Bulwark Mail
A modern, self-hosted webmail client for Stalwart Mail Server powered by the JMAP protocol.
Upstream project: bulwarkmail/webmail
Overview
Bulwark Mail provides email, calendar, contacts, and file management with features including:
- Email threading and filtering
- S/MIME encryption
- OAuth2/OIDC single sign-on
- Multi-account support
- PWA (Progressive Web App) support
- Unified mailbox
- iMIP calendar invitations
Architecture
Bulwark Mail is a stateless Next.js application that communicates with a Stalwart Mail Server via the JMAP protocol. It does not require its own database or object storage — all data lives in the mail server.
┌──────────────┐ JMAP ┌──────────────────┐
│ Bulwark Mail │ ───────────────── │ Stalwart Mail │
│ (webmail UI) │ │ Server │
└──────────────┘ └──────────────────┘
Prerequisites
- Kubernetes cluster with Gateway API support
- Helm v3.x
- kubectl configured
- A running Stalwart Mail Server instance
- A parent
Gateway(HTTP + HTTPS listeners, TLS configured) — typically from thehiroba-gatewaychart
Quick start
# Core application
helm install bulwark-mail ./helm/base \
--set env[2].value=https://mail.example.com
# Platform dependencies (secrets, observability) — optional
helm install bulwark-mail-platform ./helm/platform
See the per-stack pages for full configuration:
- Helm base chart — Deployment, Service, HTTPRoute, env vars, ingress & security
- Helm platform chart — ExternalSecrets, ServiceMonitor, Grafana dashboards, PrometheusRules