Caution
Do not use this feature as a main mail server without a redundancy system and proper knowledge.
Warning
Stalwart and Nextcloud community containers are solutions under development.
The mail server is one of the most difficult services to deploy. This solution is quite stable (used for my own cloud) but it is not enterprise quality.
If you have any suggestions, questions, or want to report a bug, open an issue!
This container is used in Nextcloud All-In-One to provide a mail server. It works with the Caddy community container as a reverse proxy.
Compared to a default Stalwart container, this container allows:
- Automatic configuration of a mail server.
- Compatibility with Nextcloud All-In-One backups.
- (Planned) Synchronization of Nextcloud and Stalwart accounts.
- A server with a static IP address.
- Ensure that ports
25
,465
,993
,4190
, and10003
are not used by another program. (Usesudo netstat -tulpn
to list all used ports). - Deploy the Caddy community container as a reverse proxy. (Other solutions are possible, see: Use Your Own Reverse Proxy).
See how to use community containers.
After installation on Nextcloud, go to https://mail.$NC_DOMAIN/login
and log in with the following credentials:
- Username:
admin
- Password: Get with the command
docker inspect nextcloud-aio-stalwart | grep STALWART_USER_PASS
Once connected, add a domain, configure your DNS zone, and create your users.
Additionally, you might want to install and configure Snappymail or Mail inside Nextcloud to use your mail accounts for sending and retrieving emails.
If you want to change Stalwart server, you can export your data by following command:
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Export the data
docker run --rm -it -v nextcloud_aio_stalwart:/opt/stalwart-mail -v "$LOCATION:/export" --entrypoint /bin/stalwart-mail nextcloud_aio_stalwart --config /opt/stalwart-mail/etc/config.toml --export /export
Now your data is in the $LOCATION
folder
To import your data to a new Stalwart server for the folder $LOCATION
, use the following command with:
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Import the data
docker run --rm -it -v nextcloud_aio_stalwart:/opt/stalwart-mail -v "$LOCATION:/import" --entrypoint /bin/stalwart-mail nextcloud_aio_stalwart --config /opt/stalwart-mail/etc/config.toml --import /import
Now your data is imported, go inside your All-In-One panel and restart your container.
Try to update the container in the Nextcloud All-In-One panel.
If it doesn't resolve the issue, upgrade manually the WebAdmin with the following command:
docker exec -it nextcloud-aio-stalwart bash /webadmin.sh
# Or if you change the fallback admin password
docker exec -it nextcloud-aio-stalwart curl -k -u "$USER:$PASSWORD" http://127.0.0.1:10003/api/update/webadmin
Important
This image overrides the configuration of Stalwart on every start. You can find the list of all managed settings in the Managed Settings section. The managed settings prevent breaking links with Nextcloud and the Caddy community container.
See the Stalwart FAQ for all possibilities.
For any questions, open an issue!
Before changing the password, disable the managed credential of fallback admin. See Managed Settings.
Then you can change the password in the WebAdmin.
To configure a custom domain for the mail server, follow these steps:
- Disable the managed configuration of certificates. See Managed Settings.
- Configure your own reverse proxy. See Use Your Own Reverse Proxy.
- Add your own certificate. See Stalwart Certificate.
Redirect HTTP (or HTTPS) traffic from mail.$NC_DOMAIN
to port 10003
of the nextcloud-aio-stalwart
container in HTTP.
Then add your own certificate. See: Use Your Own Certificate
Example with Caddyfile
syntax:
https://mail.{$NC_DOMAIN}:443 {
reverse_proxy http://{$STALWART_HOSTNAME}:10003
}
Add a certificate in volume nextcloud_aio_caddy
in this path:
$VOLUME_ROOT/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.$NC_DOMAIN/mail.$NC_DOMAIN.key
$VOLUME_ROOT/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.$NC_DOMAIN/mail.$NC_DOMAIN.crt
If you're using Caddy, mount the volume nextcloud_aio_caddy
to your Caddy container and add this storage global directive:
{
storage file_system {$VOLUME_ROOT}/caddy
}
If you're using another domain, disable the managed configuration of certificates. See Managed Settings and Stalwart Certificate.
Disable some automatic override configurations with environment variables in the file /opt/stalwart-mail/etc/aio-config.env
.
Variable | Description | Default | WebAdmin URL |
---|---|---|---|
SECURE_DATA_AFTER_UPGRADE |
Prevent the server from starting if the data is in an old format. | ON |
|
ENSURE_MAIL_PORT_CONFIG |
Manage mail exchange port configuration. This port is used to receive emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-mail/edit |
ENSURE_SUBMISSION_PORT_CONFIG |
Manage mail submission port configuration. This port is used to send emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-submission/edit |
ENSURE_IMAP_PORT_CONFIG |
Manage IMAP port configuration. This port is used to read emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-imap/edit |
ENSURE_WEB_PORT_CONFIG |
Manage web port configuration. This port is used to access the WebAdmin. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-caddy/edit |
ENSURE_MANAGESIEVE_PORT_CONFIG |
Manage managesieve port configuration. This port is used to manage filters. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-managesieve/edit |
ENSURE_STORAGE_CONFIG |
Manage storage configuration. | ON |
https://mail.$NC_DOMAIN/settings/store/aio-rocksdb/edit |
ENSURE_DIRECTORY_CONFIG |
Manage directory configuration. This is the system to manage users. |
ON |
https://mail.$NC_DOMAIN/settings/directory/aio-rocksdb/edit |
ENSURE_FILE_LOGGING_CONFIG |
Manage file logging configuration. This provides access to logs from the WebAdmin. |
ON |
https://mail.$NC_DOMAIN/settings/tracing/aio-log/edit |
ENSURE_CONSOLE_LOGGING_CONFIG |
Manage console logging configuration. This provides access to logs from Docker and the master container interface. |
ON |
https://mail.$NC_DOMAIN/settings/tracing/aio-stdout/edit |
ENSURE_FALLBACK_ADMIN_CONFIG |
Manage fallback admin configuration. This is the admin account to access the WebAdmin. |
ON |
https://mail.$NC_DOMAIN/settings/authentication/edit |
AUTO_CONFIG_TLS_CERT |
Manage configuration of TLS certificates from the Caddy community container. This is used to secure the connection for the mail protocol. |
ON |
https://mail.$NC_DOMAIN/settings/certificate/caddy-aio/edit |
Note
Unless the starting script tells you, you have no action to do to update.
During a major server update, this message will be displayed:
Your data is in an old format.
Make a backup and see https://github.com/docjyJ/aio-stalwart#Upgrading
To avoid any loss of data, Stalwart will not launch.
Caution
Before each update, don't forget to make a backup.
To upgrade from 0.9.x to 0.10.x, run the following command:
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Check the data version is in 0.9 (output should be '0.9')
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.9.4 /opt/stalwart-mail/aio.lock
# Enable the new data version
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.10.0 -i 's/^0.9$/0.10/g' /opt/stalwart-mail/aio.lock
Then, go inside your All-In-One panel and restart your container.
This migration does not require any action, but the organization of the database and autoconfiguration script has changed.
- Be vigilant about possible the data loss, see Stalwart 0.9.0
- Be careful if you have made any settings, the autoconfiguration script might overwrite them, see Managed Settings.
To upgrade from 0.8.x to 0.9.x, run the following steps:
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Check the data version is in 0.8.0 (output should be '0.8.0')
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.8.0 /opt/stalwart-mail/aio.lock
# BACKUP YOUR CONFIGURATION FILE
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.9.0 /opt/stalwart-mail/etc/config.toml
# Enable the new data version
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.9.0 -i 's/^0.8.0$/0.9/g' /opt/stalwart-mail/aio.lock
Then, go inside your All-In-One panel and restart your container.
You can verify your config file with the following command after starting the container:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.9.0 /opt/stalwart-mail/etc/config.toml
To upgrade from 0.7.x to 0.8.x, run the following steps:
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Check the data version is in 0.7.0 (output should be '0.7.0')
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.7.3 /opt/stalwart-mail/aio.lock
# Export your data
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/stalwart-mail stalwartlabs/mail-server:v0.7.3 --config /opt/stalwart-mail/etc/config.toml --export /opt/stalwart-mail/export_7_to_8
# Import your data
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/stalwart-mail stalwartlabs/mail-server:v0.8.0 --config /opt/stalwart-mail/etc/config.toml --import /opt/stalwart-mail/export_7_to_8
# Enable the new data version
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.8.0 -i 's/^0.7.0$/0.8.0/g' /opt/stalwart-mail/aio.lock
Now go inside your All-In-One panel and restart and upgrade yours containers.