Integrations

Stalwart connects to the systems you already run.

Stalwart fits into the infrastructure your team already operates, so adopting it is a configuration choice, not a migration. Plug in your existing identity provider, storage, search engine, DNS provider, observability stack and content-filtering tools, then point any standards-compliant mail or calendar client at the server.

Compare editions

Authentication and identity

Built-in directory or your own IdP.

User authentication and authorization can be handled by Stalwart's built-in directory or delegated to an external identity provider. OAuth 2.0 (device flow and authorization code) and OpenID Connect are supported as first-class authentication mechanisms.

LDAP and Active Directory, including OpenLDAP.
OpenID Connect providers (Keycloak, Authentik, generic OIDC).
OAuth 2.0 identity providers.
SQL directories (PostgreSQL, MySQL, MariaDB, SQLite).
Built-in directory for self-managed deployments.

Storage backends

Pick the data store that fits the scale.

The data store keeps structured metadata such as mailboxes, message metadata, ACLs, calendars and contacts. Each backend has different scaling characteristics.

RocksDB, embedded key-value store for single-node deployments.
FoundationDB, recommended for large distributed clusters.
PostgreSQL and AlloyDB.
MySQL and MariaDB (including Galera).
SQLite for evaluation and very small deployments.

Blob storage

Object storage for messages, attachments and shared files.

The blob store holds message bodies, attachments, Sieve scripts and WebDAV files. Stalwart supports the S3 API, Azure Blob and the local filesystem.

Amazon S3, MinIO, GarageHQ, Google Cloud Storage and any other S3-compatible object store.
Azure Blob Storage.
Filesystem.
Sharded blob storage across multiple endpoints.

Full-text search

Search built in, or delegated to a dedicated engine.

Full-text search can run inside Stalwart or be delegated to a dedicated search engine. The internal engine indexes 17 languages with bloom filters; dedicated engines absorb the indexing load when the data store is busy.

Internal full-text engine.
Meilisearch.
Elasticsearch.
OpenSearch.
PostgreSQL.
MySQL / MariaDB.

Cluster coordination

Coordinator-less or one of four backends.

Coordination synchronises state across cluster nodes (mailbox events, blocked IPs, certificate renewals, push notifications). Stalwart can run coordinator-less with peer-to-peer Zenoh or use one of four message backends.

Peer-to-peer over Eclipse Zenoh, with no external coordinator.
Apache Kafka.
Redpanda (Kafka-compatible).
NATS.
Redis.

DNS providers

Automated DNS publishing on every major provider.

With automated DNS management enabled, Stalwart publishes and refreshes MX, SPF, DKIM, DMARC, SRV, CAA, TLSA, MTA-STS, TLS-RPT, autoconfig and autodiscover records directly against a configured DNS provider. The most popular providers are supported out of the box, and self-hosted authoritative servers can be driven via RFC 2136 dynamic updates.

Cloudflare, AWS Route 53, Google Cloud DNS and Azure DNS.
DigitalOcean, OVH, Bunny DNS, Porkbun, DNSimple, Spaceship, deSEC and more.
RFC 2136 dynamic updates with TSIG or SIG(0) for self-hosted authoritative servers (BIND-compatible).

Spam filtering

Built-in spam filtering, plus the tools you already run.

Stalwart's built-in spam filter (statistical classifier, DNSBL, phishing protection, sender reputation, greylisting and spam traps) can be combined with external anti-spam systems through Milter or MTA Hooks.

SpamAssassin via Milter.
RSPAMD via Milter or MTA Hooks.
Pyzor for collaborative digest-based spam detection.
DNSBL providers (Spamhaus, SURBL, URIBL, and any RBL or hashlist that speaks DNS).

Observability

Metrics, logs, traces, webhooks.

Telemetry covers metrics, logs, traces and event-driven webhooks. Stalwart can ship data to OpenTelemetry collectors, expose a Prometheus endpoint, and post webhooks to any HTTP endpoint.

OpenTelemetry exporter for traces, metrics and logs.
Prometheus pull endpoint.
Webhooks for event-driven automation.
journald.
Log files.
Console output.
Live telemetry over Server-Sent Events.
Email and webhook alerts.

Orchestration

Stalwart runs on the major orchestrators.

The orchestrator manages node lifecycle and scaling; the cluster coordination layer keeps nodes in sync.

Mail clients

Anything that speaks JMAP, IMAP or POP3.

Stalwart speaks every standard mail protocol, so any RFC-compliant client works. Automatic account configuration is supported through the IETF UA Autoconfig and Microsoft Autodiscover V2.

Any JMAP for Mail client.
Any IMAP4rev1 or IMAP4rev2 client.
Any POP3 client.
Any ManageSieve client.
Apple Mail.
Mozilla Thunderbird.
Microsoft Outlook.
Mobile clients on iOS and Android via autoconfig.

Calendar and contact clients

CalDAV, CardDAV, WebDAV, and the JMAP equivalents.

CalDAV with scheduling, CardDAV and WebDAV are all supported, alongside the JMAP equivalents. Autoconfig and assisted resource discovery work for CalDAV, CardDAV and WebDAV.

Apple Calendar and Apple Contacts.
Mozilla Thunderbird (TbSync, calendar add-ons).
GNOME Evolution.
KDE Kontact.
Mobile CalDAV / CardDAV clients on iOS and Android.
JMAP for Calendars, Contacts and File Storage clients.

AI providers

LLMs in the spam filter and in Sieve scripts.

LLM-driven spam classifier and an AI-powered Sieve scripting for content analysis. The LLM endpoint is configurable; hosted providers and self-hosted models are both supported.

OpenAI.
Anthropic.
Self-hosted LLM endpoints, including any OpenAI-compatible API.