ERROR - Net::ReadTimeout with #<TCPSocket:(closed)>
It seems to be related to Ruby’s OpenSSL library not supporting TLSv1.3, but this seems a bit far-fetched since it should be working with TLSv1.2 anyway.
That’s it, with this release, Stalwart-mail now supports both sending and receiving email with Discourse.
Stalwart-mail is a single binary mail service that covers all your email needs without the clutter of configuration that we’ve been used to over decades with Postfix + Spamassassin + Dovecot + etc. Here, you setup your installation and have everything ready to go, including full TLS automation with ACME and LetsEncrypt, SPF, DMARC, DKIM, ARC, DANE support out of the box (including reports from and to your domains), TLSA and other DNS records ready to go, auto-configuration and auto-discovery for easy mail client setup, shared folders (via “groups”), aliases, ManageSieve filters on all incoming and outgoing messages at various stages of the process, web administration, 2FA and TOTP support, OAUTH, and many more features. No need to externalize your email anymore!
Use a submission listener on port 587 for SMTP
disable implicit TLS (means: use STARTTLS)
Ensure ignore client order is disabled (either in the defaults or override TLS options of the listerner)
Enable a POP3 listener on port 995 with implicit TLS
So this is an open source alternative to Mailgun and the like? That is starting to look very attractive as most of those services are quite pricey for low volumes.
I take it that it requires its own (virtual) machine. It would be amazing if it could easily run on the same machine as Discourse.
Do you know if one instance of Stalwart Mail could service several Discourse instances?
First you add a domain, then it gives you the DNS records to setup the MX (mail exchange). All your domains will be using the same MX.
It should be easy to run Stalwart-mail on the same machine as Discourse. Since both require TLS port 443, you would be using a proxy on that port to send to both services. But it does not make much sense to have one instance per Discourse, it’s better to separate the two, so you can scale up your email infrastructure easily, and cover more needs than just Discourse.
As an indication, I’ve been running Stalwart-mail on a CPX21 (4 GB RAM, 3 x86 AMD vCPUs, 80 GB storage) Hetzner VPS with about 30 accounts over a dozen domains, with full logs on, and it takes 564 MB RAM and 7 GB storage (most of them is the OS). Stalwart-mail claims 184 MB resident RAM (less than 5% of all RAM, and 1.2 GB virtual).
I’m using port 587 with STARTTLS and haven’t encountered any errors when testing just now…
also in Stalwart-mail’s logs it seems to be using TLSv1.3 and not running into any errors…I do have a slightly unusual config that I’m testing (using pebble to run a local ACME server and using a .test domain name, but that probably isn’t enough to break/fix anything…)
I’m not using “Override TLS options” in the port 587 listener…
I’ve been using Stalwart-mail with discourse exclusively for the past months, and it works like a charm. I can now use both Submission (port 587 with STARTTLS) and Submissions (port 465 with TLS). No special configuration or setup involved.
Careful though, setting up a domain DNS records is a two-step process.
First, you add a domain name in the Directory. This gives you resource records to add in your DNS zone file.
Once your DNS is updated, you create a TLS provider for that domain. You should add the following hostnames: mail, autoconfig, autodiscover, and mta-tls (with your domain appended, e.g., mail.example.org).[1]
After a period (seconds to minutes), the internal ACME provider will pick up the changes and obtain TLS certificates. At this point, the domain configuration will have updated the records: pick the _mta-tls RR with the new id, and all the _tlsa records, add them to your zone file, and your good to go.
Stalwart-mail now comes with very powerful spam filter and integrated fail2ban functionality (banning IP addresses that failed authentication or requested bogus URIs).
note that for a minimal Stalwart-mail + Discourse setup, you probably don´t need autoconfig nor autodiscover since those are useful with IMAP clients. ↩︎
