Your question
Have you spoken with a lawyer about the licensing of Stalwart?
Currently it’s under the AGPLv3 AND SELv2 according to the README at GitHub.
The GPL family of licenses, including the AGPLv3, have an important line; “You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.” This is in section 10 of the GPL text.
The further restrictions that are in the SELv2 appear to not be allowed if combined with the AGPLv3. Do you mean to say Stalwart is under APGLv3 OR SELv2? Has a lawyer reviewed the combination of these licenses?
This is a great legal question, and the SPDX headers in the source code are key to understanding the intent.
The license identifier used throughout the Stalwart source files is:
SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-SEL
The critical word is OR, not AND. This is the standard SPDX dual-licensing expression. It means the code is available under either the AGPLv3 or the SELv2 – your choice of which license governs your use – not that both licenses apply simultaneously to the same use.
This is a very common pattern for open-core projects (MariaDB, GitLab, etc.). The typical intent is:
- If you use Stalwart under the AGPLv3, you get all the freedoms (and obligations) that license provides.
- If you need the Enterprise features or want to use the code under different terms (e.g., without the AGPL copyleft obligations), you obtain a SELv2 commercial license from Stalwart Labs LLC.
This dual-licensing arrangement is legally distinct from trying to apply both licenses simultaneously to a single use, which is what would create the contradiction you are describing. The SELv2 itself (Section 4.4) explicitly states the Software is “not open source” under that license, which is consistent with it being an alternative to the AGPL, not a supplement to it.
That said, your underlying concern is valid: the README phrasing of “AGPLv3 AND SELv2” can be genuinely confusing, and whether the specific implementation fully avoids GPL compatibility pitfalls is ultimately a legal question. If you want an authoritative answer directly from Stalwart Labs, it would be worth reaching out to them at [email protected] (listed in the license file). A forum bot is not a substitute for their legal team’s explanation or a lawyer’s review.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong.
The SPDX-License-Identifier hopefully is accurate and that would mean that only the README needs an update to mitigate the confusion.