Stalwart Mail Server : Revolutionizing Email Security And Scalability

Stalwart Mail Server is an open-source mail server solution with JMAP, IMAP4, POP3, and SMTP support and a wide range of modern features. It is written in Rust and designed to be secure, fast, robust and scalable.

Key features:

• JMAP, IMAP4, POP3 and ManageSieve server:
  • JMAP server with Sieve Scripts, WebSocket, Blob Management and Quotas extensions.
  • IMAP4rev2 and IMAP4rev1 server with support for numerous extensions.
  • POP3 server with extensions, STLS and SASL support.
  • ManageSieve server for managing Sieve scripts.
• SMTP server:
  • Built-in DMARC, DKIM, SPF and ARC support for message authentication.
  • Strong transport security through DANE, MTA-STS and SMTP TLS reporting.
  • Inbound throttling and filtering with granular configuration rules, sieve scripting, MTA hooks and milter integration.
  • Distributed virtual queues with delayed delivery, priority delivery, quotas, routing rules and throttling support.
  • Envelope rewriting and message modification.
• Built-in Spam and Phishing filter:
  • Comprehensive set of filtering rules on par with popular solutions.
  • LLM-driven spam filtering and message analysis.
  • Statistical spam classifier with automatic training capabilities.
  • DNS Blocklists (DNSBLs) checking of IP addresses, domains, and hashes.
  • Collaborative digest-based spam filtering with Pyzor.
  • Phishing protection against homographic URL attacks, sender spoofing and other techniques.
  • Trusted reply tracking to recognize and prioritize genuine e-mail replies.
  • Sender reputation monitoring by IP address, ASN, domain and email address.
  • Greylisting to temporarily defer unknown senders.
  • Spam traps to set up decoy email addresses that catch and analyze spam.
• Flexible:
  • Pluggable storage backends with RocksDB, FoundationDB, PostgreSQL, mySQL, SQLite, S3-Compatible, Azure, Redis and ElasticSearch support.
  • Full-text search available in 17 languages.
  • Sieve scripting language with support for all registered extensions.
  • Email aliases, mailing lists, subaddressing and catch-all addresses support.
  • Automatic account configuration and discovery with autoconfig and autodiscover.
  • Multi-tenancy support with domain and tenant isolation.
  • Disk quotas per user and tenant.
• Secure and robust:
  • Encryption at rest with S/MIME or OpenPGP.
  • Automatic TLS certificate provisioning with ACME using TLS-ALPN-01, DNS-01 or HTTP-01 challenges.
  • Automated blocking of IP addresses that attack, abuse or scan the server for exploits.
  • Rate limiting.
  • Security audited (read the report).
  • Memory safe (thanks to Rust).
• Scalable and fault-tolerant:
  • Designed to handle growth seamlessly, from small setups to large-scale deployments.
  • Built with fault tolerance and high availability in mind, recovers from hardware or software failures with minimal operational impact.
  • Partition-tolerant failure detection, ensuring continuous operation even during network partitions or node failures.
  • Coordinator-free architecture with automatic node discovery eliminates central bottlenecks and single points of failure.
  • Kubernetes support for automated scaling and efficient container orchestration.
  • Read replicas, sharded blob storage and in-memory data stores for high performance and low latency.
• Authentication and Authorization:
  • OpenID Connect authentication.
  • OAuth 2.0 authorization with authorization code and device authorization flows.
  • LDAP, OIDC, SQL or built-in authentication backend support.
  • Two-factor authentication with Time-based One-Time Passwords (2FA-TOTP)
  • Application passwords (App Passwords).
  • Roles and permissions.
  • Access Control Lists (ACLs).
• Observability:
  • Logging and tracing with OpenTelemetry, journald, log files and console support.
  • Metrics with OpenTelemetry and Prometheus integration.
  • Webhooks for event-driven automation.
  • Alerts with email and webhook notifications.
  • Live tracing and metrics.
• Web-based administration:
  • Dashboard with real-time statistics and monitoring.
  • Account, domain, group and mailing list management.
  • SMTP queue management for messages and outbound DMARC and TLS reports.
  • Report visualization interface for received DMARC, TLS-RPT and Failure (ARF) reports.
  • Configuration of every aspect of the mail server.
  • Log viewer with search and filtering capabilities.
  • Self-service portal for password reset and encryption-at-rest key management.

For more information click here.