📄️ Overview
Stalwart Mail Server supports authenticating users against an array of popular backends, facilitating seamless integration with existing user management systems. These include LDAP (Lightweight Directory Access Protocol), suitable for organizations utilizing an LDAP directory for storing user information, and SQL-based databases such as PostgreSQL, MySQL, and SQLite. Additionally, Stalwart provides an internal directory, offering a straightforward and convenient method for user management directly within the mail server. This built-in system simplifies the setup and administration process for organizations of all sizes.
📄️ Security
Rate limiting
📄️ Passwords
In Stalwart Mail Server, passwords for user accounts can be stored either in the internal directory or through external directories such as LDAP or SQL. The server supports multiple password hashing schemes to enhance security, and accounts are able to store multiple password hashes. While it is technically possible to store passwords in plain text, this practice is strongly discouraged due to security risks.
📄️ Two-Factor Authentication
Two-Factor Authentication (2FA) is an additional layer of security used to ensure that individuals trying to gain access to an online account are who they say they are. It typically involves combining two out of three types of credentials: something you know, such as an additional password, a PIN, or the answer to a security question; something you have, such as a physical device like a smartphone, security token, or smart card; and something you are, which involves biometric verification such as a fingerprint, retina scan, or voice recognition.
📄️ App Passwords
Application Passwords are unique passwords that allow users to access their email accounts on devices or applications that do not support Two-Factor Authentication (2FA). These passwords provide a secure way to use legacy mail clients or other applications that do not support the OAUTHBEARER SASL mechanism while maintaining the enhanced security provided by 2FA.