This is awesome to hear, thank you. I have more-or-less figured out how to configure things, and finally found the "local configuration keys" section, but I think I can live with the current setup (mixed toml + db) until Version 1 when I can refactor my configuration. I just installed 0.14 last night and everything went smoothly.
I want to clarify that Stalwart can absolutely be compiled without any proprietary code. All you need to do is omit the Enterprise feature flag during compilation [0], and what you get is a 100% AGPL-3.0 build. The Arch package removal wasn’t because the software suddenly became non-free, but rather due to a packaging requirement: Arch needs a clean separation of the Enterprise code from the source tree, and that’s something we haven’t done yet (it will be implemented as a script). The delay isn’t due to any unwillingness to comply, it’s simply been a matter of prioritization. Over the past few months, the focus was on delivering major features like WebDAV support. That said, I'm still fully committed to resolving the packaging issue because we want Stalwart back in Arch as much as you do.
It’s also worth noting that only about 5% of the codebase is Enterprise, and that small slice helps fund ongoing development and expansion of the team [1]. As much as I'd love to be completely sponsor-funded, the reality is that open source projects still need to cover real-world costs. For what it's worth, Stalwart has received two NLNet grants [2] [3] to support open protocol work, which hopefully reinforces our commitment to open source.
So while the optics of this situation may look rough from the outside, I promise it’s not some “open source in name only” kind of thing. It’s just one of those painful balance acts between building features, maintaining packages, and paying the bills.
And hey, if you're heading back to Maddy, no hard feelings. But the door’s always open if you want to give Stalwart another shot down the road.
As I understand, the AGPLv3 requires the corresponding source code to be provided under the same license, so the Arch guys wanting an AGPLv3 source package isn't just a niche Arch-specific concern or a "packaging issue," but a licensing requirement that can't be ignored or delayed.
> All you need to do is omit the Enterprise feature flag during compilation, and what you get is a 100% AGPL-3.0 build.
Maybe I'm misunderstanding, but my interpretation of this issue[1] is that Stalwart contains AGPLv3 licensed functions that call into the SEL licensed `has_tenant_access` function, among others, and that the affected functions are not conditionally compiled out of the AGPLv3 binaries. @afontenot says on that issue that they don't believe it's "possible to use Stalwart under the AGPL at present." Are they wrong and can that issue be closed?
I am also concerned about the webadmin. A free software program that downloads proprietary code on first start isn't free software in practice, and since there aren't two separate SEL and AGPLv3 licensed builds of the webadmin on GitHub, that must be the case.
> So while the optics of this situation may look rough from the outside, I promise it’s not some “open source in name only” kind of thing. It’s just one of those painful balance acts between building features, maintaining packages, and paying the bills.
I get it, but it's disappointing that AGPLv3 compliance is so low in the list of priorities that this licensing issue has been known about but not solved in 8 months, all while receiving grants intended for free software projects. That balancing act must have included the consideration that the free software community is regularly burnt by rug-pulls (Redis) and trust isn't easily won back once its lost.
> And hey, if you're heading back to Maddy, no hard feelings. But the door’s always open if you want to give Stalwart another shot down the road.
I might. Sorry if I've been harsh, but it's only because Stalwart is a very cool project. A FOSS all-in-one mail server written in a safe language is exactly what email needs, and since learning about it, I've been worried that it's too good to be true. Please don't let it be. I don't think it will gain the momentum to replace Postfix if it can't be packaged in Linux distros due to licensing issues.
I understand your perspective, many open source communities are built on transparency, and it's natural to want to know the people behind a project.
That said, I personally value privacy highly, which is actually one of the main reasons I started Stalwart Mail Server. I don't maintain a personal presence on LinkedIn or other social media platforms, not because I'm trying to be anonymous, but because I prefer to focus on the work rather than promoting myself. I’ve found that platforms like LinkedIn are more noise than signal for me, especially with constant recruiter spam.
While I may not be putting my personal life on display, I’m committed to transparency where it matters most: through the project’s code, documentation, and community engagement. I hope that helps clarify things!
I feel you as I also value my privacy however i believe there is a difference between anonymity and privacy: a completely unknown entity and a person which personal life is not on the internet. There is a lot of trust involved especially with something as important as an email server which is extremely important for businesses.
It's this and the project being maintained by a solo developer (unless it's a pseudonym for multiple people :D) that makes me not want to personally rely on it.
I'm not only here to complain though, it's an awesome project and I find it really impressive for someone to build a mailserver (and other features) from scratch. Thank you for investing time in open source implementations of protocols that run the world.
Follow up questions: What are the thoughts about enterprise and business support? I see that it exists but I believe there is a lot of trust involved ^^. Will there be more developers, open source, knowing the people behind the project and or support people? Do you have any customers today?
Thanks for follow-up. You're absolutely right that there's a distinction between privacy and anonymity. However I just want to clarify that my decision to keep a low personal profile online stems from a deep belief in privacy, not secrecy.
To give you more context about the project: Stalwart Labs was indeed started and is currently led by a single developer: myself. I have over 30 years of experience working with email technologies and have previously founded three email-related companies.
That said, I’m not working entirely alone. While I’m the core developer and founder, there are others involved in Stalwart Labs today handling support, sales, and maintaining smaller parts of the codebase (mostly changes required by clients). My plan is to continue leading development myself until the project reaches version 1.0, which I hope will happen later this year. After that milestone, the goal is to gradually expand the development team, particularly to support work on a Rust-based webmail and calendar interface that will complement the mail server.
Stalwart’s development has been largely self-funded, aside from two NLNet grants. I’ve been growing the team organically and intentionally. While I have been approached by two VC firms, I’ve chosen to decline their offers. Not just to avoid external pressure (and stress), but also because some proposed directions conflicted with promises I’ve made to the community. For example, there have been suggestions to move some open-source features behind a paywall, which I’m against and promised the community never to do.
As for enterprise support, yes, Stalwart Labs offers an enterprise license that includes premium support services. And regarding adoption, I'm happy to say that there are currently a few hundred enterprise clients using Stalwart in production. While I would need the clients' permissions to share their names, I can say that Mozilla Thunderbird is one of them. They’ve publicly announced their upcoming launch of thundermail.com, which is powered by Stalwart.
I hope that gives you more clarity and confidence in the project. Thanks.
It most definitely gives me clarity and confidence in the project! I'm very happy to hear rejections from VC funding. A few hundred enterprise clients is not a small amount at all for a bootstrapped project.
Unsolicited advice from an anonymous entity online ;): Put this information on the website! It hopefully removes any trust issues that people might have (I believe I'm not the only one), it did for me!
I wish you all the best on your endeavors, I'm excited to see what you bring in the future <3
Excited to announce that Encryption at Rest has just been added to the open source Stalwart Mail Server. With this addition, the mail server will now automatically encrypt all incoming plaintext emails, utilizing either OpenPGP or S/MIME, before they are written to disk. Importantly, the keys are owned and controlled by the end user, ensuring that not even system administrators can decrypt these messages.
I'd love to hear your thoughts and feedback. Thanks!
