Skip to main content


For distributed and larger-scale implementations, Stalwart Mail Server supports the use of S3-compatible storage services. S3, or Simple Storage Service, is a scalable object storage protocol used by many cloud providers. By using an S3-compatible service, Stalwart can store emails and blobs on remote servers, facilitating large-scale storage management, easy data replication, and backup, making it a viable option for businesses seeking robustness and scalability.


The S3-compatible storage service is configured under the store.<name> section of the configuration file. The following attributes are supported:

  • type: Specifies the type of storage, set to "s3" for S3-compatible storage.
  • bucket: This option is used to specify the S3 bucket where blobs (e-mail messages, Sieve scripts, etc.) will be stored.
  • region: This specifies the geographical region where the bucket resides. This is important for performance and legal considerations, as different regions may have different latency and data sovereignty rules.
  • access-key and secret-key: These two options are used for authentication with the S3 service. The access-key identifies the S3 account, while the secret-key serves as a password.
  • endpoint: This option specifies the network address (hostname and optionally a port) of the S3 service. If you are using a well-known S3 service like Amazon S3, this setting can be left blank, and the endpoint will be derived from the region. For S3-compatible services, you will need to specify the endpoint explicitly.
  • security-token: This is an optional field that is used for temporary credentials, such as those provided by AWS STS (Security Token Service). If you're using permanent AWS IAM user credentials or are interfacing with a storage service that doesn't support STS, this field should be left blank.
  • profile: This optional setting is used when retrieving credentials from a shared credentials file. If specified, the server will use the access key ID, secret access key, and session token (if available) associated with the given profile.
  • timeout: This option defines the maximum amount of time the server will wait for a response from the S3 service before it gives up.


type = "s3"
bucket = "stalwart"
region = "eu-central-1"
access-key = "minioadmin"
secret-key = "minioadmin"
endpoint = "https://myminio:9000"
#security-token = ""
#profile = ""
timeout = "30s"