Deploying Stalwart Mail Server

Introduction

Stalwart Mail Server is a modern, all-in-one email server written in Rust that combines SMTP, IMAP, JMAP, and integrated spam filtering into a single, efficient package. Unlike traditional mail server setups that require multiple components, Stalwart provides everything you need in one unified server.

Built with performance and security in mind, Stalwart leverages Rust’s memory safety guarantees while providing features typically found only in enterprise email solutions. Its support for JMAP (JSON Meta Application Protocol) brings modern API-based email access alongside traditional IMAP.

Key highlights of Stalwart Mail Server:

All-in-One: SMTP, IMAP, JMAP, and spam filtering in one server
Written in Rust: Memory-safe, fast, and efficient
JMAP Support: Modern JSON-based email protocol
Built-in Spam Filter: Sieve-based filtering with machine learning
DKIM/SPF/DMARC: Full email authentication support
TLS Everywhere: Automatic TLS certificate management
Web Admin: Browser-based administration interface
Multi-Domain: Host multiple domains on one server
Flexible Storage: SQLite, PostgreSQL, MySQL, or S3
Push Notifications: Real-time push for mobile clients
Full-Text Search: Fast email search with various backends
Open Source: AGPLv3 licensed

This guide walks through deploying Stalwart Mail Server on Klutch.sh using Docker for a complete email solution.

Why Deploy Stalwart Mail Server on Klutch.sh

Deploying Stalwart Mail Server on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh handles the container deployment automatically.

Persistent Storage: Email, configuration, and spam data persist across deployments.

HTTPS by Default: Secure web admin access with automatic SSL certificates.

GitHub Integration: Version control your configuration and deploy updates automatically.

Scalable Resources: Allocate resources based on mailbox count and traffic.

Environment Variable Management: Securely store secrets and API keys.

Custom Domains: Essential for email - use your own domains.

High Availability: Keep your email server running 24/7.

Prerequisites

Before deploying Stalwart Mail Server on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your configuration
A domain with DNS control for MX records
Basic familiarity with Docker and email protocols
Understanding of DNS records (MX, SPF, DKIM, DMARC)

Deploying Stalwart Mail Server on Klutch.sh

Create a GitHub Repository

Create a new GitHub repository for your Stalwart Mail Server deployment.

Create Your Dockerfile

Create a Dockerfile in your repository:

FROM stalwartlabs/mail-server:latest

# Create data directories
RUN mkdir -p /opt/stalwart-mail/data \
    && mkdir -p /opt/stalwart-mail/queue \
    && mkdir -p /opt/stalwart-mail/reports

# Copy configuration
COPY config.toml /opt/stalwart-mail/etc/config.toml

# Expose ports
EXPOSE 25 465 587 993 8080 443

HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1

Create Configuration File

Create config.toml with basic settings:

[server]
hostname = "mail.your-domain.com"

[server.listener.smtp]
bind = ["0.0.0.0:25"]
protocol = "smtp"

[server.listener.submission]
bind = ["0.0.0.0:587"]
protocol = "smtp"
tls.implicit = false

[server.listener.submissions]
bind = ["0.0.0.0:465"]
protocol = "smtp"
tls.implicit = true

[server.listener.imaps]
bind = ["0.0.0.0:993"]
protocol = "imap"
tls.implicit = true

[server.listener.https]
bind = ["0.0.0.0:443"]
protocol = "http"
tls.implicit = true

[server.listener.management]
bind = ["0.0.0.0:8080"]
protocol = "http"

[storage]
data = "rocksdb"
blob = "rocksdb"
lookup = "rocksdb"
fts = "rocksdb"

[storage.rocksdb]
path = "/opt/stalwart-mail/data"

[queue]
path = "/opt/stalwart-mail/queue"

[report]
path = "/opt/stalwart-mail/reports"

[authentication]
fallback-admin.user = "admin"
fallback-admin.secret = "${ADMIN_PASSWORD}"

[directory."local"]
type = "internal"
store = "rocksdb"

Push Your Repository to GitHub

Commit and push your Dockerfile and configuration.

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project.

Create a New App

Within your project, create a new app and connect your GitHub repository.

Configure Traffic

For a mail server, you need multiple ports:

HTTP on port 8080 for web admin
TCP on port 25 for SMTP
TCP on port 465 for SMTPS
TCP on port 587 for Submission
TCP on port 993 for IMAPS

Set Environment Variables

Configure the following environment variables:

Variable	Value
`ADMIN_PASSWORD`	Secure admin password
`HOSTNAME`	Your mail server hostname

Attach Persistent Volumes

Add the following volumes:

Mount Path	Recommended Size	Purpose
`/opt/stalwart-mail/data`	100 GB	Email storage and database
`/opt/stalwart-mail/queue`	10 GB	Message queue
`/opt/stalwart-mail/reports`	5 GB	DMARC and delivery reports

Deploy Your Application

Click Deploy to build and start Stalwart Mail Server.

Configure DNS Records

Set up the following DNS records for your domain:

Record Type	Host	Value
MX	@	mail.your-domain.com (priority 10)
A	mail	Your server IP
TXT	@	v=spf1 mx -all
TXT	_dmarc	v=DMARC1; p=reject; rua=mailto:dmarc@your-domain.com

Access Stalwart Admin

Once deployment completes, access the admin interface at https://your-app-name.klutch.sh:8080.

Initial Configuration

Admin Dashboard

Access the web admin to:

Create domains
Add user accounts
Configure DKIM keys
Set up spam filtering rules

Creating Domains

Go to Domains in the admin panel
Click Add Domain
Enter your domain name
Configure DKIM signing key
Copy DNS records to add to your DNS

Creating Users

Navigate to Users
Click Add User
Enter email address and password
Configure quota and permissions

DKIM Configuration

Generate and configure DKIM keys:

Access Domains settings
Generate DKIM keypair
Add the public key to your DNS as a TXT record
Test signing is working

Email Protocols

SMTP (Port 25, 465, 587)

Port	Purpose	Encryption
25	Server-to-server mail	STARTTLS
465	Client submission	Implicit TLS
587	Client submission	STARTTLS

IMAP (Port 993)

For traditional email clients:

Outlook, Thunderbird, Apple Mail
Full folder hierarchy support
IDLE for real-time updates

JMAP (Port 443)

Modern email API:

JSON-based protocol
Efficient synchronization
Push notifications
Fast multi-mailbox operations

Spam Filtering

Built-in Filtering

Stalwart includes comprehensive spam filtering:

SpamAssassin-compatible rules
Machine learning classification
DNS blocklists
Greylisting
Rate limiting

Sieve Scripts

Custom filtering with Sieve:

require ["fileinto", "reject"];

if address :is "from" "spam@example.com" {
    reject "No thank you";
}

if header :contains "subject" "[SPAM]" {
    fileinto "Junk";
}

Client Configuration

Email Client Settings

Setting	Value
IMAP Server	mail.your-domain.com
IMAP Port	993 (SSL/TLS)
SMTP Server	mail.your-domain.com
SMTP Port	465 (SSL/TLS) or 587 (STARTTLS)
Username	Full email address

JMAP Configuration

For JMAP-compatible clients:

https://mail.your-domain.com/.well-known/jmap

Troubleshooting

Email Not Delivered

Verify MX records are correct
Check SPF/DKIM/DMARC configuration
Review mail logs for errors
Test with mail-tester.com

Cannot Connect

Verify firewall allows mail ports
Check TLS certificate is valid
Confirm hostname matches certificate

Authentication Failed

Verify username is full email address
Check password is correct
Review authentication logs

Additional Resources

Conclusion

Deploying Stalwart Mail Server on Klutch.sh gives you a modern, efficient, all-in-one email solution. With support for SMTP, IMAP, and the cutting-edge JMAP protocol, plus built-in spam filtering and full authentication support, Stalwart provides everything needed for professional email hosting in a single, resource-efficient package.