It's interesting how there is now

* Maddy: https://github.com/foxcpp/maddy

* Mox: https://github.com/mjl-/mox

* and Stalwart

which all see to aim for more or less the same niche. I wonder if we'll see two of those merge eventually.

Maddy and Mox are written in Goo, but Stalwart in Rust. So perhaps the first two, but unlikely the last.

They're written in Go, but I think I like the concept of a language called Goo. Maybe they should've named it that instead.

Goo is a nice name for object-oriented Go.

Only Stalwart supports JMAP, which imo is the future of mail/calendar/contacts client-server communication.

https://jmap.io/

It seems JMAP isn't universally loved, see for instance the spirited discussion in [0], although I've no direct experience.

My Maildirs "justed worked" though, and have been moved across dozens of servers - not to mention worked in so many different filesystems - over the years.

[0] https://news.ycombinator.com/item?id=19876710

Have been running Stalwart for around 6months now. Works great so far. Setting up DKIM, DMARC, SPF etc. was a breeze.

Now I am able to send reliably to Gmail, and semi-reliably to Outlook.

My mail volumes are very low however. I just setup this as my SMTP server just for the heck of it.

This is fantastic. I'm in the process of setting up a personal mail server. I have played a bit with mailcow in the past but my new server is running NixOS, so I'm looking for something that has been implemented there. And happened to stumble upon stalwart for the first time today. A web admin will certainly make the switch from mailcow easier.

The other contender was getting nixos-mailserver up and running alongside postfixadmin. But with stalwart I wont have to do that wiring up.

Side note: I route outgoing messages to sendgrid.

Stalwart is great and has out of the box JMAP support - I don't believe there's anything else out right now that checks all the boxes like Stalwart for an AIO mailserver.

What does the update process look like?

After I install this via the install script on, say, Debian. An update comes along. What do I do? Run the install script again?

Or does the web UI have a process for initiating an update?

I couldn't find any information on this on the website: I consider this essential information.

[Edit] I found it: https://stalw.art/docs/management/webadmin/usage

> With every subsequent restart of Stalwart, the server fetches the Webadmin binary from the blob store, extracting it into a temporary directory. This process guarantees that the Webadmin is always available and updated

That's a little too efficient for my taste.

How does the directory management ui work with an external directory, say LDAP?

I've been looking at both Stalwart and Kanidm, I suspect they would be a good pairing.

https://kanidm.com/

I'd be very interested to know as well. Although the last time I attempted to run kanidm in a containerized fashion it left a lot to be desired.

The software is (perhaps expectedly) not really built to support semi-ephemeral lifetimes, so it took quite a few hacks to get it running in Kubernetes the last time I tried.

As I recall, the primary issue I had was with exposing the certman-provided Let's Encrypt certificates to the kanidm process inside the container in a reasonable fashion. I don't think I found an elegant way of signalling to the kanidm process that the certificates had been renewed and should be reloaded.

i paired it with ldap. So users and adresses are managed by ldap

ldap is currently a second citizen in stalwart tho so there are rough edges and missing features. But the basics are there

From the main project page, it mentions it has typical alias support: >Email aliases, mailing lists, subaddressing and catch-all addresses support.

Another feature that would be nice to have built-in is masked hide-my-email aliases for privacy like the cloaked email services from iCloud, FastMail, SimpleLogin, Cloudflare email routing, etc.[1]

For now, I use the typical aliases addresses in Dovecot but it doesn't hide the real email when replying. Also, creating new aliases in Dovecot-based email systems is very tedious and cumbersome because you have to go through the cPanel interface to create them. (Some suggest using the "catchall" feature to avoid the need to manually create new aliases but that advice is not workable when spam robots constantly send emails to new random addresses in your domain.) The cPanel/Dovecot aliases also don't have any metadata so you can add details on what the alias is for and when it was created.

[1] masked email services examples

https://support.apple.com/en-us/105078

https://www.fastmail.help/hc/en-us/articles/4406536368911-Ma...

https://simplelogin.io/

https://blog.cloudflare.com/introducing-email-routing

EDIT ADD to reply : >On Stalwart you can implement masked e-mail using address rewriting

Stalwart's feature of "Sieve scripts" for custom rewriting/filtering is interesting but it's not UI friendly for endusers to create new masked email addresses (and also later delete them). There's also no user-defined metadata. It's also not clear if Sieve scripts can run on outgoing mail rather than just incoming mail. Example of how UI workflow in Apple's Hide My Email is simpler than Stalwart Sieve scripting: https://www.youtube.com/watch?v=oJRrkJy0vUk&t=34s

The project name escapes me, but there was a python project that generated email addresses with a hmac, and rejected invalid addresses (some-prefix-c679ba1@example.com). I think it came out a little before the rise of grey listing.

https://blame.email/ is a website that does this. I wrote a Lua checker for rspamd that bypasses the spam filter if the address is "signed". I also have a bookmarklet that generates a signed address and inserts it into the current text field.

On Stalwart you can implement masked e-mail using address rewriting:

https://stalw.art/docs/smtp/rewrite/address

I’m using postfix/dovecot with mysql backed accounts (compatible with postfixadmin) and I have a tiny bash script that:

* generates a random email

* asks for an optional description

* inserts new email to the database

* adds an entry to postgrey whitelist

* emails me the address and description (so I can search the email address later in my inbox if necessary)

Works a treat for me, but not something my family can use.

"No runtimes or garbage collectors." seems like an odd thing to advertise. Have either of these been the cause of problems in mail servers in the past? I'm guessing not?

Who takes out the junk mail when there are no garbage collectors?

Once upon a time, ran scaled, HA Zimbra instances as a commercial service.

Is there anything approaching "Microsoft Exchange" today without the Microsoft or commercial pseudo-FOSS?

I've been a happy MailInABox user for many years, but this looks great.

Is there a reliable solution we could use for our small startup? We want to shoot out daily emails to our users, like Bandcamp or Substack do.

We could ofc use Mailchimp but always happy to explore self hosting. Would this or another solution work?

I've been using Postal Server for 2 years ( https://docs.postalserver.io/ ) sending around 50k emails / day without any issue.

Just make sure you set up everything (SPF, DKIM, DMARC) correctly, including the PTR reverse lookup of your server ( really important ).

Key tip: warm up your ip(s). I use mailreach.co ( it has a USD 25/m cost ), reached near 100% deliverability in a month.

I now have barely have any maintenance to do. It just works.

> Just make sure you set up everything (SPF, DKIM, DMARC) correctly, including the PTR reverse lookup of your server ( really important ).

I don't know much about mail server and this must be how people feel when they watch Hollywood movie hacker moment

It's mostly DNS records. Postal Server has good documentation and tools helping you set up quite everything in their UI.

It seems Stalwart also makes it easy in their UI based on the gif in the post. You can see at some point a list of DNS entries to update.

The only missing thing in all these is the PTR record which needs to be set up at the hosting level.

A good tool to check if everything is OK is https://www.mail-tester.com/

It's not that hard, and less work than it used to be.

Most of the movie hacker moment is often people who want to setup and configure and maintain each component of an email server manually, compared to a reasonably compiled package to allow more administration of it.

If this package isn't someone's cup of tea, products like MDaemon continue to exist and crush it for self-hosting email using a windows server just fine for the past 15-20y.

Postal is not very well maintained, I don't think it's a wise choice to use it if alternatives exist.

Why? Last commit on main branch was 3 weeks ago.

It's not perfect ( a bit slow ), but really easy to set up and configure. Which was the main draw.

Thanks! Wdym by warm up your ips? How does mailreach relate to the setup?

What email warming services do is they create activity between your server and hundreds of email accounts they manage on major ISPs and they make sure to click on "not spam" if it falls under spam, and try to bring your emails to the main inbox.

It's a bit of a grey area thing in fairness.

If service providers don't already detect such users it's quite guaranteed that they will in the future.

Trying to game the system is frowned upon in all cases.

Oh cool. So that's what mailreach does? Sounds great tbh

Sounds malicious.

Not inherently. Whole IP blocks seem more or less black-listed by Google and Microsoft. So if you happen to get a server in that block, you can't send email.

Roll your own with Amazon SES. Bang up a little script and call the CLI.

    for recipient in "${recipients[@]}"; do
    aws sesv2 send-email \
      --from-email-address "$sender" \
      --destination "ToAddresses=$recipient" \
      --content "Simple={Subject={Data='$subject',Charset='UTF-8'},Body={Text={Data='$body',Charset='UTF-8'}}}" \
      --region "$region"
    done

I got that script from their website. Should be easy enough to knock something up in Deno or whatever. 50,000 emails/month free! Amazing.

If you want an actual product, check out Buttondown. Indie, great support, and amazing APIs.

At my corp we are almost to tge point of sending amazon ses straight to spam by default. Those guys will send email for anyone with predictable quality problems.

And if you are looking for an easy-to-use UI on top of SES, consider this app https://sendy.co/ which is downloadable and self-hosted.

Tbh I haven't used it in a few years but it was super useful. I see it's a one-time cost of $69 (used to be $29 but that was over a decade ago).

For those using AWS SES, I have had good success with SendWithSES - https://sendwithses.com

Disclaimer: I'm in contact with the founder after stumbling on HackerNews and I'm trying to help revive this awesome and economical tool. (I'm not paid.)

Thanks! Any guide wrt using dkim / dmarc and such to ensure it's bulletproof? Any customizations you did beyond the CLI script above?

My entire script is here.

https://gist.github.com/johnnydecimal/e7b1a03e26b79239363b5d...

Though I've since updated that to include a .txt file as the body vs. typing it out in the email. But that's easy enough.

I might have added TXT records to satisfy DKIM etc., I don't remember. There are guides on the Amazon site; I'm a bit of a dummy when it comes to this so if I worked it out it must have been obvious enough.

Tyvm! If you have pointers to find the guides that'd be appreciate just for the sake of seeing if they're a good option. I'll look either way. Ty for the help

Just the 'getting started' stuff here. Like I say I remember it being pretty obvious. The doco is good.

https://docs.aws.amazon.com/ses/

In my experience, it’s extremely difficult to get out of the SES sandbox, for what I presume is if your account/org is under a certain amount of spend with them. While basically free under a certain amount of usage, the gatekeeping there does make the idea of self-hosting your email free/cheaply sort of a nonstarter for indie devs.

For context, getting out of the sandbox at every org I worked at was essentially a single ticket with the word please and had almost immediate approval.

For my own account for a low volume form notification tool I wrote AWS’s response was ‘We will not approve your request and we will not revisit this decision’.

I actually just did this a couple weeks ago. I'm just one data point, so I've no real idea what the difficulty is of escaping the sandbox, but I created a brand new AWS account, made it clear that I'd be using SES purely for low volume transactional emails for people who had opted in and could opt out at any time, and they approved me within a couple days.

I got approved instantly for personal mail for my domains. even though they charge for smtp they don't actually take payment for very small amounts so it has been completely free for over a year.

Mine did take a week but I have an actual website and active forum that I could point them to so perhaps that helped.

I wouldn’t want to deal with deliverability issues, which are very much a matter of quality of service and industry relationships rather than a matter of having the right software. Just use Mailchimp or Sendgrid or Amazon’s email service, pay the small service fee, send high quality email, and don’t get distracted by trying to figure out why your emails are going to spam.

I played around a bit with both Sendgrid and Amazon SES and found that actually my own exim server on a VPS with a small and reputable provider had quite a bit better deliverability than either of those.

Yep used an Exim setup on a VPS for years for a small traffic site with little issue. I’m running something still on there but a little more modern docker setup with DKIM etc.

This is more of a GMail alternative. Sending personal emails and sending marketing emails are two very completely different beasts.

Postmark and Mailgun are both solid choices and probably better than Mailchimp for higher volume / non-marketing emails (however, they are SaaS)

I've been using Listmonk (very easy to customize), sending ~35,000 mails / weekly as an alternative to Mailchimp with AWS SES as a backend but a self-hosted stalwart server could do the trick. We're saving ~600$/month by not using Mailchimp.

For hosted solution, you'll find mailerlite is far better than mail chimp.

The biggest issue you will likely encounter is having clean IP addresses to send from. If you have that problem solved, the next hurdle will be realizing that Stalwart is more than you would need to manage sending daily emails. If you have the IP addresses, you could just use a script that grabs email addresses to send to for the day, and ship them with a fairly straightforward SMTP daemon (sendmail) installation on a VPS.

Stalwart might be a good use case for your business/employee mail account handling, however.

Yeah looks like based on the replies it's more of a Gmail alternative. Which is great but not about sending so much. Have you had a chance to setup sendmail? how we've been using our own baremetal setup on hetzner (ipfs box) and could use that for sending too. Any recos on how to make sure the IP is seen as clean?

I'm personally a user and fan of poste.io. Other than just being open-source, is there a good reason I might want to switch to Stalwart?

Looks nice! I could see myself reconfiguring my current OpenSMTPd based setup to have OpenSMTPd relay incoming mail to Stalwart and having Stalwart make the decision about which mails to keep or discard. Def gonna experiment with that this weekend :D

Really interesting project with JMAP support ! I would like time to test it !

Just tried to set it up on a fresh Ubuntu free VM on Oracle cloud and I can't seem to be able to even login after setup.

Oh well, might look into it when I have more time. Looks promising though!

Hmm, interesting, it only binds on the IPv6 address. It does work but IPv4 does not seem to be working.

noob question: how does this compare to something like vestacp, which install a lot more and mail (roundcube frontend)? I have been using it since 5 years and always work like a charm, maybe HN give me the reason to move on. :')

The best smtp server out there!

How reliable is mail delivery ootb with dmarc, spf and dkm in your experience? (I guess it really depends on the reputation of the IP and not the mail server)

It’s frustrating if you’re unlucky and have an IP with bad reputation, or accidentally send emails with low performance. Getting unblocked is sometimes not possible if you’re on your own. Authentication helps but it’s not enough in practice still.