#stalwart

bkoehn@diaspora.koehn.com

I gave the #Stalwart email server another try. I found a few bugs (quickly dispatched by the team), worked around an issue with my crappy ISP filtering inbound port 25, and got it working.

  • In addition to #IMAP4, Stalwart also supports #JMAP, a much-improved spec for clients. Holy cow is that fast!
  • I set up an #ElasticSearch index for full text search. Really simple.
  • Instead of using RocksDB for storing email, I moved it to a directory backed by an NFS mount. Simple, and now I have effectively unlimited email storage.
  • Most stuff you need to do can be accomplished through the web UI. Get a TLS certificate from LetsEncrypt? Just a few clicks. Use DNS for ACME domain authentication? A few more clicks is all you need. Put an extra name on the certificate because your ISP sucks and you need to use an external relay? No problem.
  • It gives you all the DNS changes you need to make to set it up, including DMARC, SPF and DKIM, MTA-STS, autoconfig, etc.
  • Relaying your outbound email is just a minor tweak.
  • Milter support is built-in, so you can bring your rspamd implementation right along.
  • Incoming and outgoing TLS & DMARC reports are handled automatically.

I’m sure I’ll find some things that it doesn’t yet do that I’d like, but for now my opinion has changed and I’m really impressed.

bkoehn@diaspora.koehn.com

After playing around with it for a bit, it’s clear that #Stalwart isn’t ready for production. I think it will get there eventually, and it’s no slight against the team: writing an email server is hard. But for me, I’ll stick with the old standbys for now (Dovecot, Postfix). Stalwart is promising, with a modern design in a modern language, powerful scripting support, etc.

I thought I’d set it up for one of the domains I don’t currently use for anything, but even then I cannot seem to get it working. The support team is responsive, but if it’s this hard to get a user added so that they can log in, I don’t even want to know what other problems I’ll have.

I’ve spotted a few other gotchas, like using SHA-512 for password hashing (other, safer algorithms are supported, but this is the format used by default). The choice of RocksDB as a default database isn’t a particularly great one either, although you should be able to use other databases but I couldn’t get it to work with Postgres.

Again, I think that the team will get past these challenges and I look forward to a modern mail server. I’m just not ready to submit my users to it yet.