User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:stalwart [2025/02/17 10:31] – willyservices:stalwart [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-====== Stalwart Mail Server ====== 
- 
- 
-**work in progress** 
- 
-[[https://stalw.art/|Stalwart]] Step into the future with Stalwart, the open-source e-mail powerhouse blending modern features with unparalleled security, speed, and scalability.  
- 
-I choose Stalwart because it's a new approach to serving mail. Instead of a bunch of interconnected tools, which are often a mess to setup, it's a one piece written from the ground up with a modern approach to email. 
- 
-Please check [[selfhost:email|this page]] to understand the choices done in this page. I assume that you are installing the email server on your **external** server, and not on the home server. 
- 
-===== Installation ===== 
- 
-Gentoo ships with a reasonably recent release of Stalwart, but i prefer to have finer control over it, so i prefer to install on bare-metal manually. The project also offer a bare-metal install approach which (see [[https://stalw.art/docs/install/linux/|here]]) which i don't like because it involve download and run an //install.sh// script, which is a **no way** for me. 
- 
-I have downloaded the script (and i suggest you do the same) and inspected it, so the following instructions are directly taken from the install script, but adapted to my setup. 
- 
-**Note:** //we are installing on the external server, not on the home server!// 
- 
-As usual, first of all create the user: 
-<code bash> 
-useradd -m stalwart 
-</code> 
- 
-Then download the latest release from [[https://github.com/stalwartlabs/mail-server/releases/|here]] for your architecture, be sure to download both the mail server and the cli executable: 
-<code bash> 
-su - stalwart 
-mkdir bin etc logs 
-chmod -R 755 /home/stalwart 
-wget 'https://github.com/stalwartlabs/mail-server/releases/download/vX.Y.Z/stalwart-mail-x86_64-unknown-linux-gnu.tar.gz' 
-wget 'https://github.com/stalwartlabs/mail-server/releases/download/vX.Y.Z/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz' 
-cd bin 
-tar xvf ../stalwart-mail-x86_64-unknown-linux-gnu.tar.gz 
-tar xvf ../stalwart-cli-x86_64-unknown-linux-gnu.tar.gz 
-chmod +x stalwart-mail stalwart-cli 
-</code> 
- 
-Well, it's time to initialize Stalwart: 
-<code bash> 
-/home/stalwart/bin/stalwart-mail --init /home/stalwart 
-✅ Configuration file written to /home/stalwart/etc/config.toml 
-🔑 Your administrator account is 'admin' with password 'XxxXxXXxX'. 
-chmod 700 /home/stalwart/etc/config.toml 
-</code> 
-Note the //chmod// to ensure the config file is not readable by anybody 
- 
- 
-Take note of the password! You will never see it again. 
- 
-Now, start the server for the first time: 
-<code bash> 
- 
-</code> 
- 
-Open up your browser and go to **http://<external-server-ip>:8080** and login with the credentials above, then immediately head to **http://<external-server-ip>:8080/account/password** and change the password to something you will remember. 
- 
-===== Configuration ===== 
- 
- 
- 
-===== AUtostart ===== 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-The below stuff is outdated 
- 
- 
-<code bash> 
-seradd -m -d /data/daemons/stalwart stalwart 
-mkdir /data/stalwart 
-chown stalwart:stalwart /data/stalwart 
-</code> 
- 
-<file - docker-compose.yml> 
-name: stalwart 
-services: 
-  mail-server: 
-    tty: true 
-    stdin_open: true 
-    ports: 
-      - 2443:443 
-      - 10025:125 # port 25 seems to create troubles in podman... 
-      - 2080:8080 
-      - 2587:587 
-      - 2465:465 
-      - 2143:143 
-      - 2993:993 
-      - 4190:4190 
-      - 2110:110 
-      - 2995:995 
-    volumes: 
-      - /data/stalwart:/opt/stalwart-mail 
-    container_name: stalwart-mail 
-    image: stalwartlabs/mail-server:latest 
-    networks: 
-      - stalwart-net 
- 
-networks: 
-  stalwart-net: {} 
-</file> 
- 
-Note that i have used all ports above 1024 to avoid issues with root-only ports in rootless containers. 
- 
-<code bash> 
-podman compose pull 
-podman compose up 
-</code> 
- 
-Note your admin usernamne and password like: 
-<code> 
-[mail-server] | 🔑 Your administrator account is 'admin' with password 'xxxx'. 
-</code> 
- 
-Change the SMTP port to //125// to match the above compose file 
- 
- 
-===== Configuration ===== 
- 
-From the web UI. 
- 
-Set hostname to your main email server. 
- 
-Stop uneeded services. 
- 
-Create domain. 
- 
-Configure DNS properly 
- 
-Create account. 
- 
-Open ports from remote to local: 
-<code bash> 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 25 : 10.100.0.1 . 10025 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 587 : 10.100.0.1 . 2587 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 465 : 10.100.0.1 . 2465 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 143 : 10.100.0.1 . 2143 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 993 : 10.100.0.1 . 2993 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 4190 : 10.100.0.1 . 4190 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 995 : 10.100.0.1 . 2995 } 
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 110 : 10.100.0.1 . 2110 } 
-</code> 
- 
-Link certificates. Create a certificate in GUI with these values:  
-<code> 
-%{file:/opt/stalwart-mail/etc/certs/fullchain.pem}% 
-%{file:/opt/stalwart-mail/etc/certs/privkey.pem}% 
-</code> 
-and **copy** the certs from /etc/letsencrypt/live/mydomain/[fullchain|privkey].pem to /data/stalwart/etc/certs 
-(create folder and make files readable!) 
- 
- 
- 
-