infrastructure · devops

Biotact Mail

Self-hosted corporate email for biotact.uz. Stalwart Mail + Snappymail + Caddy. Full auth chain: SPF, DKIM (RSA + Ed25519), DMARC, PTR.

Role

Full-Stack

Period

2025–2026

Status

Production

Biotact Mail is a self-hosted corporate email server for the biotact.uz domain, deployed on a Contabo VPS.

Three containers in Docker Compose: Stalwart Mail Server v0.15.5 (SMTP, IMAP, JMAP, Admin API), Snappymail v2.38.2 (webmail interface), and Caddy 2.11 (reverse proxy with automatic TLS via Let's Encrypt).

Full email authentication chain: SPF with hard fail (-all), dual DKIM signing (RSA-2048 selector 202603r + Ed25519 selector 202603e) — outgoing emails signed with both keys, DMARC with quarantine policy, PTR/rDNS configured at Contabo. Result on mail-tester.com — 8.7/10.

Caddy routes: /admin* and /api/* to Stalwart Admin UI and REST API, /jmap* to JMAP endpoint, /.well-known/* to autoconfig, everything else to Snappymail. DKIM keys stored in RocksDB, account management via REST API.

Key Decisions

Dual DKIM signing — RSA-2048 + Ed25519 for maximum deliverability

SPF hard fail + DMARC quarantine + PTR/rDNS — 8.7/10 on mail-tester.com

Caddy reverse proxy with auto TLS — routes admin, API, JMAP, webmail

Full Docker stack: Stalwart (SMTP/IMAP/JMAP) + Snappymail + Caddy

Tech Stack

Stalwart Snappymail Caddy Docker RocksDB DNS

Gallery

← Prev Project Biotact Next Project → OltinPay