8 posts tagged with "server"

Today we announce the release of Stalwart Mail Server version 0.7.2, which now includes support for both DNS-01 and HTTP-01 ACME challenge types. This update marks a significant enhancement in our server's capabilities, addressing one of the most frequent requests from our user community—the inclusion of DNS-01 support for improved domain validation flexibility.

What is ACME?​

The Automated Certificate Management Environment (ACME) protocol is a cornerstone in the world of secure communications. ACME automates the process of certificate issuance, renewal, and revocation, thereby simplifying the management of SSL/TLS certificates. This protocol is not only designed to streamline administrative tasks but also to bolster security measures through rigorous validation mechanisms.

Challenge Types​

Prior to version 0.7.2, Stalwart Mail Server supported only the TLS-ALPN-01 challenge, which utilizes the TLS Application Layer Protocol Negotiation extension for domain validation. This method, while robust, requires port 443 to be open and can limit flexibility for some users and environments.

Recognizing the diverse needs of our users, we have expanded our support to include two additional types of challenges: DNS-01 and HTTP-01. These new features are designed to offer more versatility in how users manage domain validation and certificate issuance.

DNS-01 Challenge​

The DNS-01 challenge validates domain ownership by creating a DNS TXT record. This method is particularly valuable for those needing to issue wildcard certificates, as it allows for the validation of the domain and all its subdomains collectively. It is an ideal choice for users who prefer or require managing their certificates at the DNS level, especially in scenarios where direct web traffic control is not feasible.

HTTP-01 Challenge​

In contrast, the HTTP-01 challenge involves responding to HTTP requests made by the ACME server. This method proves the control over a domain by placing a specific file on the server to be accessed via a standard web path. It is best suited for environments where port 80 is open and accessible. The simplicity of HTTP-01 makes it an attractive option for many administrators, providing an efficient path to compliance without the need for complex DNS configurations.

Benefits​

By integrating DNS-01 and HTTP-01 challenges into Stalwart Mail Server 0.7.2, we are offering our users the flexibility to choose the validation method that best fits their technical requirements and security policies. Whether operating behind a TLS reverse proxy, managing multiple subdomains with a single certificate, or simply seeking a straightforward setup, the expanded challenge options cater to a wider range of use cases.

We are committed to continually improving Stalwart Mail Server to meet the evolving needs of our customers. The inclusion of these new ACME challenges is a direct response to community feedback, and we are excited to see how our users will leverage these new capabilities to enhance their server security and certificate management processes.

Stay tuned for more updates as we keep enhancing our mail server solutions. For detailed information on configuring and using the new challenge types in Stalwart Mail Server 0.7.2, please refer to our updated documentation.

We look forward to your feedback on these new features and to supporting you in your journey to a more secure and efficient server environment!

We're thrilled to announce the release of Stalwart Mail Server version 0.7.0, a significant update that brings a wealth of features and improvements to enhance the performance and manageability of your email services. This release marks a pivotal moment in our journey to provide an email server solution that combines ease of use with robust performance, ensuring that your email infrastructure is both secure and efficient.

Introducing Web-Based Administration​

At the heart of version 0.7.0 is the introduction of a new, web-based administration tool. Developed in Rust, this single-page application (SPA) represents a monumental shift in how you interact with Stalwart Mail Server. Gone are the days of relying on SSH connections or command-line interfaces for routine administration tasks. Now, every aspect of your mail server can be managed from the convenience of a web browser.

The new web administration tool is designed to streamline and simplify the management of your mail server, offering a wide array of features:

• Complete Control Over Accounts and Domains: Easily manage user accounts, domains, groups, and mailing lists, all from a user-friendly interface.
• Advanced Queue Management: Monitor and manage your SMTP queues with ease, including messages and outbound DMARC and TLS reports, ensuring timely delivery and compliance.
• Insightful Report Visualization: Gain valuable insights into your email security with a dedicated interface for visualizing received DMARC, TLS-RPT, and Failure (ARF) reports.
• Full Configuration Flexibility: Adjust and fine-tune every aspect of your mail server settings directly from the webadmin, tailored to meet your specific requirements.
• Enhanced Log Viewing and Searching: Navigate through logs effortlessly with advanced search and filtering capabilities, making it easier to pinpoint issues or monitor activity.
• Self-Service Portal for Users: Empower your users with a self-service portal for password resets and managing encryption-at-rest keys, enhancing security and convenience.

This transformative approach to mail server management not only elevates the administration experience but also significantly reduces the complexity and time required to manage your email infrastructure.

Enhanced Performance and Efficiency​

Beyond management improvements, Stalwart Mail Server 0.7.0 introduces significant performance enhancements to ensure swift and efficient email delivery. A major focus has been placed on optimizing mailbox retrieval speeds to accommodate IMAP clients, particularly those without client-side caching, ensuring that large mailboxes are displayed promptly. This version also integrates automatic compression for messages and binaries stored in the blob store using LZ4, a move that conservatively manages storage space while improving access and transfer speeds. These enhancements collectively ensure that Stalwart Mail Server 0.7.0 delivers unparalleled performance, making it faster and more efficient than ever before.

Embracing the Future​

With the release of version 0.7.0, Stalwart Mail Server sets a new standard for email server solutions. The introduction of a web-based administration tool and significant performance improvements underscore our commitment to innovation and excellence. We invite you to experience the future of email server management and performance with Stalwart Mail Server 0.7.0.

This Valentine's Day, we're not just celebrating love and companionship; we're also celebrating the groundbreaking advancements in the Stalwart Mail Server with the release of version 0.6.0. In a world where reliability and flexibility in mail server management are more critical than ever, Stalwart Mail Server takes a significant leap forward with the introduction of distributed SMTP queues and the integration of expressions in configuration files. Let's delve into how these features transform your mail server experience, making it more robust, efficient, and customizable than ever before.

Distributed SMTP Queues: A Heartbeat of Reliability​

The latest iteration of Stalwart Mail Server introduces a feature that's set to be the cornerstone of reliability and fault tolerance—distributed SMTP queues. Gone are the days when your SMTP queue was confined to the local hard drive, a vulnerability that could lead to data loss or downtime in the event of a server crash. With version 0.6.0, Stalwart Mail Server stores your SMTP queues in the database, a move that not only enhances fault tolerance but also paves the way for queue load distribution across multiple servers in a cluster.

Imagine your mail server as the heart of your organization's communication. Just as the heart's reliability is critical to the body's overall function, so is your SMTP queue's reliability to your organization's communication flow. Distributed SMTP queues ensure that if one server in the cluster experiences issues, the heartbeat of your communication doesn't skip a beat. This feature allows other servers in the cluster to pick up the load, ensuring uninterrupted mail flow and significantly reducing the risk of data loss.

This approach allows for a more balanced and efficient handling of email traffic, making your mail server cluster more resilient to individual failures and capable of handling higher volumes of email more effectively.

Expressions: A Language of Flexibility​

The second headline feature of version 0.6.0 is the support for expressions in configuration files. This addition opens up a new realm of flexibility, allowing you to define complex, dynamic criteria for evaluating and handling email messages based on various attributes, such as recipient, sender, remote IP addresses, and other variables.

With expressions, configuring your Stalwart Mail Server becomes akin to coding the DNA of your mail server's behavior. Whether it's routing, filtering, or processing rules, expressions enable you to tailor the mail server's operations to meet your specific needs with precision and adaptability. Consider a scenario where you want to apply specific actions only to emails from a certain domain or IP range, or perhaps to messages that meet a combination of criteria. With expressions, these complex conditions can be easily defined and integrated into your server's configuration, making it smarter and more aligned with your organizational policies.

Celebrate With Us​

As we release Stalwart Mail Server version 0.6.0 this Valentine's Day, we invite you to celebrate not just a day of love but also a milestone in mail server technology. With distributed SMTP queues and expressions in configuration files, we're not just sending you a token of our affection—we're equipping you with the tools to make your mail server environment more resilient, efficient, and tailored to your needs.

So here's to love, to innovation, and to a future where your mail server's reliability and flexibility are the foundation of your organization's communication success. Happy Valentine's Day, and welcome to the new era of Stalwart Mail Server.

We are excited to announce a significant update to Stalwart Mail Server - the introduction of an integrated fail2ban-like system in our latest version, 0.5.3. This new feature marks an important advancement in our ongoing commitment to providing robust security measures for our users.

Understanding Fail2Ban​

Before diving into the specifics of our new feature, let's revisit what Fail2Ban is. Commonly used in the world of server security, Fail2Ban is an intrusion prevention software that protects servers from brute-force attacks. It operates by monitoring server logs for suspicious activities, like repeated password failures, and responds by blocking the offending IP addresses, typically by updating firewall rules.

Tailored Security​

In Stalwart Mail Server version 0.5.3, we've embraced the core philosophy of Fail2Ban but adapted it to better suit the unique environment of our mail server. Our integrated fail2ban system is designed to enhance security without relying on external Fail2Ban software. It's a part of Stalwart Mail Server, built directly into its architecture.

One key difference in our approach is how we handle the banning of IP addresses. Unlike traditional Fail2Ban that alters firewall rules, our system immediately drops further connections from any banned IP address. This swift action effectively cuts off malicious attempts at their source, ensuring immediate protection.

Fully Integrated​

Another significant aspect of our fail2ban system is its integration across all mail server services. Whether it be JMAP, IMAP, SMTP, or ManageSieve, authentication failures in any of these services contribute to the ban threshold. This comprehensive coverage ensures that the security of one service is not compromised at the expense of another.

Advanced Tracking Beyond IP Addresses​

A standout feature of our fail2ban system is its ability to track authentication failures not only by IP address but also by login name. This is particularly vital in defending against distributed brute-force attacks, where attackers might use numerous IP addresses to target a single account. Our system intelligently identifies such patterns and, after a certain number of failed attempts, blocks further authentication efforts for that account, regardless of the IP used. This means that an attacker cannot simply hop IP addresses to bypass security measures.

Conclusion​

The introduction of this integrated fail2ban system in version 0.5.3 is a testament to our dedication to providing top-tier security for our users. This advanced security feature is meticulously designed to address and neutralize a wide array of cyber threats, especially sophisticated brute-force attacks.

We are proud to bring this new level of security to Stalwart Mail Server. This update reflects our ongoing commitment to adapting and evolving in the face of emerging cyber threats. With the integration of our fail2ban system, Stalwart Mail Server version 0.5.3 stands as a more secure, reliable, and resilient solution for your email server needs.

Stay tuned for more updates and features as we continue to enhance and refine Stalwart Mail Server. Your security is our priority, and we are dedicated to providing you with the best tools to protect it.

E-mail filtering is a crucial part of any modern mail server and, for this reason, we're excited to announce the addition of Milter support to the Stalwart Mail Server. This update, driven by user feedback, allows the integration of both new and old Milter filters, supporting versions 2 and 6, which expands the server's capabilities in inspecting, filtering, or modifying emails during processing.

A milter, or "mail filter", is an extension to mail servers based on the Sendmail protocol. Milters allow third-party software to access mail messages as they are being processed in order to filter, modify, or annotate them. By using Milters, a mail server can utilize a variety of functionalities such as spam filtering, virus scanning, and other types of mail processing, beyond what is built into the mail server itself. Milters operate at the SMTP protocol level, which means they have access to both the SMTP envelope and the message contents.

This new feature not only responds to our users' needs but also ensures that Stalwart can work seamlessly with any existing setup. Whether you are seeking better spam protection, antivirus measures, or implementing specific processing rules, milter filtering has got you covered.

Learn more about milter filters and how to set them up in our documentation.

We're thrilled to announce the release of Stalwart Mail Server, our biggest leap forward yet. This version combines the powerful capabilities of Stalwart JMAP, Stalwart IMAP, and Stalwart SMTP servers into one easy-to-install binary, offering you a unified, highly efficient mail server solution.

Here are some of the exciting new features:

• LDAP and SQL authentication support was added, giving you more flexibility and options to integrate Stalwart with your existing infrastructure.
• We've incorporated support for disk quotas to provide better control over your storage resources.
• Subaddressing and catch-all addresses are now supported. These features make the email handling process more flexible and efficient.
• Storage options have been extended with the inclusion of S3-compatible storage. Now you can store your emails and blobs using reliable and scalable solutions such as MinIO, Amazon S3, or Google Cloud Storage.
• In response to user feedback, we've replaced RocksDB with SQLite. Our community told us they wanted an open, trusted database technology with easier access to their data, and we listened!
• For those operating in distributed environments, you can now opt for the FoundationDB backend, supporting millions of users without sacrificing performance.
• Stalwart IMAP is no longer an IMAP-to-JMAP proxy, instead, it now provides direct access to the message store. This significant change has brought a tremendous improvement in performance, reducing latency, and making your mail operations faster than ever.
• We've also made significant strides in enhancing performance by rewriting the JMAP protocol parser and the storage API.
• Lastly, we've made the decision to switch from Actix Web Server to Hyper. This change has allowed us to reduce memory footprint and increase performance, resulting in a more optimized and efficient mail server.

With Stalwart Mail Server, we're delivering a more unified, powerful, and efficient solution that meets your growing email infrastructure needs. We're excited to see how you'll leverage these new capabilities, and as always, we're here to support you every step of the way!

Sieve (RFC5228) is a scripting language for filtering email messages at or around the time of final delivery. It is suitable for running on a mail server where users may not be allowed to execute arbitrary programs as it has no user-controlled loops or the ability to run external programs. Sieve is a data-driven programming language, similar to earlier email filtering languages such as procmail and maildrop, and earlier line-oriented languages such as sed and AWK: it specifies conditions to match and actions to take on matching.

Today Stalwart JMAP v0.2 was released including support for the for JMAP for Sieve Scripts draft. Additionally, ManageSieve support was added to Stalwart IMAP v0.2.

Stalwart JMAP safely runs Sieve scripts in a controlled sandbox that ensures that programs do not exceed or abuse their allocated system resources.

Unlike other mail servers that offer limited support for Sieve extensions, Stalwart JMAP supports all existing Sieve extensions including:

• RFC 5228 — Sieve: An Email Filtering Language
• RFC 3894 — Copying Without Side Effects
• RFC 5173 — Body Extension
• RFC 5183 — Environment Extension
• RFC 5229 — Variables Extension
• RFC 5230 — Vacation Extension
• RFC 5231 — Relational Extension
• RFC 5232 — Imap4flags Extension
• RFC 5233 — Subaddress Extension
• RFC 5235 — Spamtest and Virustest Extensions
• RFC 5260 — Date and Index Extensions
• RFC 5293 — Editheader Extension
• RFC 5429 — Reject and Extended Reject Extensions
• RFC 5435 — Extension for Notifications
• RFC 5463 — Ihave Extension
• RFC 5490 — Extensions for Checking Mailbox Status and Accessing Mailbox Metadata
• RFC 5703 — MIME Part Tests, Iteration, Extraction, Replacement, and Enclosure
• RFC 6009 — Delivery Status Notifications and Deliver-By Extensions
• RFC 6131 — Sieve Vacation Extension: “Seconds” Parameter
• RFC 6134 — Externally Stored Lists
• RFC 6558 — Converting Messages before Delivery
• RFC 6609 — Include Extension
• RFC 7352 — Detecting Duplicate Deliveries
• RFC 8579 — Delivering to Special-Use Mailboxes
• RFC 8580 — File Carbon Copy (FCC)
• RFC 9042 — Delivery by MAILBOXID
• REGEX-01 — Regular Expression Extension (draft-ietf-sieve-regex-01)

We are happy to announce Stalwart JMAP, an open-source JSON Meta Application Protocol server written in Rust that aims to be scalable, robust and secure.

Some of its key features are:

• JMAP Core, JMAP Mail and JMAP over WebSocket full compliance.
• IMAP4 rev2/1 support via Stalwart IMAP, an imap-to-jmap proxy.
• Scalable and fault tolerant: consensus over Raft, node autodiscovery over gossip and read-only replicas.
• RocksDB backend with full-text search support in 17 languages.
• OAuth 2.0 authorization code and device authorization flows.
• Domain Keys Identified Mail (DKIM) message signing.
• Written in Rust.
• No third-party software required to run or scale.

Currently Stalwart JMAP requires an SMTP server such as Postfix in order to receive e-mails. However, the next item on the roadmap is to release an SMTP server in Rust with the goal of making self-hosting an e-mail server much simpler without sacrificing any security.