Caution
Do not use this feature as a main mail server without a redundancy system and proper knowledge.
Warning
Stalwart and Nextcloud community containers are solutions under development.
The mail server is one of the most difficult services to deploy. This solution is quite stable (used for my own cloud) but it is not enterprise quality.
If you have any suggestions, questions, or want to report a bug, open an issue!
This container is used in Nextcloud All-in-One to provide a mail server. It works with the Caddy community container as a reverse proxy.
Compared to a default Stalwart container, this container allows:
- Automatic configuration of a mail server.
- Compatibility with Nextcloud AIO backups.
- (Planned) Synchronization of Nextcloud and Stalwart accounts.
- A server with a static IP address.
- Ensure that ports
25
,465
,993
,4190
, and10003
are not used by another program. (Usesudo netstat -tulpn
to list all used ports). - Deploy the Caddy community container as a reverse proxy. (Other solutions are possible, see: Use Your Own Reverse Proxy).
See how to use community containers.
After installation on Nextcloud, go to https://mail.$NC_DOMAIN/login
and log in with the following credentials:
- Username:
admin
- Password: Get with the command
docker inspect nextcloud-aio-stalwart | grep STALWART_USER_PASS
Once connected, add a domain, configure your DNS zone, and create your users.
Additionally, you might want to install and configure Snappymail or Mail inside Nextcloud to use your mail accounts for sending and retrieving emails.
Important
This image overrides the configuration of Stalwart on every start. This prevents you from making changes that break links with Nextcloud and the Caddy Community Container.
See the Stalwart FAQ for all possibilities.
For any questions, open an issue!
Before changing the password, disable the automatic configuration of the fallback admin. See Options.
Then you can remove or change the password in the web-admin.
You can use a custom domain for the mail server. To configure it follow this step:
- Disable the automatic configuration of certificates. See Options.
- Configure your own reverse proxy. See Use Your Own Reverse Proxy.
- Add your own certificate. See Stalwart Certificate.
Redirect HTTP (or HTTPS) traffic from mail.$NC_DOMAIN
to port 10003
of the nextcloud-aio-stalwart
container in HTTP.
Then add your own certificate. See: Use Your Own Certificate
Example with Caddyfile
syntax:
https://mail.{$NC_DOMAIN}:443 {
reverse_proxy http://{$STALWART_HOSTNAME}:10003
}
Add a certificate in volume nextcloud_aio_caddy
in this path:
$VOLUME_ROOT/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.$NC_DOMAIN/mail.$NC_DOMAIN.key
$VOLUME_ROOT/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.$NC_DOMAIN/mail.$NC_DOMAIN.crt
If you're using Caddy, mount the volume nextcloud_aio_caddy
to your Caddy container and add this storage global directive:
{
storage file_system {$VOLUME_ROOT}/caddy
}
If you're using another domain, disable the automatic configuration of certificates. See Options and Stalwart Certificate.
Disable some automatic override configurations with environment variables in the file /opt/stalwart-mail/etc/aio-config.env
.
Variable | Description | Default | WebAdmin URL |
---|---|---|---|
SECURE_DATA_AFTER_UPGRADE |
Prevent the server from starting if the data is in an old format. | ON |
|
ENSURE_MAIL_PORT_CONFIG |
Force mail exchange port configuration. This port is used to receive emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-mail/edit |
ENSURE_SUBMISSION_PORT_CONFIG |
Force mail submission port configuration. This port is used to send emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-submission/edit |
ENSURE_IMAP_PORT_CONFIG |
Force IMAP port configuration. This port is used to read emails. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-imap/edit |
ENSURE_WEB_PORT_CONFIG |
Force web port configuration. This port is used to access the web-admin. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-caddy/edit |
ENSURE_MANAGESIEVE_PORT_CONFIG |
Force managesieve port configuration. This port is used to manage filters. |
ON |
https://mail.$NC_DOMAIN/settings/listener/aio-managesieve/edit |
ENSURE_STORAGE_CONFIG |
Force storage configuration. | ON |
https://mail.$NC_DOMAIN/settings/store/aio-rocksdb/edit |
ENSURE_DIRECTORY_CONFIG |
Force directory configuration. This is the system to manage users. |
ON |
https://mail.$NC_DOMAIN/settings/directory/aio-rocksdb/edit |
ENSURE_FILE_LOGGING_CONFIG |
Force file logging configuration. This provides access to logs from the web-admin. |
ON |
https://mail.$NC_DOMAIN/settings/tracing/aio-log/edit |
ENSURE_CONSOLE_LOGGING_CONFIG |
Force console logging configuration. This provides access to logs from Docker and the master container interface. |
ON |
https://mail.$NC_DOMAIN/settings/tracing/aio-stdout/edit |
ENSURE_FALLBACK_ADMIN_CONFIG |
Force fallback admin configuration. This is the admin account to access the web-admin. |
ON |
https://mail.$NC_DOMAIN/settings/authentication/edit |
AUTO_CONFIG_TLS_CERT |
Automatically configure TLS certificates from the Caddy community container. This is used to secure the connection for the mail protocol. |
ON |
https://mail.$NC_DOMAIN/settings/certificate/caddy-aio/edit |
First, stop the stalwart-mail container and then enter the container by replacing 0.x.x
with the version you are using.
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Go inside container in 0.x.x
docker run --rm -it -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/bash stalwartlabs/mail-server:v0.x.x
Then, run the following command inside the container:
# If export folder exists, remove it
rm -r /opt/stalwart-mail/export
# Export the data
stalwart-mail --config /opt/stalwart-mail/etc/config.toml --export /opt/stalwart-mail/export
# Exit the container
exit
Now your backup is done.
Stop the stalwart-mail container and then import your backup by replacing 0.x.x
with the version you are using.
# Stop stalwart-mail container
docker stop nextcloud-aio-stalwart
# Import your data in 0.x.x
docker run --rm -it -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/stalwart-mail stalwartlabs/mail-server:v0.x.x --config /opt/stalwart-mail/etc/config.toml --import /opt/stalwart-mail/export
You have now restored your backup.
Note
Unless the starting script tells you, you have no action to do to update.
During a major server update, this message will be displayed:
Your data is in an old format.
Make a backup and see https://github.com/docjyJ/aio-stalwart#Upgrading
To avoid any loss of data, Stalwart will not launch.
Caution
Before each update, don't forget to make a backup.
To upgrade from 0.9.x to 0.10.x, run the following command:
- Stop the stalwart-mail container:
docker stop nextcloud-aio-stalwart
- Check the data version is in
0.9
:docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.9.4 /opt/stalwart-mail/aio.lock
- Now you can do a backup in AIO interface or manually in version 0.9.4 (see Create Backup in 0.x.x) if you haven't done it yet.
- Finally, enable the new data version by running the following command:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.10.0 -i 's/^0.9$/0.10/g' /opt/stalwart-mail/aio.lock
Then, go inside your AIO panel and restart your container.
This migration does not require any action, but the organization of the database and autoconfiguration script has changed.
- Be vigilant about possible data loss, see Stalwart 0.9.0
- Be careful if you have made any settings, the autoconfiguration script might overwrite them, see Options.
To upgrade from 0.8.x to 0.9.x, run the following steps:
- Stop the stalwart-mail container:
docker stop nextcloud-aio-stalwart
- Check the data version is in
0.8.0
:docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.8.0 /opt/stalwart-mail/aio.lock
- Backup your configuration file by copying out of this command:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server /opt/stalwart-mail/etc/config.toml
- Now you can do a backup in AIO interface or manually in version 0.8.5 (see Create Backup in 0.x.x) if you haven't done it yet.
- Finally, enable the new data version by running the following command:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.9.0 -i 's/^0.8.0$/0.9/g' /opt/stalwart-mail/aio.lock
Then, go inside your AIO panel and restart your container.
You can verify your config file with the following command after starting the container:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.9.0 /opt/stalwart-mail/etc/config.toml
To upgrade from 0.7.x to 0.8.x, run the following steps:
- Stop the stalwart-mail container:
docker stop nextcloud-aio-stalwart
- Check the data version is in
0.7.0
:docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/cat stalwartlabs/mail-server:v0.7.3 /opt/stalwart-mail/aio.lock
- You must export your data before upgrading. Use stalwart version
0.7.3
and follow steps Create Backup in 0.x.x. - Now you can do a backup in AIO interface if you haven't done it yet.
- After exporting, import your data by using stalwart version
0.8.0
and follow steps Restore Backup in 0.x.x. - Finally, enable the new data version by running the following command:
docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail --entrypoint /bin/sed stalwartlabs/mail-server:v0.8.0 -i 's/^0.7.0$/0.8.0/g' /opt/stalwart-mail/aio.lock
Now go inside your AIO panel and restart and upgrade your container.