-
Digital signing required for emails.
-
OTP-based authentication required along with dongle/token-based solution.
-
Sandboxing required for email attachments at gateway level; however, password-protected attachments may not be scanned and this limitation should be clearly highlighted.
-
Quarantine email notification mechanism required for end users.
-
Digital signing of email: yes. Per-user S/MIME signing and encryption is supported (stalw.art/docs/encryption/smime), and DKIM handles domain-level signing.
-
OTP plus dongle/hardware-token login: not natively. Stalwart authenticates with passwords and app passwords and integrates with external identity providers over OAuth/OIDC, so MFA and hardware tokens would be handled by an upstream OIDC provider rather than inside Stalwart.
-
Attachment sandboxing/detonation at the gateway: not provided. There’s spam filtering and you can shell out to an external AV scanner, but no sandbox or detonation; and a password-protected attachment can’t be scanned by any engine, which applies here too.
-
End-user quarantine notifications: there’s no built-in quarantine-digest feature; spam is filed to Junk via Sieve. You could approximate a notification with custom Sieve or a webhook.
What external opensource components can we use to achieve all above requirements from customer? It will be great help if you can please name them. Thanks
Keycloak for IdP and for attachment scanning you can try ClamAV.