Strapmail Documentation

Mail Configuration

SMTP Configuration

The SMTP protocol is used to send outgoing mail, as well as between mail relays (called MTA = Mail Transfer Agent). Historically, SMTP used port 25 without encryption. When TLS emerged:

  1. An initial approach was to create a new port dedicated to encrypted SMTP: 465.
  2. Later, the STARTTLS extension was standardized, allowing encryption to be added to a standard SMTP connection. Port 587 then became the recommended port for clients to submit emails.

This evolution created a transition period where both mechanisms coexisted.

  • Outgoing SMTP Server: mail.strapmail.com
  • Port: 587 + STARTTLS is the recommended standard. However, you can also use port 465.
  • TLS/SSL: enabled (required)
  • Authentication: your full email address (bob@domain.tld) and your password

Incoming Configuration

IMAP, JMAP, and POP3 protocols are used to read your incoming mail:

  • The POP3 protocol downloads your emails and deletes them from the server. Given that this mode of operation is no longer suitable for using multiple computers and smartphones, Strapmail does not offer it and recommends you use IMAP or JMAP.
  • The IMAP protocol reads your emails from the IMAP server and only keeps a temporary copy. When you delete an email and empty the trash, it is deleted from the server.
  • The JMAP protocol is a more modern version of the IMAP protocol that reduces network traffic and conserves your smartphone's battery.

IMAP Configuration

  • IMAPS Server: mail.strapmail.com
  • Port: 995
  • TLS/SSL: enabled (required)
  • Authentication: your full email address (bob@domain.tld) and your password

JMAP Configuration

  • JMAP Server: jmap.strapmail.com
  • Port: 443
  • TLS/SSL: enabled (required)
  • Authentication: your full email address (bob@domain.tld) and your password

DNS Configuration

Purchasing a PRO subscription requires you to be the administrator of your own DNS domain. If you do not yet have a DNS domain name, you can purchase one from the following hosts (non-exhaustive list and no commercial relationship):

If your DNS domain already hosts a mail server (presence of MX records), you must add the following TXT record to your domain before you can purchase a PRO subscription:

TXT strapmail-verification=123e4567-e89b-12d3-a456-426655440000

Note: If your DNS domain does not yet host a mail server, you can directly configure Strapmail's MX and TXT records to allow the purchase of a PRO subscription.

Once you have subscribed to one or more Strapmail mailboxes with your DNS domain, you must add the following records (which will cancel and replace any existing MX records). Adding these records will effectively route mail from your DNS domain to Strapmail's servers.

MX 10 mxa.strapmail.com.
MX 20 mxb.strapmail.com.
TXT v=spf1 include:_spf.strapmail.com ?all

Note: The TXT record is an SPF (Sender Policy Framework) record that specifies which IP addresses are authorized to send emails on behalf of your DNS domain. These are the IP addresses of the Strapmail servers. Since there can only be one SPF record per domain, this record cancels and replaces any existing SPF record.

To facilitate automatic configuration of your mail clients, we also recommend adding the following records:

_imaps._tcp 10800 IN SRV 0 1 993 mail.strapmail.com.
_jmap._tcp 10800 IN SRV 0 1 443 jmap.strapmail.com.
_submission._tcp 10800 IN SRV 0 1 587 mail.strapmail.com.
autoconfig.strapmail.com. 10800 IN CNAME mail.strapmail.com.
autodiscover.strapmail.com. 10800 IN CNAME mail.strapmail.com.

S/MIME Encryption

Automatic S/MIME encryption of incoming mail guarantees the confidentiality of emails stored on Strapmail servers. These emails can only be decrypted on mail clients where you have installed your SMIME certificate and its private key.

If you wish to exchange S/MIME messages with users, we recommend purchasing an S/MIME certificate for this purpose.

Installing the SMIME Certificate

  1. In your mailbox administration page, click on encryption.
  2. Enter the list of recipients whose incoming messages will be automatically encrypted. You can enter a list of addresses, or use a pattern like .*@company.com to encrypt all mail from the company.com domain.
Test your configuration

Strapmail recommends initially configuring your own email address to verify that you are technically able to decrypt automatically encrypted emails. Otherwise, Strapmail will not be able to decrypt your emails, and they will be "lost". Once this verification is done, you can expand this list.

  1. Copy the certificate chain in PEM format.
PKS12 File

If you have a PKCS12 file (extension .p12 or .pfx) containing your SMIME certificate, you can use the following command to extract the certificate chain to be installed on the Strapmail server.

openssl pkcs12 -in ficher.p12 -info fichier.p12

Generating the SMIME Certificate

SMIME Certificate

If you wish to sign your emails, Strapmail recommends purchasing an S/MIME certificate recognized by mail clients by contacting, for example, the following providers (non-exhaustive list and no commercial relationship):

Strapmail offers the ability to generate your S/MIME certificate from a key pair generated on your computer. This certificate will not be automatically recognized by your correspondents but is perfectly suitable for encrypting your emails.

In detail:

  1. Your web browser generates a key pair (asymmetric key pair) and sends a certificate signing request (CSR in PKCS10 format).
  2. The Strapmail server generates an S/MIME certificate and returns the associated certificate chain.
  3. Your browser creates a .p12 file (PKCS12) containing your private key and your S/MIME certificate.
  4. You must install this S/MIME certificate in your mail clients to be able to decrypt emails automatically encrypted by Strapmail for the list of senders you have defined.
Protect your private key

If you lose the private key associated with this S/MIME certificate, Strapmail will never be able to decrypt your emails for you. Therefore, be particularly careful to back up this PKCS12 file (extension .p12 or .pfx) as well as the password that allows you to read it.

SIEVE Filters

SIEVE filters are mail filters that execute on the mail server, even when your mail clients are not connected. They allow you to sort or flag your messages according to your criteria.

Supported SIEVE Extensions:

Extension Function
fileinto Place a message in a specific folder. (RFC 5228)
reject Reject a message with an SMTP reply. (RFC 5429)
vacation Automatic out-of-office reply. (RFC 5230)
envelope Test SMTP envelope addresses (MAIL FROM, RCPT TO). (RFC 5228)
body Filter based on message body content. (RFC 5173)
i;ascii-numeric ASCII numeric comparator for relational tests. (RFC 4790)
log Non-standard extension for logging actions/rules.

Example SIEVE script:

require ["fileinto", "vacation", "envelope", "body"];

if envelope :is "to" "sales@example.com" {
    fileinto "Sales";
    stop;
}

if body :contains "bitcoin" {
    fileinto "Crypto";
    stop;
}

if header :contains "Subject" "[SPAM]" {
    fileinto "Spam";
    stop;
}

vacation
  :days 7
  "I am out of office this week.";

Technical Limitations

  • Maximum message size: 25MB
  • Maximum number of recipients per message: 40