Stalwart Setup

Bulwark requires a running Stalwart Mail Server with JMAP enabled.

Installing Stalwart

Stalwart offers multiple installation methods depending on your platform and preferences. For the full list of options (Docker, packages, binaries, and building from source), see the official Stalwart installation guide.

Below is a quick-start summary:

Docker

docker run -d \
  --name stalwart \
  -p 443:443 -p 25:25 -p 587:587 -p 993:993 -p 8080:8080 \
  -v stalwart-data:/opt/stalwart-mail \
  stalwartlabs/mail-server:latest

Binary

Download the latest release from Stalwart's GitHub and follow the installation instructions for your platform.

Enabling JMAP

JMAP is enabled by default in Stalwart. Ensure your Stalwart config includes a JMAP listener:

[server.listener.jmap]
bind = ["0.0.0.0:8080"]
protocol = "jmap"

CORS Configuration

When Bulwark runs on a different domain than Stalwart, enable CORS:

[server.http]
allowed-origins = ["https://your-bulwark-domain.com"]

Bulwark automatically detects CORS misconfiguration and displays detailed error messages to help with setup.

Stalwart-Specific Features

When connected to Stalwart, Bulwark enables additional features that require Stalwart's API:

• Password change — Users can change their password from account settings
• TOTP 2FA — Enable/disable two-factor authentication
• Sieve filters — Server-side email filtering via Sieve scripts
• Vacation responder — JMAP VacationResponse management
• Display name management — Update display name from settings
• Storage quota display — Show account storage usage

To explicitly disable these features (e.g., when using a non-Stalwart JMAP server), set:

STALWART_FEATURES=false

Creating Users

Use the Stalwart admin interface or CLI to create mail accounts:

stalwart-cli account create user@example.com --password yourpassword

Testing the Connection

Verify JMAP is working:

curl -s https://your-stalwart-server.com/.well-known/jmap | jq .

You should see a JMAP session resource with capabilities listed.