Your question
In my setup, I will be using Stalwart as a Relay primarily. Mail comes in, is processed for Groups and Lists, and then is redirected to a Primary mail service. However, I’m finding some limitations that are a bit confusing to me.
- Stalwart does not support SRS (Sender Rewrite Scheme) to maintain SPF on redirect / forwarding.
- While this is an ancient solution to the SPF concurrency issue, it works, is simple, and pretty much ubiquitous.
- Stalwart no longer supports ARC signing, only verification.
- ARC was no replacement for SRS, but it is at least recognized and supported by almost every major E-Mail provider in the world, and in most cases where SRS is unavailable, will allow you to forward an e-mail without it being rejected at the destination due to SPF alignment failure.
- Stalwart plans to support DKIMv2 as the long-term solution to the missing SRS and loss of ARC signing.
- This is great news, but does absolutely no good right now, and will be several years before DKIMv2 is implemented by major E-Mail providers, making it relevant and usable as a solution to forwarded and redirected e-mail being able to maintain SPF alignment.
- This leaves an Admin with one final option: use a 3rd party Milter or MTA Hook. Except… Stalwart only supports Milter and MTA Hook calls on the Inbound stages of an SMTP connection and cannot be configured to use Milters / MTA Hooks on the Outbound SMTP service connections.
I would like to request a feature to support configuring Milter and MTA Hooks to be configurable to support either / both Inbound and Outbound SMTP session stages. This can at least allow for a stopgap solution to Forwarding / Redirect failures due to SPF alignment issues.
I accept I may be completely wrong in my assessment here. Stalwart does provide both sender and recipient rewriting as well as script injection. If my understanding of the features of Stalwart is incorrect and these features can be utilized to solve the problem of using Stalwart as a relay, I would appreciate being corrected and shown how the built-in features Stalwart already possesses can be used to address the mail forwarding / redirect SPF problem.
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If I’d prefer a human-only reply, I’ll add the no-ai tag to my topic.
on
Let me look up the current docs on milter/MTA hooks and Sieve scripting to give you an accurate picture.
The current docs don’t cover outbound milter/MTA Hook support, and your assessment appears accurate based on what’s documented. Here’s a summary of what I can confirm from the docs:
-
Milter and MTA Hooks are documented as inbound SMTP pipeline filters. There is no documentation describing outbound (submission/relay) stage milter or MTA Hook invocation. The SMTP pipeline diagram and the milter/MTA Hooks configuration reference only describe inbound processing stages.
-
SRS is not mentioned anywhere in the current docs, confirming there is no built-in SRS support at this time.
-
Your feature request is well-reasoned. Allowing Milter/MTA Hook invocation on the outbound SMTP session stages would be a meaningful stopgap for the forwarding/SPF alignment problem you describe.
Recommendation: This is a feature request that needs Stalwart Labs staff input. The best place to formally track it is the GitHub issue tracker where it can be prioritised and discussed by the developers. Opening an issue there (if one doesn’t already exist) would be the most effective path forward.
A human community member or Stalwart staff will follow up here with any additional clarification on the current scope of milter/MTA Hook support and any workarounds available in the interim.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong. If you found it useful, mention @helpbot in any reply to ask follow-up questions and the bot will respond again.
MTA hooks and Milter filters can be used both for inbound (port 25) and outbound (messages sent by your users over the submissions port). All messages enter the system via either port 25 or the submissions ports 465/567 and filters are available on all SMTP ports.
Mail coming IN via the submission port(s) is not Outbound mail. Outbound would be defined as Mail leaving the Stalwart Mail Server destined for another MTA. Not sure how you validate mail coming IN to the submission port(s) as Outbound, especially if you read my statement in Context. I’m describing using a Milter or MTA Hook to provide SRS services to mail being forwarded or redirected from a Sieve Filter.
Yes, this is not yet supported but it will be soon, see the latest MTA hooks draft.