Overview
Transport Layer Security (TLS) encrypts data in transit between Stalwart and its peers, keeping mail and management traffic confidential and tamper-evident. TLS is the usual answer to eavesdropping and machine-in-the-middle attacks against mail transport.
Certificates
When TLS is terminated on the server with manually provided certificates, Stalwart parses each certificate at load time and extracts its Subject Alternative Names. The extracted names drive certificate selection during the TLS handshake: the server matches the hostname from the client's Server Name Indication (SNI) extension against the stored SAN list and presents the matching certificate. SNI is what makes it possible to host several domains on a single IP address and still serve the correct certificate for each connection.
ACME
3 items