Bulwark

Webmail built
for the 21st
century.

Email turned fifty in 2021. Webmail has been frozen in place since Gmail and Outlook drew the map. Bulwark is what mail looks like when someone finally writes it for the decade we're in: open protocol, instant push, your hardware.

Read the docs View source

Backed by

Become a sponsor
Mail · reading view
Bulwark mail reading viewBulwark mail reading view

Email is fifty-four. Webmail doesn't have to be.

Most self-hosted webmail still feels like 2008 because most of it was written then. The protocols caught up in 2019. The web caught up before that. Mail was the last surface waiting; Bulwark is what catching up looks like.

What 2019 changed
  • Push, not pollingServer tells the client when state changes; no 30-second IMAP loop, no idle reconnects.
  • One round-trip per clickMark-read, move, and fetch-next batched into a single JMAP call.
  • Threading at the serverConversations stitched in Stalwart, not reassembled per-render in the browser.
  • Typed across the wireJMAP defines exact response shapes; the client is strict TS, so drift is a compile error.
  • 1971
    first email sent
  • 1996
    Hotmail launches
  • 2008
    Roundcube 0.2
  • 2019
    JMAP standardised
  • 2026
    Bulwark v1

One window. Mail, calendar,
contacts, files; all current.

Everything Stalwart already serves, surfaced through a single window with the fit and finish you stopped expecting from self-hosted software a long time ago.

Mail · reading view
Mail · reading viewMail · reading view
Calendar · month
Calendar · monthCalendar · month
Settings · accounts & signing
Settings · accounts & signingSettings · accounts & signing
Mail · drafting
Mail · draftingMail · drafting
Themes · pick one or write your own
Themes · pick one or write your ownThemes · pick one or write your own
A glimpse of dark mode
A glimpse of dark mode
A glimpse of light mode
A glimpse of light mode

Installing it takes less time
than uninstalling Outlook.

The wizard handles the parts that would otherwise be in a config file. You'll probably spend longer picking a logo on the branding screen than configuring the mail server.

What you get
Mail
threading, unified inbox, full-text search, Sieve filters, S/MIME, templates
Calendar
month / week / day / agenda, recurring events, iMIP invitations, CalDAV subscriptions
Contacts
multiple address books, groups, vCard import / export
Files
Stalwart's JMAP FileNode storage with previews and folder upload
Quick start
  1. Fetch the compose file
    $curl -O https://bulwarkmail.org/compose.yml
  2. Bring the container up
    $docker compose up -d
  3. Open the setup wizard
    $https://mail.example.com
  4. Click through a few screens
    server · auth · security · logging · branding

Fork it, file an issue,
send a patch.

599

“We're writing the webmail we wanted in 2026 and didn't find. Modern protocol, modern tooling, modern UI. Not a SaaS. Not a startup. Not for sale.”

from our contributing guide
1,068
commits
18
languages
Star on GitHub Read the source

Other projects.

Project

bulwark
legacy proxy

JMAP IMAP / SMTP /
ManageSieve / CardDAV
github.com/bulwarkmail/legacy-proxy

bulwark legacy proxy is a translation layer that puts a JMAP for Mail server in front of a classic IMAP / SMTP / ManageSieve / CardDAV stack. It speaks RFC 8620 + RFC 8621 to clients, and standard mailbox protocols to whatever server already holds the user's mail. No new mail store, no migration: the mail keeps living in the existing IMAP server, and a modern JMAP client sees the account as if it were native.

A JMAP client (Bulwark webmail, JMAP-enabled mobile apps, custom tooling) authenticates against this proxy. The proxy holds an IMAP connection open to the real mail server and translates each JMAP method into the equivalent IMAP / SMTP / ManageSieve / CardDAV operation.
Project · Beta

Bulwark
Mobile

React Native · Expo SDK 54 Android shipping · iOS soon
github.com/bulwarkmail/native
Beta · work in progress

Bulwark Mobile is a React Native (Expo SDK 54) client for Bulwark Webmail - a JMAP-based mail, calendar, contacts and Files app, with built-in FCM notifications.

The Android build is on GitHub today. An iOS release will follow once we have the hardware to sign and ship it properly.

Project

Bulwark
Relay

JMAP PushSubscription FCM
one hosted instance for all
github.com/bulwarkmail/relay

Bulwark Relay is a push notification relay for Bulwark Webmail. It terminates JMAP PushSubscription pushes from the user's mail server and forwards them to Firebase Cloud Messaging, so the mobile app wakes up and fetches new mail over its own JMAP connection.

Designed so self-hosters don't need their own Firebase project: a single hosted instance serves every Bulwark client that opts in. The relay never sees mail content - only opaque FCM tokens, state-id hashes, and timing.

Project · Open directory

Bulwark
Extensions.

Plugins + themes · authored in JS, shipped from a manifest
extensions.bulwarkmail.org/

Bulwark Webmail can be extended with two kinds of third-party add-ons. Plugins add hooks, UI buttons, sidebar apps, keyboard shortcuts, and whole new workflows that integrate with the JMAP client. Themes customize fonts, colors, and layouts to reshape the look and feel of the inbox.

Both are published on the Bulwark Extensions directory, which hosts free and open-source extensions that have passed review.

The obvious questions.

Is Bulwark the mail server, or just the front?

Just the front. Stalwart is the server: it stores mail, speaks SMTP, runs spam, holds auth. Bulwark is the JMAP client you point your browser at. You run both, but the heavy lifting lives a layer down.

Why JMAP and not IMAP?

JMAP was designed for the modern web. One TLS connection, push instead of polling, batched mutations, threading on the server. The result is a webmail that feels like a native app instead of a Gmail polyfill.

How is this different from running Roundcube or SOGo?

Bulwark is built fresh for Stalwart and JMAP - no PHP, no plugin-of-plugins archaeology. The codebase is TypeScript and Next.js, the protocol is open, and the surface area is small enough to read in an afternoon.

What does deployment look like?

A docker-compose file with two services - Stalwart and Bulwark - sitting behind your reverse proxy of choice. Caddy, Traefik, nginx; we have working examples for each. Manual install is documented if you prefer.

Will it sit in front of an existing Stalwart deployment?

Yes. Point Bulwark at the JMAP endpoint, set up OAuth or basic auth, and you're done. No data migration, no reformatting of mailboxes; Stalwart stays the source of truth and Bulwark is just another client talking to it.

Is there a hosted version I can try first?

There's a limited demo at demo.bulwarkmail.org - read-only-ish, shared mailbox, reset every hour, kept up to honestly look like the real thing. Beyond that, no hosted tier we run. The project is for people who would rather host their own; a hosted plan would quietly become the thing we're funded by, and we'd rather not. If the demo isn't enough, the container runs locally in ten minutes.

The documentation covers the rest. Or open an issue on GitHub; a person reads every one.

Catch
mail up.

Read the docs View source