0 Persons are tagged with #stalwart

#stalwart

bkoehn@diaspora.koehn.com
Brad Koehn ☑️

I gave the #Stalwart email server another try. I found a few bugs (quickly dispatched by the team), worked around an issue with my crappy ISP filtering inbound port 25, and got it working.

  • In addition to #IMAP4, Stalwart also supports #JMAP, a much-improved spec for clients. Holy cow is that fast!
  • I set up an #ElasticSearch index for full text search. Really simple.
  • Instead of using RocksDB for storing email, I moved it to a directory backed by an NFS mount. Simple, and now I have effectively unlimited email storage.
  • Most stuff you need to do can be accomplished through the web UI. Get a TLS certificate from LetsEncrypt? Just a few clicks. Use DNS for ACME domain authentication? A few more clicks is all you need. Put an extra name on the certificate because your ISP sucks and you need to use an external relay? No problem.
  • It gives you all the DNS changes you need to make to set it up, including DMARC, SPF and DKIM, MTA-STS, autoconfig, etc.
  • Relaying your outbound email is just a minor tweak.
  • Milter support is built-in, so you can bring your rspamd implementation right along.
  • Incoming and outgoing TLS & DMARC reports are handled automatically.

I’m sure I’ll find some things that it doesn’t yet do that I’d like, but for now my opinion has changed and I’m really impressed.

2 Likes
bkoehn@diaspora.koehn.com
Brad Koehn ☑️

After playing around with it for a bit, it’s clear that #Stalwart isn’t ready for production. I think it will get there eventually, and it’s no slight against the team: writing an email server is hard. But for me, I’ll stick with the old standbys for now (Dovecot, Postfix). Stalwart is promising, with a modern design in a modern language, powerful scripting support, etc.

I thought I’d set it up for one of the domains I don’t currently use for anything, but even then I cannot seem to get it working. The support team is responsive, but if it’s this hard to get a user added so that they can log in, I don’t even want to know what other problems I’ll have.

I’ve spotted a few other gotchas, like using SHA-512 for password hashing (other, safer algorithms are supported, but this is the format used by default). The choice of RocksDB as a default database isn’t a particularly great one either, although you should be able to use other databases but I couldn’t get it to work with Postgres.

Again, I think that the team will get past these challenges and I look forward to a modern mail server. I’m just not ready to submit my users to it yet.

2 Likes