Differences

This shows you the differences between two versions of the page.

--- services:stalwart [2025/02/17 10:32] – willy
+++ services:stalwart [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Stalwart Mail Server ======
-**work in progress**
-[[https://stalw.art/|Stalwart]] Step into the future with Stalwart, the open-source e-mail powerhouse blending modern features with unparalleled security, speed, and scalability.
-I choose Stalwart because it's a new approach to serving mail. Instead of a bunch of interconnected tools, which are often a mess to setup, it's a one piece written from the ground up with a modern approach to email.
-Please check [[selfhost:email|this page]] to understand the choices done in this page. I assume that you are installing the email server on your **external** server, and not on the home server.
-===== Installation =====
-Gentoo ships with a reasonably recent release of Stalwart, but i prefer to have finer control over it, so i prefer to install on bare-metal manually. The project also offer a bare-metal install approach which (see [[https://stalw.art/docs/install/linux/|here]]) which i don't like because it involve download and run an //install.sh// script, which is a **no way** for me.
-I have downloaded the script (and i suggest you do the same) and inspected it, so the following instructions are directly taken from the install script, but adapted to my setup.
-**Note:** //we are installing on the external server, not on the home server!//
-As usual, first of all create the user:
-<code bash>
-useradd -m stalwart
-</code>
-Then download the latest release from [[https://github.com/stalwartlabs/mail-server/releases/|here]] for your architecture, be sure to download both the mail server and the cli executable:
-<code bash>
-su - stalwart
-mkdir bin etc logs
-chmod -R 755 /home/stalwart
-wget 'https://github.com/stalwartlabs/mail-server/releases/download/vX.Y.Z/stalwart-mail-x86_64-unknown-linux-gnu.tar.gz'
-wget 'https://github.com/stalwartlabs/mail-server/releases/download/vX.Y.Z/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz'
-cd bin
-tar xvf ../stalwart-mail-x86_64-unknown-linux-gnu.tar.gz
-tar xvf ../stalwart-cli-x86_64-unknown-linux-gnu.tar.gz
-chmod +x stalwart-mail stalwart-cli
-</code>
-Well, it's time to initialize Stalwart:
-<code bash>
-/home/stalwart/bin/stalwart-mail --init /home/stalwart
-✅ Configuration file written to /home/stalwart/etc/config.toml
-🔑 Your administrator account is 'admin' with password 'XxxXxXXxX'.
-chmod 700 /home/stalwart/etc/config.toml
-</code>
-Note the //chmod// to ensure the config file is not readable by anybody
-Take note of the password! You will never see it again.
-Now, start the server for the first time:
-<code bash>
-su - stalwart # ensure you are stalwart user!
-/home/stalwart/bin/stalwart-mail --config=/home/stalwart/etc/config.toml
-</code>
-Open up your browser and go to **http://<external-server-ip>:8080** and login with the credentials above, then immediately head to **http://<external-server-ip>:8080/account/password** and change the password to something you will remember.
-===== Configuration =====
-===== Autostart =====
-The below stuff is outdated
-<code bash>
-seradd -m -d /data/daemons/stalwart stalwart
-mkdir /data/stalwart
-chown stalwart:stalwart /data/stalwart
-</code>
-<file - docker-compose.yml>
-name: stalwart
-services:
-  mail-server:
-    tty: true
-    stdin_open: true
-    ports:
-      - 2443:443
-      - 10025:125 # port 25 seems to create troubles in podman...
-      - 2080:8080
-      - 2587:587
-      - 2465:465
-      - 2143:143
-      - 2993:993
-      - 4190:4190
-      - 2110:110
-      - 2995:995
-    volumes:
-      - /data/stalwart:/opt/stalwart-mail
-    container_name: stalwart-mail
-    image: stalwartlabs/mail-server:latest
-    networks:
-      - stalwart-net
-networks:
-  stalwart-net: {}
-</file>
-Note that i have used all ports above 1024 to avoid issues with root-only ports in rootless containers.
-<code bash>
-podman compose pull
-podman compose up
-</code>
-Note your admin usernamne and password like:
-<code>
-[mail-server] | 🔑 Your administrator account is 'admin' with password 'xxxx'.
-</code>
-Change the SMTP port to //125// to match the above compose file
-===== Configuration =====
-From the web UI.
-Set hostname to your main email server.
-Stop uneeded services.
-Create domain.
-Configure DNS properly
-Create account.
-Open ports from remote to local:
-<code bash>
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 25 : 10.100.0.1 . 10025 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 587 : 10.100.0.1 . 2587 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 465 : 10.100.0.1 . 2465 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 143 : 10.100.0.1 . 2143 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 993 : 10.100.0.1 . 2993 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 4190 : 10.100.0.1 . 4190 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 995 : 10.100.0.1 . 2995 }
-nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 110 : 10.100.0.1 . 2110 }
-</code>
-Link certificates. Create a certificate in GUI with these values:
-<code>
-%{file:/opt/stalwart-mail/etc/certs/fullchain.pem}%
-%{file:/opt/stalwart-mail/etc/certs/privkey.pem}%
-</code>
-and **copy** the certs from /etc/letsencrypt/live/mydomain/[fullchain|privkey].pem to /data/stalwart/etc/certs
-(create folder and make files readable!)

Willy's Wiki

User Tools

Differences