NetworkListener
NetworkListener
Section titled “NetworkListener”Defines a network listener for accepting incoming connections.
This object can be configured from the WebUI under Settings › Network › Listeners
Fields
Section titled “Fields”Type:
String· read-onlyUnique identifier for the listener
Type:
SocketAddr[]· min items: 1The addresses the listener will bind to
protocol
Section titled “protocol”Type:
NetworkListenerProtocol· default:"smtp"The protocol used by the listener
overrideProxyTrustedNetworks
Section titled “overrideProxyTrustedNetworks”Type:
IpMask[]Enable proxy protocol for connections from these networks
socketBacklog
Section titled “socketBacklog”Type:
UnsignedInt?· default:1024· min: 1The maximum number of incoming connections that can be pending in the backlog queue
socketNoDelay
Section titled “socketNoDelay”Type:
Boolean· default:trueWhether the Nagle algorithm should be disabled for the socket
socketReceiveBufferSize
Section titled “socketReceiveBufferSize”Type:
UnsignedInt?· min: 1The size of the buffer used for receiving data
socketReuseAddress
Section titled “socketReuseAddress”Type:
Boolean· default:trueWhether the socket can be bound to an address that is already in use by another socket
socketReusePort
Section titled “socketReusePort”Type:
Boolean· default:trueWhether multiple sockets can be bound to the same address and port
socketSendBufferSize
Section titled “socketSendBufferSize”Type:
UnsignedInt?· min: 1The size of the buffer used for sending data
socketTosV4
Section titled “socketTosV4”Type:
UnsignedInt?· min: 1The type of service (TOS) value for the socket, which determines the priority of the traffic sent through the socket
socketTtl
Section titled “socketTtl”Type:
UnsignedInt?· min: 1Time-to-live (TTL) value for the socket, which determines how many hops a packet can make before it is discarded
useTls
Section titled “useTls”Type:
Boolean· default:trueWhether to enable TLS for this listener
tlsDisableCipherSuites
Section titled “tlsDisableCipherSuites”Type:
TlsCipherSuite[]Which cipher suites to disable
tlsDisableProtocols
Section titled “tlsDisableProtocols”Type:
TlsVersion[]Which TLS protocols to disable
tlsIgnoreClientOrder
Section titled “tlsIgnoreClientOrder”Type:
Boolean· default:trueWhether to ignore the client’s cipher order
tlsImplicit
Section titled “tlsImplicit”Type:
Boolean· default:falseWhether to use implicit TLS
tlsTimeout
Section titled “tlsTimeout”Type:
Duration?· default:"1m"TLS handshake timeout
maxConnections
Section titled “maxConnections”Type:
UnsignedInt?· default:8192· min: 1The maximum number of concurrent connections the listener will accept
JMAP API
Section titled “JMAP API”The NetworkListener object is available via the urn:stalwart:jmap capability.
x:NetworkListener/get
Section titled “x:NetworkListener/get”This is a standard Foo/get method as defined in RFC 8620, Section 5.1.
This method requires the sysNetworkListenerGet permission.
curl -X POST https://mail.example.com/api \ -H 'Authorization: Bearer $TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "methodCalls": [ [ "x:NetworkListener/get", { "ids": [ "id1" ] }, "c1" ] ], "using": [ "urn:ietf:params:jmap:core", "urn:stalwart:jmap" ] }'x:NetworkListener/set
Section titled “x:NetworkListener/set”This is a standard Foo/set method as defined in RFC 8620, Section 5.3.
Supports create, update, and destroy operations in a single call.
Create
Section titled “Create”This operation requires the sysNetworkListenerCreate permission.
curl -X POST https://mail.example.com/api \ -H 'Authorization: Bearer $TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "methodCalls": [ [ "x:NetworkListener/set", { "create": { "new1": { "bind": {}, "overrideProxyTrustedNetworks": {}, "tlsDisableCipherSuites": {}, "tlsDisableProtocols": {} } } }, "c1" ] ], "using": [ "urn:ietf:params:jmap:core", "urn:stalwart:jmap" ] }'Update
Section titled “Update”This operation requires the sysNetworkListenerUpdate permission.
curl -X POST https://mail.example.com/api \ -H 'Authorization: Bearer $TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "methodCalls": [ [ "x:NetworkListener/set", { "update": { "id1": { "bind": {} } } }, "c1" ] ], "using": [ "urn:ietf:params:jmap:core", "urn:stalwart:jmap" ] }'Destroy
Section titled “Destroy”This operation requires the sysNetworkListenerDestroy permission.
curl -X POST https://mail.example.com/api \ -H 'Authorization: Bearer $TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "methodCalls": [ [ "x:NetworkListener/set", { "destroy": [ "id1" ] }, "c1" ] ], "using": [ "urn:ietf:params:jmap:core", "urn:stalwart:jmap" ] }'x:NetworkListener/query
Section titled “x:NetworkListener/query”This is a standard Foo/query method as defined in RFC 8620, Section 5.5.
This method requires the sysNetworkListenerQuery permission.
curl -X POST https://mail.example.com/api \ -H 'Authorization: Bearer $TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "methodCalls": [ [ "x:NetworkListener/query", { "filter": { "name": "example" } }, "c1" ] ], "using": [ "urn:ietf:params:jmap:core", "urn:stalwart:jmap" ] }'The x:NetworkListener/query filter argument accepts the following conditions (combinable with AnyOf / AllOf / Not per RFC 8620):
| Condition | Kind |
|---|---|
name | text |
stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.
stalwart-cli get NetworkListener id1Create
Section titled “Create”stalwart-cli create NetworkListener \ --field 'bind={}' \ --field 'overrideProxyTrustedNetworks={}' \ --field 'tlsDisableCipherSuites={}' \ --field 'tlsDisableProtocols={}'stalwart-cli query NetworkListenerstalwart-cli query NetworkListener --where name=exampleUpdate
Section titled “Update”stalwart-cli update NetworkListener id1 --field bind='{}'Delete
Section titled “Delete”stalwart-cli delete NetworkListener --ids id1NetworkListenerProtocol
Section titled “NetworkListenerProtocol”| Value | Label |
|---|---|
smtp | SMTP |
lmtp | LMTP |
http | HTTP |
imap | IMAP4 |
pop3 | POP3 |
manageSieve | ManageSieve |
TlsCipherSuite
Section titled “TlsCipherSuite”| Value | Label |
|---|---|
tls13-aes-256-gcm-sha384 | TLS1.3 AES256 GCM SHA384 |
tls13-aes-128-gcm-sha256 | TLS1.3 AES128 GCM SHA256 |
tls13-chacha20-poly1305-sha256 | TLS1.3 CHACHA20 POLY1305 SHA256 |
tls-ecdhe-ecdsa-with-aes-256-gcm-sha384 | ECDHE ECDSA AES256 GCM SHA384 |
tls-ecdhe-ecdsa-with-aes-128-gcm-sha256 | ECDHE ECDSA AES128 GCM SHA256 |
tls-ecdhe-ecdsa-with-chacha20-poly1305-sha256 | ECDHE ECDSA CHACHA20 POLY1305 SHA256 |
tls-ecdhe-rsa-with-aes-256-gcm-sha384 | ECDHE RSA AES256 GCM SHA384 |
tls-ecdhe-rsa-with-aes-128-gcm-sha256 | ECDHE RSA AES128 GCM SHA256 |
tls-ecdhe-rsa-with-chacha20-poly1305-sha256 | ECDHE RSA CHACHA20 POLY1305 SHA256 |
TlsVersion
Section titled “TlsVersion”| Value | Label |
|---|---|
tls12 | TLS version 1.2 |
tls13 | TLS version 1.3 |