📄️ Overview
Stalwart Mail Server supports authenticating users against an array of popular backends, facilitating seamless integration with existing user management systems. These include LDAP (Lightweight Directory Access Protocol), suitable for organizations utilizing an LDAP directory for storing user information, and SQL-based databases such as PostgreSQL, MySQL, and SQLite. Additionally, Stalwart provides an internal directory, offering a straightforward and convenient method for user management directly within the mail server. This built-in system simplifies the setup and administration process for organizations of all sizes.
🗃️ Directories
6 items
📄️ Users and Groups
As stated previously, Stalwart Mail Server offers the possibility to use either an internal directory or connect to an external directory service.
📄️ Administrators
Administrators play a critical role in the maintenance and management of the system. These privileged accounts are endowed with the ability to perform a wide range of management tasks, which include altering system settings, managing user accounts, and executing maintenance duties. Given the extensive capabilities of administrator accounts, such as deleting mail accounts and undertaking other potentially disruptive actions, it is paramount to ensure the security of their passwords. The integrity and security of the mail server rely heavily on maintaining the confidentiality of administrator credentials, underscoring the necessity of employing strong, unique passwords and regularly updating them to prevent unauthorized access.
📄️ OAuth
OAuth, or Open Authorization, is a standard protocol that provides a method for clients to access server resources on behalf of a user. It acts as an intermediary on behalf of the end-user, providing the service with an access token that authorizes specific account information to be shared. This allows users to grant third-party applications access to their information on other services without sharing their credentials. For security reasons, it is strongly recommended to always use OAuth to
📄️ Security
Rate limiting
📄️ Two-Factor Authentication
Two-Factor Authentication (2FA) is an additional layer of security used to ensure that individuals trying to gain access to an online account are who they say they are. It typically involves combining two out of three types of credentials: something you know, such as an additional password, a PIN, or the answer to a security question; something you have, such as a physical device like a smartphone, security token, or smart card; and something you are, which involves biometric verification such as a fingerprint, retina scan, or voice recognition.
📄️ App Passwords
Application Passwords are unique passwords that allow users to access their email accounts on devices or applications that do not support Two-Factor Authentication (2FA). These passwords provide a secure way to use legacy mail clients or other applications that do not support the OAUTHBEARER SASL mechanism while maintaining the enhanced security provided by 2FA.