Linux / MacOS
Install
Install Stalwart JMAP server by running the following command in your terminal:
curl --proto '=https' --tlsv1.2 -sSf https://jmap.stalw.art/install.sh | sudo sh
Once the installation is completed, Stalwart JMAP will be available under the /usr/local/stalwart-jmap
directory. The installation script will also create the stalwart-jmap account and start the stalwart-jmap systemd/launchd service.
Please note that root access is required to perform the installation, if you don’t feel comfortable running the install script as root you may also download the latest release and perform a manual installation.
Set up
You should now be able to access your Stalwart JMAP web server at https://localhost:8080 (using a self-signed certificate), but
before it can start accepting connections from JMAP clients, you’ll have to configure your hostname and install valid a TLS certificate.
Hostname
Edit the /usr/local/stalwart-jmap/etc/config.yml file and update the jmap-url parameter with the base URL of your JMAP server.
For example, if your JMAP’s server hostname is jmap.example.org then the jmap-url parameter should look like this:
jmap-url: https://jmap.example.org:8080
By default Stalwart JMAP listens for connections on the unprivileged 8080 port. To use a different port, update the jmap-port
parameter in your /usr/local/stalwart-jmap/etc/config.yml file. For example, to use the default HTTPS port 443:
jmap-port: 443
Please note that you’ll have to run Stalwart JMAP as root if you choose a privileged port such as 443.
TLS
Stalwart JMAP requires all HTTP connections to be encrypted over TLS. If you currently don’t have a TLS certificate, you can obtain one for free from Let’s Encrypt. Once you have your certificate ready, copy your certificate and private key to their default locations as follows:
sudo cp mycert.crt /usr/local/stalwart-jmap/etc/certs/jmap.crt
sudo cp mykey.key /usr/local/stalwart-jmap/etc/private/jmap.key
If you already have a proxy such as nginx encrypting incoming HTTP requests, you can disable
TLS encryption on Stalwart JMAP by commenting out the jmap-cert-path and jmap-key-path parameters in your
/usr/local/stalwart-jmap/etc/config.yml file. For example:
#jmap-cert-path: /usr/local/stalwart-jmap/etc/certs/jmap.crt
#jmap-key-path: /usr/local/stalwart-jmap/etc/private/jmap.key
LMTP
In order to be able to receive emails from the outside world, you need to enable the LMTP service and configure your Mail Transport Agent (MTA) to deliver messages to Stalwart JMAP over LMTP. Details on how to configure LMTP can be found on the LMTP section. You may also configure LMTP later and continue with the setup instructions.
SMTP (optional)
The JMAP protocol allows clients to submit e-mail messages for delivery without having to interact with an SMTP server. If you wish to enable this functionality, you’ll have to configure an SMTP relay server. Details on how to configure an SMTP relay server can be found on the SMTP relay section. Additionally, it is recommended that you enable DKIM on all your domain names.
Restart service
Once you have completed the setup instructions, restart your Stalwart JMAP server:
sudo systemctl restart stalwart-jmap
Or, if you are using MacOS:
sudo launchctl kickstart -k stalwart.jmap
If everything is correct, you should now be able to access the OAuth login screen at https://YOUR_HOSTNAME/auth.
Update password
For security reasons, it is very important that you change the default administrator password before your JMAP server starts
accepting connections from the outside world. The default administrator account is admin with password changeme, which can
be changed using the following Stalwart Command Line Interface (CLI) tool command:
/usr/local/stalwart-jmap/bin/stalwart-cli -u https://YOUR_HOSTNAME -c changeme account update admin -p NEW_PASSWORD
Next steps
Now that you have Stalwart JMAP up and running, you can proceed to create accounts for your users or import them from an existing mail server.