NixOS Wiki

Stalwart: Difference between revisions

← Older edit
VisualWikitext
Onny (talk | contribs)
261 edits
mNo edit summary
Xor (talk | contribs)
1 edit
typo 127.0.01
 
(7 intermediate revisions by 2 users not shown)
Line 2: Line 2:


== Setup ==
== Setup ==
The following example enables the Stalwart mail server for the domain ''example.org'', listening on mail delivery SMTP/Submission (<code>25, 465</code>), IMAPS (<code>993</code>) and JMAP ports (8080/443) for mail clients to connect to. Mailboxes for the accounts <code>postmaster@example.org</code> and <code>user1@example.org</code> get created if they don't exist yet.{{Note|Parts of this module are not yet stable will be available with the upcoming NixOS release 24.11.}}{{file|/etc/nixos/configuration.nix|nix|3=environment.etc = {
The following example enables the Stalwart mail server for the domain ''example.org'', listening on mail delivery SMTP/Submission (<code>25, 465</code>), IMAPS (<code>993</code>) and JMAP ports (8080/443) for mail clients to connect to. Mailboxes for the accounts <code>postmaster@example.org</code> and <code>user1@example.org</code> get created if they don't exist yet.
 
{{file|/etc/nixos/configuration.nix|nix|3=environment.etc = {
   "stalwart/mail-pw1".text = "foobar";
   "stalwart/mail-pw1".text = "foobar";
   "stalwart/mail-pw2".text = "foobar";
   "stalwart/mail-pw2".text = "foobar";
Line 11: Line 13:
services.stalwart-mail = {
services.stalwart-mail = {
   enable = true;
   enable = true;
  # Required before < NixOS 24.11 to use the latest Stalwart release
   package = pkgs.stalwart-mail;
   package = pkgs.stalwart-mail;
   openFirewall = true;
   openFirewall = true;
   settings = {
   settings = {
     server = {
     server = {
       hostname = "example.org";
       hostname = "mx1.example.org";
       tls = {
       tls = {
         enable = true;
         enable = true;
Line 53: Line 54:
       challenge = "dns-01";
       challenge = "dns-01";
       contact = "user1@example.org";
       contact = "user1@example.org";
       domains = [ "example.org" ];
       domains = [ "example.org" "mx1.example.org" ];
       provider = "cloudflare";
       provider = "cloudflare";
       secret = "%{file:/etc/stalwart/acme-secret}%";
       secret = "%{file:/etc/stalwart/acme-secret}%";
Line 94: Line 95:
     "webadmin.example.org" = {
     "webadmin.example.org" = {
       extraConfig = ''
       extraConfig = ''
         reverse_proxy http://127.0.01:8080
         reverse_proxy http://127.0.0.1:8080
       '';
       '';
       serverAliases = [
       serverAliases = [
Line 104: Line 105:
     };
     };
   };
   };
};}}TLS key generation is done using DNS-01 challenge through Cloudflare domain provider, see dns-update library for [https://github.com/stalwartlabs/dns-update further providers] or configure [https://stalw.art/docs/server/tls/certificates manual certificates].
};}}
 
TLS key generation is done using DNS-01 challenge through Cloudflare domain provider, see dns-update library for [https://github.com/stalwartlabs/dns-update further providers] or configure [https://stalw.art/docs/server/tls/certificates manual certificates].


== Configuration ==
== Configuration ==
Line 110: Line 113:
=== DNS records ===
=== DNS records ===
Before adding required records to the example domain <code>example.org</code>, we need to register the domain on the Stalwart server.<syntaxhighlight lang="shell">
Before adding required records to the example domain <code>example.org</code>, we need to register the domain on the Stalwart server.<syntaxhighlight lang="shell">
stalwart-cli --url https://webadmin.example.org domain example.org
stalwart-cli --url https://webadmin.example.org domain create example.org
</syntaxhighlight>
</syntaxhighlight>Authenticate using the fallback-admin password.
 
Review the list of which DNS records are required including their values for the mail server to work at https://webadmin.example.org/manage/directory/domains/tuxtux.com.co/view. Especially following records are essential:
 
* Record type: A, Name: example.org
* Record type: AAAA, Name: example.org
* Record type: CNAME, Name: autoconfig Value: example.org
* Record type: CNAME, Name: autodiscover, Value: example.org
* Record type: CNAME, Name: mail, Value: example.org
* Record type: CNAME, Name: mta-sts, Value: example.org
* Record type: CNAME, Name: mail, Value: example.org
* Record type: CNAME, Name: webadmin, Value: example.org
* Record type: MX, Name: example.org, Value: mx1.example.org
* Record type: SRV, Name: _imaps._tcp
* Record type: SRV, Name: _submissions._tcp
* Record type: TLSA, Name: _25._tcp.example.org., Value: Only the one starting with "3 1 1" required
* Record type: TLSA, Name: _25._tcp.mx1.example.org., Value: Only the one starting with "3 1 1" required
* Record type: TXT, Name: 202409e._domainkey
* Record type: TXT, Name: 202409r._domainkey
* Record type: TXT, Name: _dmarc
* Record type: TXT, Name: mx1
* Record type: TXT, Name: _smtp._tls
* Record type: TXT, Name: example.org


=== DNSSEC ===
=== DNSSEC ===
Line 134: Line 159:
The following minimal configuration example is unsecure and for testing purpose only. It will run the Stalwart mail server on <code>localhost</code>, listening on port <code>143</code> (IMAP) and <code>587</code> (Submission). Users <code>alice</code> and <code>bob</code> are configured with the password <code>foobar</code>.{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
The following minimal configuration example is unsecure and for testing purpose only. It will run the Stalwart mail server on <code>localhost</code>, listening on port <code>143</code> (IMAP) and <code>587</code> (Submission). Users <code>alice</code> and <code>bob</code> are configured with the password <code>foobar</code>.{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
   enable = true;
   enable = true;
  # Use newer, latest version in NixOS 24.05
  package = pkgs.stalwart-mail;
   settings = {
   settings = {
     server = {
     server = {
Retrieved from "https://wiki.nixos.org/wiki/Stalwart"