Fully independent email with Discourse and Stalwart-mail

Installation
1
troubleshooting

Continuing the discussion from Stalwart-mail+Discourse: POP3 EOF reached (again):

Since @programmerjake is also exploring Discourse ↔ Stalwart-mail, I wanted to ask you whether you’re experiencing TLS errors on SMTPS:

2024-07-01T17:37:49.718793Z DEBUG common::listener: Failed to accept TLS connection: tls handshake eof context="tls" event="error" instance="smtps" protocol=Smtp remote.ip="128.140.68.114"
2024-07-01T17:37:49.899171Z DEBUG common::listener: Failed to accept TLS connection: tls handshake eof context="tls" event="error" instance="smtps" protocol=Smtp remote.ip="128.140.68.114"

On Discourse’s side, there’s an error popup:

ERROR - Net::ReadTimeout with #<TCPSocket:(closed)>

It seems to be related to Ruby’s OpenSSL library not supporting TLSv1.3, but this seems a bit far-fetched since it should be working with TLSv1.2 anyway.

Working installation

Stalwart-mail >= v0.8.3

That’s it, with this release, Stalwart-mail now supports both sending and receiving email with Discourse. :tada:

Stalwart-mail is a single binary mail service that covers all your email needs without the clutter of configuration that we’ve been used to over decades with Postfix + Spamassassin + Dovecot + etc. Here, you setup your installation and have everything ready to go, including full TLS automation with ACME and LetsEncrypt, SPF, DMARC, DKIM, ARC, DANE support out of the box (including reports from and to your domains), TLSA and other DNS records ready to go, auto-configuration and auto-discovery for easy mail client setup, shared folders (via “groups”), aliases, ManageSieve filters on all incoming and outgoing messages at various stages of the process, web administration, 2FA and TOTP support, OAUTH, and many more features. No need to externalize your email anymore!

  1. Use a submission listener on port 587 for SMTP
    1. disable implicit TLS (means: use STARTTLS)
    2. Ensure ignore client order is disabled (either in the defaults or override TLS options of the listerner)
  2. Enable a POP3 listener on port 995 with implicit TLS

Submission Listener settings
Submission Listener settings1028×1611 88.8 KB

Discourse

Configure email normally using 587 for Submission (with STARTTLS) and 995 for POP3s with SSL/TLS.

1 Like
2

So this is an open source alternative to Mailgun and the like? That is starting to look very attractive as most of those services are quite pricey for low volumes.

I take it that it requires its own (virtual) machine. It would be amazing if it could easily run on the same machine as Discourse.

Do you know if one instance of Stalwart Mail could service several Discourse instances?

1 Like
3

Yes, you can support multiple domains easily.

First you add a domain, then it gives you the DNS records to setup the MX (mail exchange). All your domains will be using the same MX.

It should be easy to run Stalwart-mail on the same machine as Discourse. Since both require TLS port 443, you would be using a proxy on that port to send to both services. But it does not make much sense to have one instance per Discourse, it’s better to separate the two, so you can scale up your email infrastructure easily, and cover more needs than just Discourse.

As an indication, I’ve been running Stalwart-mail on a CPX21 (4 GB RAM, 3 x86 AMD vCPUs, 80 GB storage) Hetzner VPS with about 30 accounts over a dozen domains, with full logs on, and it takes 564 MB RAM and 7 GB storage (most of them is the OS). Stalwart-mail claims 184 MB resident RAM (less than 5% of all RAM, and 1.2 GB virtual).

4

I’m using port 587 with STARTTLS and haven’t encountered any errors when testing just now…

also in Stalwart-mail’s logs it seems to be using TLSv1.3 and not running into any errors…I do have a slightly unusual config that I’m testing (using pebble to run a local ACME server and using a .test domain name, but that probably isn’t enough to break/fix anything…)

I’m not using “Override TLS options” in the port 587 listener…

1 Like