Get Stalwart
Architecture

Deploy how you want, scale when you need

Stalwart serves every mail and collaboration protocol your clients need (SMTP, IMAP, JMAP, POP3, ManageSieve, CalDAV, CardDAV, WebDAV) and stores data in the storage backends you already run. The same product scales from a single node to a multi-region cluster, with no external coordinator required.

Read the cluster docs
  • Pluggable storage
  • Cluster-ready
Stalwart cluster (any node serves any protocol) Clients JMAP IMAP SMTP Node 1 all protocols Node 2 all protocols Node N all protocols Coordination P2P Kafka Redis Storage Data store FoundationDB Blob store S3 / Azure Search store Elasticsearch In-memory store Redis / Valkey
Deployment models

Sized to your business, from one node to many.

Stalwart adapts to the size of the deployment. The same product runs the smallest single-node setup and the largest multi-region cluster, so what you start with does not limit what you can grow into.

  • Single-node: one Stalwart process serves every protocol on a single server, suited to small organisations and evaluation deployments.
  • Clustered: three or more nodes share a distributed data store; any node can serve any protocol, and listener allocation per node can be tuned for unified, service-specific or geographically distributed setups. See cluster overview.
  • Container orchestration: Stalwart runs on Kubernetes, Apache Mesos and Docker Swarm; the orchestrator handles node lifecycle and scaling. See orchestration overview.
  • Multi-region: nodes split across data centres or regions, paired with a multi-region data store and geo-replicated blob storage; global load balancers or DNS-based routing direct traffic regionally.
High availability

Seamless scalability for millions of mailboxes.

Stalwart was engineered to scale from the start, paired with modern storage backends like FoundationDB. Capacity grows by adding nodes, and high availability comes from the design itself, not from external proxies. Any node can take over for any other, so a node failure never strands a user or a queued message.

  • Load balancing and fault tolerance built into the cluster.
  • Node autodiscovery for streamlined network expansion.
  • Network partition-tolerant failure detection.
  • Simplified architecture without external coordinators or proxies.
  • Optional message-bus integration (Apache Kafka, Redpanda, NATS, Redis) for teams that already run one.
Storage tier

Pick the storage that fits the deployment.

Stalwart separates persistent state into four roles and lets you pick a backend for each, so you can match what the team already runs (or already knows how to back up) instead of being told which database to deploy.

  • Data store for structured metadata: RocksDB, FoundationDB, PostgreSQL or AlloyDB, MySQL or MariaDB, SQLite.
  • Blob store for message bodies, attachments, Sieve scripts and WebDAV files: S3-compatible, Azure Blob, or filesystem.
  • Search store for full-text indexes across message content and headers.
  • In-memory store for ephemeral state such as rate-limit counters and session data: Redis, Valkey, or the primary data store.
Full-text search

Search that grows with the deployment.

Full-text search can run inside Stalwart or be delegated to a dedicated engine. The internal engine indexes 17 languages and requires no extra service, which is the right fit for small and medium deployments. For larger workloads, a dedicated engine takes the indexing load off the data store.

  • Internal: bloom-filter index built into Stalwart, no extra service required.
  • Meilisearch: lightweight, fast indexing with minimal configuration.
  • Elasticsearch / OpenSearch: distributed search at scale.
  • PostgreSQL / MySQL: reuse a relational backend already in the stack.
Read full-text search
Operations

Web admin, CLI and standard observability.

  • Web administration for accounts, domains, groups, mailing lists, queue control, report visualisation, log viewer and a self-service portal. See WebUI overview.
  • Declarative configuration through a CLI that reconciles a declarative bundle of objects against a running server, with snapshots back to disk. See apply and snapshot.
  • Observability with OpenTelemetry, a Prometheus endpoint, webhooks, journald and log files; live tracing and metric streaming for real-time monitoring.
Security

Security applies to every component, not just the perimeter.

  • Encryption at rest: per-mailbox encryption with S/MIME or OpenPGP.
  • Transport security: ACME, DANE, MTA-STS and TLS reporting.
  • Network defence: rate limiting, automated banning, ASN and GeoIP blocking, ACLs and per-account IP restrictions.
  • Memory safety: the server is written in Rust. The codebase has been independently security-audited; the report is published in the Stalwart blog.