This is an old revision of the document!
Stalwart Mail Server
work in progress
Stalwart Step into the future with Stalwart, the open-source e-mail powerhouse blending modern features with unparalleled security, speed, and scalability.
I choose Stalwart because it's a new approach to serving mail. Instead of a bunch of interconnected tools, which are often a mess to setup, it's a one piece written from the ground up with a modern approach to email.
Please check this page to understand the choices done in this page. I assume that you are installing the email server on your external server, and not on the home server.
Installation
Gento ships with a reasonably recent release of Stalwart, do all you need to do is emerge it:
echo "net-mail/stalwart-mail ~amd64" >> /etc/portage/package.accept_keywords/stalwart emerge -vp stalwart-mail
But i prefer to have finer control over it, so i prefer to install on bare-metal manually.
Create the user:
useradd -m stalwart
Then download the latest release from here for your architecture, be sure to download both the mail server and the cli executable:
su - stalwart wget 'https://github.com/stalwartlabs/mail-server/releases/download/v0.11.6/stalwart-mail-x86_64-unknown-linux-gnu.tar.gz' wget 'https://github.com/stalwartlabs/mail-server/releases/download/v0.11.6/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz' mkdir bin cd bin tar xvf ../stalwart-mail-x86_64-unknown-linux-gnu.tar.gz tar xvf ../stalwart-cli-x86_64-unknown-linux-gnu.tar.gz chmod +x stalwart-mail stalwart-cli
seradd -m -d /data/daemons/stalwart stalwart mkdir /data/stalwart chown stalwart:stalwart /data/stalwart
- docker-compose.yml
name: stalwart services: mail-server: tty: true stdin_open: true ports: - 2443:443 - 10025:125 # port 25 seems to create troubles in podman... - 2080:8080 - 2587:587 - 2465:465 - 2143:143 - 2993:993 - 4190:4190 - 2110:110 - 2995:995 volumes: - /data/stalwart:/opt/stalwart-mail container_name: stalwart-mail image: stalwartlabs/mail-server:latest networks: - stalwart-net networks: stalwart-net: {}
Note that i have used all ports above 1024 to avoid issues with root-only ports in rootless containers.
podman compose pull podman compose up
Note your admin usernamne and password like:
[mail-server] | 🔑 Your administrator account is 'admin' with password 'xxxx'.
Change the SMTP port to 125 to match the above compose file
Configuration
From the web UI.
Set hostname to your main email server.
Stop uneeded services.
Create domain.
Configure DNS properly
Create account.
Open ports from remote to local:
nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 25 : 10.100.0.1 . 10025 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 587 : 10.100.0.1 . 2587 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 465 : 10.100.0.1 . 2465 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 143 : 10.100.0.1 . 2143 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 993 : 10.100.0.1 . 2993 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 4190 : 10.100.0.1 . 4190 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 995 : 10.100.0.1 . 2995 } nft add rule wg prerouting iifname "enp1s0" dnat ip to tcp dport map { 110 : 10.100.0.1 . 2110 }
Link certificates. Create a certificate in GUI with these values:
%{file:/opt/stalwart-mail/etc/certs/fullchain.pem}%
%{file:/opt/stalwart-mail/etc/certs/privkey.pem}%
and copy the certs from /etc/letsencrypt/live/mydomain/[fullchain|privkey].pem to /data/stalwart/etc/certs (create folder and make files readable!)