Linux / MacOS


Install Stalwart JMAP server by running the following command in your terminal:

curl --proto '=https' --tlsv1.2 -sSf | sudo sh

Once the installation is completed, Stalwart JMAP will be available under the /usr/local/stalwart-jmap directory. The installation script will also create the stalwart-jmap account and start the stalwart-jmap systemd/launchd service.

Please note that root access is required to perform the installation, if you don’t feel comfortable running the install script as root you may also download the latest release and perform a manual installation.

Set up

You should now be able to access your Stalwart JMAP web server at https://localhost:8080 (using a self-signed certificate), but before it can start accepting connections from JMAP clients, you’ll have to configure your hostname and install valid a TLS certificate.


Edit the /usr/local/stalwart-jmap/etc/config.yml file and update the jmap-url parameter with the base URL of your JMAP server. For example, if your JMAP’s server hostname is then the jmap-url parameter should look like this:


By default Stalwart JMAP listens for connections on the unprivileged 8080 port. To use a different port, update the jmap-port parameter in your /usr/local/stalwart-jmap/etc/config.yml file. For example, to use the default HTTPS port 443:

jmap-port: 443

Please note that you’ll have to run Stalwart JMAP as root if you choose a privileged port such as 443.


Stalwart JMAP requires all HTTP connections to be encrypted over TLS. If you currently don’t have a TLS certificate, you can obtain one for free from Let’s Encrypt. Once you have your certificate ready, copy your certificate and private key to their default locations as follows:

sudo cp mycert.crt /usr/local/stalwart-jmap/etc/certs/jmap.crt
sudo cp mykey.key /usr/local/stalwart-jmap/etc/private/jmap.key

If you already have a proxy such as nginx encrypting incoming HTTP requests, you can disable TLS encryption on Stalwart JMAP by commenting out the jmap-cert-path and jmap-key-path parameters in your /usr/local/stalwart-jmap/etc/config.yml file. For example:

#jmap-cert-path: /usr/local/stalwart-jmap/etc/certs/jmap.crt
#jmap-key-path: /usr/local/stalwart-jmap/etc/private/jmap.key


In order to be able to receive emails from the outside world, you need to enable the LMTP service and configure your Mail Transport Agent (MTA) to deliver messages to Stalwart JMAP over LMTP. Details on how to configure LMTP can be found on the LMTP section. You may also configure LMTP later and continue with the setup instructions.

SMTP (optional)

The JMAP protocol allows clients to submit e-mail messages for delivery without having to interact with an SMTP server. If you wish to enable this functionality, you’ll have to configure an SMTP relay server. Details on how to configure an SMTP relay server can be found on the SMTP relay section. Additionally, it is recommended that you enable DKIM on all your domain names.

Restart service

Once you have completed the setup instructions, restart your Stalwart JMAP server:

sudo systemctl restart stalwart-jmap

Or, if you are using MacOS:

sudo launchctl kickstart -k stalwart.jmap

If everything is correct, you should now be able to access the OAuth login screen at https://YOUR_HOSTNAME/auth.

Update password

For security reasons, it is very important that you change the default administrator password before your JMAP server starts accepting connections from the outside world. The default administrator account is admin with password changeme, which can be changed using the following Stalwart Command Line Interface (CLI) tool command:

/usr/local/stalwart-jmap/bin/stalwart-cli -u https://YOUR_HOSTNAME -c changeme account update admin -p NEW_PASSWORD

Next steps

Now that you have Stalwart JMAP up and running, you can proceed to create accounts for your users or import them from an existing mail server.