add: Stalwart Mail app (#3122)

* Add stalwart-mail

* Update apps/stalwart-mail/metadata/description.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* refactor(stalwart-mail): small changes

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Stavros <steveiliop56@gmail.com>

apps/stalwart-mail/config.json

@@ -0,0 +1,42 @@
+{
+  "$schema": "../schema.json",
+  "name": "Stalwart Mail",
+  "available": true,
+  "exposable": true,
+  "tipi_version": 1,
+  "version": "0.7.0",
+  "port": 8677,
+  "id": "stalwart-mail",
+  "categories": [
+    "media",
+    "network",
+    "utilities"
+  ],
+  "description": "Stalwart is a scalable, secure and robust open-source mail server software designed for the 21st century.",
+  "short_desc": "Open-source mail server solution with JMAP, IMAP4, and SMTP support",
+  "author": "Stalwart Labs",
+  "source": "https://github.com/stalwartlabs",
+  "website": "https://stalw.art",
+  "requirements": {
+    "ports": [
+      25,
+      143,
+      465,
+      587,
+      993,
+      4190
+    ]
+  },
+  "form_fields": [
+    {
+      "type": "ip",
+      "label": "Network Interface (default: 0.0.0.0)",
+      "required": false,
+      "env_variable": "NETWORK_INTERFACE"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/stalwart-mail/docker-compose.yml

@@ -0,0 +1,43 @@
+version: "3.7"
+services:
+  stalwart-mail:
+    image: stalwartlabs/mail-server:v0.7.0
+    container_name: stalwart-mail
+    volumes:
+      - ${APP_DATA_DIR}/data:/opt/stalwart-mail
+    restart: unless-stopped
+    networks:
+      - tipi_main_network
+    ports:
+      - ${NETWORK_INTERFACE:-0.0.0.0}:25:25/tcp
+      - ${NETWORK_INTERFACE:-0.0.0.0}:143:143/tcp
+      - ${NETWORK_INTERFACE:-0.0.0.0}:465:465/tcp
+      - ${NETWORK_INTERFACE:-0.0.0.0}:587:587/tcp
+      - ${NETWORK_INTERFACE:-0.0.0.0}:993:993/tcp
+      - ${NETWORK_INTERFACE:-0.0.0.0}:4190:4190/tcp
+      - ${APP_PORT}:8080
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.stalwart-mail-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.stalwart-mail.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.stalwart-mail-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.stalwart-mail-insecure.entrypoints: web
+      traefik.http.routers.stalwart-mail-insecure.service: stalwart-mail
+      traefik.http.routers.stalwart-mail-insecure.middlewares: stalwart-mail-web-redirect
+      # Websecure
+      traefik.http.routers.stalwart-mail.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.stalwart-mail.entrypoints: websecure
+      traefik.http.routers.stalwart-mail.service: stalwart-mail
+      traefik.http.routers.stalwart-mail.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.stalwart-mail-local-insecure.rule: Host(`stalwart-mail.${LOCAL_DOMAIN}`)
+      traefik.http.routers.stalwart-mail-local-insecure.entrypoints: web
+      traefik.http.routers.stalwart-mail-local-insecure.service: stalwart-mail
+      traefik.http.routers.stalwart-mail-local-insecure.middlewares: stalwart-mail-web-redirect
+      # Local domain secure
+      traefik.http.routers.stalwart-mail-local.rule: Host(`stalwart-mail.${LOCAL_DOMAIN}`)
+      traefik.http.routers.stalwart-mail-local.entrypoints: websecure
+      traefik.http.routers.stalwart-mail-local.service: stalwart-mail
+      traefik.http.routers.stalwart-mail-local.tls: true

apps/stalwart-mail/metadata/description.md

@@ -0,0 +1,68 @@
+## Stalwart Mail server
+
+Stalwart is a scalable, secure and robust open-source mail server software designed for the 21st century.
+
+### Admin Password
+
+See [Log in to the web interface](https://stalw.art/docs/install/docker#log-in-to-the-web-interface) to know how to get the admin password.
+
+### Screenshots
+
+<img src="https://github.com/stalwartlabs/mail-server/blob/main/img/screencast-setup.gif?raw=true" alt="Stalwart Mail Server setup screencast"><br>
+
+### Features
+
+**Stalwart Mail Server** is an open-source mail server solution with JMAP, IMAP4, and SMTP support and a wide range of modern features. It is written in Rust and designed to be secure, fast, robust and scalable.
+
+Key features:
+
+- **JMAP** server:
+  - JMAP Core ([RFC 8620](https://datatracker.ietf.org/doc/html/rfc8620))
+  - JMAP Mail ([RFC 8621](https://datatracker.ietf.org/doc/html/rfc8621))
+  - JMAP for Sieve Scripts ([DRAFT-SIEVE-19](https://www.ietf.org/archive/id/draft-ietf-jmap-sieve-19.html))
+  - JMAP over WebSocket ([RFC 8887](https://datatracker.ietf.org/doc/html/rfc8887)), JMAP Blob Management ([RFC 9404](https://www.rfc-editor.org/rfc/rfc9404.html)) and JMAP for Quotas ([RFC 9425](https://www.rfc-editor.org/rfc/rfc9425.html)) extensions.
+- **IMAP4** server:
+  - IMAP4rev2 ([RFC 9051](https://datatracker.ietf.org/doc/html/rfc9051)) full compliance.
+  - IMAP4rev1 ([RFC 3501](https://datatracker.ietf.org/doc/html/rfc3501)) backwards compatible.
+  - ManageSieve ([RFC 5804](https://datatracker.ietf.org/doc/html/rfc5804)) server.
+  - Numerous [extensions](https://stalw.art/docs/development/rfcs#imap4-and-extensions) supported.
+- **SMTP** server:
+  - Built-in [DMARC](https://datatracker.ietf.org/doc/html/rfc7489), [DKIM](https://datatracker.ietf.org/doc/html/rfc6376), [SPF](https://datatracker.ietf.org/doc/html/rfc7208) and [ARC](https://datatracker.ietf.org/doc/html/rfc8617) support for message authentication.
+  - Strong transport security through [DANE](https://datatracker.ietf.org/doc/html/rfc6698), [MTA-STS](https://datatracker.ietf.org/doc/html/rfc8461) and [SMTP TLS](https://datatracker.ietf.org/doc/html/rfc8460) reporting.
+  - Inbound throttling and filtering with granular configuration rules, sieve scripting and milter integration.
+  - Distributed virtual queues with delayed delivery, priority delivery, quotas, routing rules and throttling support.
+  - Envelope rewriting and message modification.
+- **Spam and Phishing** filter:
+  - Comprehensive set of filtering **rules** on par with popular solutions.
+  - Statistical **spam classifier** with automatic training capabilities.
+  - DNS Blocklists (**DNSBLs**) checking of IP addresses, domains, and hashes.
+  - Collaborative digest-based spam filtering with **Pyzor**.
+  - **Phishing** protection against homographic URL attacks, sender spoofing and other techniques.
+  - Trusted **reply** tracking to recognize and prioritize genuine e-mail replies.
+  - Sender **reputation** monitoring by IP address, ASN, domain and email address.
+  - **Greylisting** to temporarily defer unknown senders.
+  - **Spam traps** to set up decoy email addresses that catch and analyze spam.
+- **Flexible and scalable**:
+  - Pluggable storage backends with **RocksDB**, **FoundationDB**, **PostgreSQL**, **mySQL**, **SQLite**, **S3-Compatible**, **Redis** and **ElasticSearch** support.
+  - Built-in, **LDAP** or **SQL** authentication backend support.
+  - Full-text search available in 17 languages.
+  - Disk quotas.
+  - Sieve scripting language with support for all [registered extensions](https://www.iana.org/assignments/sieve-extensions/sieve-extensions.xhtml).
+  - Email aliases, mailing lists, subaddressing and catch-all addresses support.
+  - Integration with **OpenTelemetry** to enable monitoring, tracing, and performance analysis.
+- **Web-based administration**:
+  - Account, domain, group and mailing list management.
+  - SMTP queue management for messages and outbound DMARC and TLS reports.
+  - Report visualization interface for received DMARC, TLS-RPT and Failure (ARF) reports.
+  - Configuration of every aspect of the mail server.
+  - Log viewer with search and filtering capabilities.
+  - Self-service portal for password reset and encryption-at-rest key management.
+- **Secure and robust**:
+  - Encryption at rest with **S/MIME** or **OpenPGP**.
+  - Automatic TLS certificate provisioning with [ACME](https://datatracker.ietf.org/doc/html/rfc8555).
+  - OAuth 2.0 [authorization code](https://www.rfc-editor.org/rfc/rfc8628) and [device authorization](https://www.rfc-editor.org/rfc/rfc8628) flows.
+  - Automated blocking of hosts that cause multiple authentication errors (aka **fail2ban**).
+  - Access Control Lists (ACLs).
+  - Rate limiting.
+  - Security audited (read the [report](https://stalw.art/blog/security-audit)).
+  - Memory safe (thanks to Rust).