Skip to content

MtaHook

MtaHook

Section titled “MtaHook”

Defines an MTA hook endpoint for message processing.

This object can be configured from the WebUI under Settings › MTA › Filters › MTA Hooks

Fields

Section titled “Fields”
allowInvalidCerts
Section titled “allowInvalidCerts”

Type: Boolean · default: false

Whether Stalwart should connect to a hook server that has an invalid TLS certificate

enable
Section titled “enable”

Type: Expression · default: {"else":"true"}

Expression that determines whether to enable this hook

Available variables: MtaRcptToVariable.

maxResponseSize
Section titled “maxResponseSize”

Type: Size · default: 52428800

Maximum size, in bytes, of a response that Stalwart will accept from this MTA Hook server

tempFailOnError
Section titled “tempFailOnError”

Type: Boolean · default: true

Whether to respond with a temporary failure (typically a 4xx SMTP status code) when Stalwart encounters an error while communicating with this MTA Hook server

stages
Section titled “stages”

Type: MtaStage[] · default: ["data"]

Which SMTP stages to run this hook on

timeout
Section titled “timeout”

Type: Duration · default: "30s"

Maximum amount of time that Stalwart will wait for a response from this hook server

url
Section titled “url”

Type: Uri · required

URL of the hook endpoint

httpAuth
Section titled “httpAuth”

Type: HttpAuth · required

The type of HTTP authentication to use

httpHeaders
Section titled “httpHeaders”

Type: Map<String, String>

Additional headers to include in HTTP requests

JMAP API

Section titled “JMAP API”

The MtaHook object is available via the urn:stalwart:jmap capability.

x:MtaHook/get

Section titled “x:MtaHook/get”

This is a standard Foo/get method as defined in RFC 8620, Section 5.1.

This method requires the sysMtaHookGet permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:MtaHook/get",
          {
            "ids": [
              "id1"
            ]
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

x:MtaHook/set

Section titled “x:MtaHook/set”

This is a standard Foo/set method as defined in RFC 8620, Section 5.3.

Supports create, update, and destroy operations in a single call.

Create

Section titled “Create”

This operation requires the sysMtaHookCreate permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:MtaHook/set",
          {
            "create": {
              "new1": {
                "httpAuth": {
                  "@type": "Unauthenticated"
                },
                "httpHeaders": {},
                "url": "https://example.com"
              }
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

Update

Section titled “Update”

This operation requires the sysMtaHookUpdate permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:MtaHook/set",
          {
            "update": {
              "id1": {
                "allowInvalidCerts": false
              }
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

Destroy

Section titled “Destroy”

This operation requires the sysMtaHookDestroy permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:MtaHook/set",
          {
            "destroy": [
              "id1"
            ]
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

x:MtaHook/query

Section titled “x:MtaHook/query”

This is a standard Foo/query method as defined in RFC 8620, Section 5.5.

This method requires the sysMtaHookQuery permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:MtaHook/query",
          {
            "filter": {}
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

CLI

Section titled “CLI”

stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.

Fetch

Section titled “Fetch”
Terminal window
stalwart-cli get MtaHook id1

Create

Section titled “Create”
Terminal window
stalwart-cli create MtaHook \
  --field url=https://example.com \
  --field 'httpAuth={"@type":"Unauthenticated"}' \
  --field 'httpHeaders={}'

Query

Section titled “Query”
Terminal window
stalwart-cli query MtaHook

Update

Section titled “Update”
Terminal window
stalwart-cli update MtaHook id1 --field allowInvalidCerts=false

Delete

Section titled “Delete”
Terminal window
stalwart-cli delete MtaHook --ids id1

Nested types

Section titled “Nested types”

Expression

Section titled “Expression”

A conditional expression with match rules and a default value.

match
Section titled “match”

Type: ExpressionMatch[]

List of conditions and their corresponding results

else
Section titled “else”

Type: String · required

Else condition

ExpressionMatch

Section titled “ExpressionMatch”

A single condition-result pair in an expression.

if
Section titled “if”

Type: String · required

If condition

then
Section titled “then”

Type: String · required

Then clause

HttpAuth

Section titled “HttpAuth”

Defines the HTTP authentication method to use for HTTP requests.

  • Unauthenticated: Anonymous. No additional fields.
  • Basic: Basic Authentication. Carries the fields of HttpAuthBasic.
  • Bearer: Bearer Token. Carries the fields of HttpAuthBearer.

HttpAuthBasic

Section titled “HttpAuthBasic”

HTTP Basic authentication credentials.

username
Section titled “username”

Type: String · required

Username for HTTP Basic Authentication

secret
Section titled “secret”

Type: SecretKey · required

Password for HTTP Basic Authentication

SecretKey
Section titled “SecretKey”

A secret value provided directly, from an environment variable, or from a file.

SecretKeyValue
Section titled “SecretKeyValue”

A secret value provided directly.

secret
Section titled “secret”

Type: String · required · secret

Password or secret value

SecretKeyEnvironmentVariable
Section titled “SecretKeyEnvironmentVariable”

A secret value read from an environment variable.

variableName
Section titled “variableName”

Type: String · required

Environment variable name to read the secret from

SecretKeyFile
Section titled “SecretKeyFile”

A secret value read from a file.

filePath
Section titled “filePath”

Type: String · required

File path to read the secret from

HttpAuthBearer

Section titled “HttpAuthBearer”

HTTP Bearer token authentication.

bearerToken
Section titled “bearerToken”

Type: SecretKey · required

Bearer token for HTTP Bearer Authentication

Enums

Section titled “Enums”

MtaStage

Section titled “MtaStage”
ValueLabel
connectConnect
ehloEHLO
authAUTH
mailMAIL FROM
rcptRCPT TO
dataDATA

Expression references

Section titled “Expression references”

The following expression contexts are used by fields on this page: