We are happy to announce the release of Stalwart Mail Server v0.10.3, which introduces support for AI models —a powerful new feature now available to Enterprise Edition users as well as our GitHub and OpenCollective sponsors. With this feature, Stalwart Mail Server can be integrated with both self-hosted and cloud-based Large Language Models (LLMs), bringing advanced email processing capabilities like never before.

This integration allows you to use AI models for a variety of tasks, including enhanced spam filtering, threat detection, and intelligent email classification. Whether you choose to host your own models with LocalAI or leverage cloud-based services like OpenAI or Anthropic, this release provides the flexibility to incorporate cutting-edge AI into your email infrastructure.

Unlocking the Power of AI​

With the introduction of AI model integration, Stalwart Mail Server can now analyze email content more deeply than traditional filters ever could. For instance, in the realm of spam filtering and threat detection, AI models are highly effective at identifying patterns and detecting malicious or unsolicited content. The system works by analyzing both the subject and body of incoming emails through the lens of an LLM, providing more accurate detection and filtering.

In addition to bolstering security, AI integration enhances email classification. By configuring customized prompts, administrators can instruct AI models to categorize emails based on their content, leading to more precise filtering and organization. This is particularly useful for enterprises managing a high volume of messages that span various topics and departments, as AI-driven filters can quickly and intelligently sort messages into categories like marketing, personal correspondence, or work-related discussions.

The flexibility of using either self-hosted or cloud-based AI models means that Stalwart can be tailored to your infrastructure and performance needs. Self-hosting AI models ensures full control over data and privacy, while cloud-based models offer ease of setup and access to highly optimized, continuously updated language models.

LLMs in Sieve Scripts​

One of the most exciting features of this release is the ability for users and administrators to access AI models directly from Sieve scripts. Stalwart extends the Sieve scripting language by introducing the llm_prompt function, which allows users to send prompts and email content to the AI model for advanced processing.

For example, the following Sieve script demonstrates how an AI model can be used to classify emails into specific folders based on the content:

require ["fileinto", "vnd.stalwart.expressions"];

# Base prompt for email classification
let "prompt" '''You are an AI assistant tasked with classifying personal emails into specific folders. 
Your job is to analyze the email's subject and body, then determine the most appropriate folder for filing. 
Use only the folder names provided in your response.
If the category is not clear, respond with "Inbox".

Classification Rules:
- Family:
   * File here if the message is signed by a Doe family member
   * The recipient's name is John Doe
- Cycling:
   * File here if the message is related to cycling
   * File here if the message mentions the term "MAMIL"
- Work:
   * File here if the message mentions "Dunder Mifflin Paper Company, Inc." or any part of this name
   * File here if the message is related to paper supplies
   * Only classify as Work if it seems to be part of an existing sales thread or directly related to the company's operations
- Junk Mail:
   * File here if the message is trying to sell something and is not work-related
   * Remember that John lives a minimalistic lifestyle and is not interested in purchasing items
- Inbox:
   * Use this if the message doesn't clearly fit into any of the above categories

Analyze the following email and respond with only one of these folder names: Family, Cycling, Work, Junk Mail, or Inbox.
''';

# Prepare the base Subject and Body
let "subject" "thread_name(header.subject)";
let "body" "body.to_text";

# Send the prompt, subject, and body to the AI model
let "llm_response" "llm_prompt('gpt-4', prompt + '\n\nSubject: ' + subject + '\n\n' + body, 0.6)";

# Set the folder name
if eval "contains(['Family', 'Cycling', 'Work', 'Junk Mail'], llm_response)" {
    fileinto "llm_response";
}

This example demonstrates how the llm_prompt function can be used to classify emails into different categories such as Family, Cycling, Work, or Junk Mail based on the content. The AI model analyzes the message’s subject and body according to the classification rules defined in the prompt and returns the most appropriate folder name. The email is then automatically filed into the correct folder, making it easier to organize incoming messages based on their content.

Self-Hosted or Cloud-Based​

With this new feature, Stalwart Mail Server allows for seamless integration with both self-hosted and cloud-based AI models. If you prefer full control over your infrastructure, you can opt to deploy models on your own hardware using solutions like LocalAI. Self-hosting gives you complete ownership over your data and ensures compliance with privacy policies, but it may require significant computational resources, such as GPU acceleration, to maintain high performance.

Alternatively, you can integrate with cloud-based AI providers like OpenAI or Anthropic, which offer access to powerful, pretrained models with minimal setup. Cloud-based models provide cutting-edge language processing capabilities, but you should be aware of potential costs, as these providers typically charge based on the number of tokens processed. Whether you choose self-hosted or cloud-based models, Stalwart gives you the flexibility to tailor the AI integration to your specific needs.

Available for Enterprise Users and Sponsors​

This exciting AI integration feature is exclusively available for Enterprise Edition users as well as GitHub and OpenCollective monthly sponsors. If you want to harness the full potential of AI-powered email processing in Stalwart Mail Server, upgrading to the Enterprise Edition or becoming a sponsor is a great way to access this feature and other advanced capabilities.

Try It Out Today!​

The release of Stalwart Mail Server v0.10.3 marks a major milestone in our journey toward building intelligent, highly customizable email management solutions. By combining traditional email filtering with the power of LLMs, Stalwart gives you the tools to take your email infrastructure to the next level, enhancing security, organization, and automation in ways that were previously impossible. We’re excited to see how you’ll use this new feature to optimize your email workflows!

Today we announce the release of Stalwart Mail Server v0.10.2, and it’s a big one! This version brings full OpenID Connect (OIDC) support, empowering admins and developers to integrate secure authentication and single sign-on (SSO) with modern identity providers. In addition to OIDC, this release introduces OpenID Connect Dynamic Client Registration, OpenID Connect Discovery, and OAuth 2.0 Token Introspection. Let’s dive into what these features are and why they matter.

What is OpenID Connect?​

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users. With OIDC, instead of just authorizing an app to access a resource, the system can also authenticate the user securely. This means users can log in to multiple applications with a single set of credentials, making OIDC ideal for Single Sign-On (SSO) across services.

Why is this important? Because it saves users from password fatigue, reduces login complexity, and centralizes authentication in a secure manner. Stalwart Mail Server’s new OIDC support allows you to authenticate your users either directly through Stalwart as an OpenID Provider or by integrating with third-party OIDC providers like Authentik, Keycloak, or any compliant identity system.

Alongside full OIDC support, Stalwart Mail Server v0.10.2 also introduces several important new features that expand its capabilities:

OpenID Connect Dynamic Client Registration​

Dynamic Client Registration allows clients (applications) to automatically register with the OIDC provider without requiring manual intervention. This feature makes it easier to integrate multiple applications, as clients can dynamically obtain credentials (like client IDs) directly from Stalwart Mail Server. This adds flexibility and reduces administrative overhead.

OpenID Connect Discovery​

With the OpenID Connect Discovery feature, clients can automatically discover the relevant OIDC endpoints and supported capabilities via the /.well-known/openid-configuration endpoint. This simplifies the configuration of OIDC clients, as they don’t need to be manually configured with URLs for token, authorization, and userinfo endpoints — they just query the discovery endpoint and set themselves up!

OAuth 2.0 Token Introspection​

OAuth 2.0 Token Introspection allows resource servers (like APIs or mail servers) to validate access tokens provided by clients. This ensures that the token being used is still active, hasn’t expired, and has the right permissions attached. This is particularly useful for securing interactions between various services while verifying that tokens are still valid.

OpenID Provider or Third-Party OIDC Support​

Stalwart Mail Server v0.10.2 can now act as an OpenID Provider (issuing ID tokens and managing authentication), which means your organization can use it to handle authentication for all your internal applications and services. Alternatively, Stalwart can also integrate with third-party OIDC providers, so you can delegate authentication to systems like Authentik or Auth0, while still using Stalwart to manage your email infrastructure.

This dual functionality gives you the flexibility to choose how you want to manage authentication while taking full advantage of OIDC's security features.

About OAUTHBEARER...​

Now, let’s talk about mail clients and the OAUTHBEARER SASL mechanism. While Stalwart fully supports OIDC, the majority of mainstream mail clients (looking at you, Outlook, Thunderbird, and Apple Mail) still don’t support OAUTHBEARER for OAuth-based authentication. Sure, we’ve done our part by adding OpenID support to Stalwart — now it's up to the mail clients to follow suit and add proper support for OIDC authentication. Maybe one day, we’ll see these clients finally catch up, and we can all enjoy the seamless authentication experience that OIDC offers.

In the meantime, users of these clients will need to continue using App Passwords to access their email accounts. But hey, maybe this is the gentle nudge the developers of these clients need to jump on the OpenID bandwagon!

Try It Out​

Stalwart Mail Server v0.10.2 is available now, so download it, upgrade your server, and start taking advantage of these new features! Whether you’re setting up Stalwart as your OpenID Provider or integrating with a third-party provider, this release gives you the tools to secure authentication with modern standards like OpenID Connect.

Happy mailing and happy authenticating!

We are happy to announce that Stalwart Mail Server 0.10.0 is officially here! This latest release brings some exciting new features to help you manage your email infrastructure more effectively. With multi-tenancy, branding, and a robust roles and permissions system, Stalwart is more powerful and flexible than ever before. Let’s dive into what’s new in this release!

Multi-Tenancy: Streamlined Management​

Multi-tenancy is a game-changer for anyone managing multiple independent organizations on a single instance of Stalwart Mail Server. Whether you’re a hosting provider or an enterprise with multiple departments, tenants allow you to isolate different organizations, each with its own users, groups, mailing lists, and domains.

Each tenant operates within its own secure space, ensuring privacy and separation from other tenants. You can assign disk quotas to control how much storage each tenant can use and limit the number of accounts, groups, and domains they can create. This is perfect for keeping resources in check while maintaining an organized, scalable environment. Imagine a scenario where a tenant is given 100GB of disk space. If the users within that tenant collectively consume all 100GB, the system prevents them from receiving more email, ensuring no one overuses resources.

Multi-tenancy offers security, control, and scalability—all in one package.

Roles & Permissions: Fine-Tuned Access Control​

With the revamped Roles and Permissions system, Stalwart Mail Server 0.10.0 gives you unprecedented control over who can do what in your environment. No more blanket admin accounts! Instead, you can assign specific permissions to individuals, groups, or entire tenants.

Permissions can be bundled into roles, which makes managing access a breeze. Stalwart comes with three built-in roles to get you started: the user role, which grants access to all essential email services; the admin role, which has full control over the system; and the tenant-admin role, which is perfect for tenant or domain administrators, providing just the right amount of access without overstepping into critical system configurations.

This granular permissions model ensures that no one has more access than they need, keeping your system secure while allowing users to perform their required tasks. Whether it’s managing users, updating settings, or overseeing mailing lists, the right permissions are always in the right hands.

Branding: Personalized Web Interface​

Another exciting new feature in Stalwart Mail Server 0.10.0 is branding. This feature allows system administrators to customize the look and feel of the webadmin interface by adding logos specific to each tenant or domain.

When a user logs into the webadmin portal, Stalwart checks the domain associated with the request. If a logo has been set for that domain, it will be displayed. If the domain doesn’t have its own logo but is linked to a tenant that does, the tenant’s logo will be used. If neither the domain nor the tenant has a custom logo, the system defaults to the logo defined in the configuration. If no logo is defined, the trusty Stalwart logo makes an appearance. This feature ensures that your tenants can enjoy a fully branded experience, making the platform feel even more tailored to their organization.

Enterprise-Only Features: Multi-Tenancy & Branding​

It’s important to note that while Roles and Permissions are available in all versions of Stalwart Mail Server, the Multi-tenancy and Branding features are part of the Enterprise package. These advanced tools are designed for organizations with more complex needs, providing flexibility and customization options tailored to large-scale environments.

Support Stalwart: It Costs Less Than Netflix!​

We’ve worked hard to keep Stalwart open and accessible to everyone, but if you want to unlock Enterprise features and support the continued development of Stalwart, please consider subscribing to a Stalwart Enterprise License. It costs less than your Netflix or Spotify Premium subscription and will help us continue building exciting new features, including upcoming developments like CalDAV, CardDAV, WebDAV, and JMAP for contacts, calendars, and tasks.

By subscribing, not only do you unlock advanced functionality, but you also contribute to the growth of a project committed to providing a powerful, open mail server solution for all.

Thank you for being part of the Stalwart community. We hope you enjoy these new features as much as we enjoyed building them, and we look forward to bringing you even more great updates in the future. If you’re interested in learning more about Stalwart Enterprise or obtaining a license, feel free to reach out to us.

Happy mailing!