Stalwart: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 2: / Line 2: @@
 == Setup ==
-The following minimal configuration example is unsecure and for testing purpose only. It will run the Stalwart mail server on <code>localhost</code>, listening on port <code>143</code> (IMAP) and <code>587</code> (Submission). Users <code>alice</code> and <code>bob</code> are configured with the password <code>foobar</code>.{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
+The following example enables the Stalwart mail server for the domain ''example.org'', listening on mail delivery SMTP/Submission ports (<code>25, 465</code>) and IMAPS port (<code>993</code>) for mail clients to connect to. Mailboxes for the accounts <code>postmaster@example.org</code> and <code>user1@example.org</code> get created if they don't exist yet.{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
    enable = true;
-  # Use newer, latest version in NixOS 24.05
    package = pkgs.stalwart-mail;
+  openFirewall = true;
    settings = {
      server = {
-       hostname = "localhost";
+       hostname = "tuxtux.com.co";
-       tls.enable = false;
+       tls = {
+        enable = true;
+        implicit = true;
+      };
        listener = {
-         "smtp-submission" = {
+         smtp = {
-           bind = [ "[::]:587" ];
+          protocol = "smtp";
+          bind = "[::]:25";
+        };
+        submissions = {
+           bind = "[::]:465";
            protocol = "smtp";
          };
-         "imap" = {
+         imaps = {
-          bind = [ "[::]:143" ];
            protocol = "imap";
+          bind = "[::]:993";
+        };
+        management = {
+          bind = [ "127.0.0.1:8080" ];
+          protocol = "http";
          };
        };
      };
-     imap.auth.allow-plain-text = true;
+     lookup.default = {
+      hostname = "mx1.example.org";
+      domain = "example.org";
+    };
+    acme."letsencrypt" = {
+      directory = "https://acme-v02.api.letsencrypt.org/directory";
+      challenge = "dns-01";
+      contact = "user1@example.org";
+      domains = [ "example.org" ];
+      provider = "cloudflare";
+      secret = "****";
+    };
      session.auth = {
-       mechanisms = "[plain, auth]";
+       mechanisms = "[plain]";
        directory = "'in-memory'";
      };
@@ Line 29: / Line 51: @@
      session.rcpt.directory = "'in-memory'";
      queue.outbound.next-hop = "'local'";
+    directory."imap".lookup.domains = [ "example.org" ];
      directory."in-memory" = {
        type = "memory";
        principals = [
          {
-           class = "individual";
+           class = "admin";
-           name = "alice";
+           name = "User 1";
            secret = "foobar";
-           email = [ "alice@localhost" ];
+           email = [ "user1@example.org" ];
          }
          {
            class = "individual";
-           name = "bob";
+           name = "postmaster";
            secret = "foobar";
-           email = [ "bob@$localhost" ];
+           email = [ "postmaster@example.org" ];
          }
        ];
      };
    };
-};}}
+};
+services.caddy = {
+  enable = true;
+  virtualHosts = {
+    "webadmin.tuxtux.com.co" = {
+      extraConfig = ''
+        reverse_proxy http://127.0.01:8080
+      '';
+      serverAliases = [
+        "mta-sts.tuxtux.com.co"
+        "autoconfig.tuxtux.com.co"
+        "autodiscover.tuxtux.com.co"
+      ];
+    };
+  };
+};}}TLS key generation is done using DNS-01 challenge through Cloudflare domain provider, see dns-update library for [https://github.com/stalwartlabs/dns-update further providers] or configure [https://stalw.art/docs/server/tls/certificates manual certificates].
 == Configuration ==
@@ Line 72: / Line 111: @@
 Please note that this example snippet is for testing purpose and without further configuration the management web interface will run unencrypted on all interfaces which is unsecure.
+== Tips and tricks ==
+=== Unsecure setup for testing environments ===
+The following minimal configuration example is unsecure and for testing purpose only. It will run the Stalwart mail server on <code>localhost</code>, listening on port <code>143</code> (IMAP) and <code>587</code> (Submission). Users <code>alice</code> and <code>bob</code> are configured with the password <code>foobar</code>.{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
+  enable = true;
+  # Use newer, latest version in NixOS 24.05
+  package = pkgs.stalwart-mail;
+  settings = {
+    server = {
+      hostname = "localhost";
+      tls.enable = false;
+      listener = {
+        "smtp-submission" = {
+          bind = [ "[::]:587" ];
+          protocol = "smtp";
+        };
+        "imap" = {
+          bind = [ "[::]:143" ];
+          protocol = "imap";
+        };
+      };
+    };
+    imap.auth.allow-plain-text = true;
+    session.auth = {
+      mechanisms = "[plain, auth]";
+      directory = "'in-memory'";
+    };
+    storage.directory = "in-memory";
+    session.rcpt.directory = "'in-memory'";
+    queue.outbound.next-hop = "'local'";
+    directory."in-memory" = {
+      type = "memory";
+      principals = [
+        {
+          class = "individual";
+          name = "alice";
+          secret = "foobar";
+          email = [ "alice@localhost" ];
+        }
+        {
+          class = "individual";
+          name = "bob";
+          secret = "foobar";
+          email = [ "bob@$localhost" ];
+        }
+      ];
+    };
+  };
+};}}
 == See also ==