MTA-STS and SMTP TLS reporting.
    • Inbound throttling and filtering with granular configuration rules, sieve scripting, MTA hooks and milter integration.
    • Distributed virtual queues with delayed delivery, priority delivery, quotas, routing rules and throttling support.
    • Envelope rewriting and message modification.

• Collaboration server:

  • Calendar and scheduling with CalDAV.
  • Contact management with CardDAV.
  • File storage and sharing with WebDAV.

• Spam and Phishing built-in filter:

  • Comprehensive set of filtering rules on par with popular solutions.
  • LLM-driven spam filtering and message analysis.
  • Statistical spam classifier with automatic training capabilities and address book integration.
  • DNS Blocklists (DNSBLs) checking of IP addresses, domains, and hashes.
  • Collaborative digest-based spam filtering with Pyzor.
  • Phishing protection against homographic URL attacks, sender spoofing and other techniques.
  • Trusted reply tracking to recognize and prioritize genuine e-mail replies.
  • Sender reputation monitoring by IP address, ASN, domain and email address.
  • Greylisting to temporarily defer unknown senders.
  • Spam traps to set up decoy email addresses that catch and analyze spam.

• Flexible :

  • Pluggable storage backends with RocksDB, FoundationDB, PostgreSQL, mySQL, SQLite, S3-Compatible, Azure, Redis and ElasticSearch support.
  • Full-text search available in 17 languages.
  • Sieve scripting language with support for all registered extensions.
  • Email aliases, mailing lists, subaddressing and catch-all addresses support.
  • Automatic account configuration and discovery with autoconfig and autodiscover.
  • Multi-tenancy support with domain and tenant isolation.
  • Disk quotas per user and tenant.

• Secure and robust :

  • Encryption at rest with S/MIME or OpenPGP.
  • Automatic TLS certificate provisioning with ACME using TLS-ALPN-01, DNS-01 or HTTP-01 challenges.
  • Automated blocking of IP addresses that attack, abuse or scan the server for exploits.
  • Rate limiting.
  • Security audited (read the report).
  • Memory safe (thanks to Rust).

• Scalable and fault-tolerant :

  • Designed to handle growth seamlessly, from small setups to large-scale deployments of thousands of nodes.
  • Built with fault tolerance and high availability in mind, recovers from hardware or software failures with minimal operational impact.
  • Peer-to-peer cluster coordination or with Kafka, Redpanda, NATS or Redis.
  • Kubernetes, Apache Mesos and Docker Swarm support for automated scaling and container orchestration.
  • Read replicas, sharded blob storage and in-memory data stores for high performance and low latency.

• Authentication and Authorization :

  • OpenID Connect authentication.
  • OAuth 2.0 authorization with authorization code and device authorization flows.
  • LDAP, OIDC, SQL or built-in authentication backend support.
  • Two-factor authentication with Time-based One-Time Passwords (2FA-TOTP)
  • Application passwords (App Passwords).
  • Roles and permissions.
  • Access Control Lists (ACLs).

• Observability :

  • Logging and tracing with OpenTelemetry, journald, log files and console support.
  • Metrics with OpenTelemetry and Prometheus integration.
  • Webhooks for event-driven automation.
  • Alerts with email and webhook notifications.
  • Live tracing and metrics.

• Web-based administration :

  • Dashboard with real-time statistics and monitoring.
  • Account, domain, group and mailing list management.
  • SMTP queue management for messages and outbound DMARC and TLS reports.
  • Report visualization interface for received DMARC, TLS-RPT and Failure (ARF) reports.
  • Configuration of every aspect of the mail server.
  • Log viewer with search and filtering capabilities.
  • Self-service portal for password reset and encryption-at-rest key management.

Screenshots

Presentation

Want a deeper dive? Need to explain to your boss why Stalwart is the perfect fit? Whether you’re evaluating options, making a case to your team, or simply curious about how it all works under the hood, these slides walk you through the key features, architecture, and benefits of Stalwart. Browse the slides to see what makes it stand out.

Get Started

Install Stalwart on your server by following the instructions for your platform:

• Linux / MacOS
• Windows
• Docker

All documentation is available at stalw.art/docs.

Support

If you are having problems running Stalwart, you found a bug or just have a question, do not hesitate to reach us on GitHub Discussions, Reddit or Discord. Additionally you may purchase an Enterprise License to obtain priority support from Stalwart Labs LLC.

---

← Back to projects