Twake Login Fails with 'Failed to Fetch' When Using Stalwart Mail #1918
Replies: 13 comments 3 replies
-
|
Hi, Are you able to access your account with IMAP clients? Also, have you tried using other JMAP clients such as Mailtemi or Ltt.rs? |
Beta Was this translation helpful? Give feedback.
-
|
HI mdecimus I hope this message finds you well. We’ve been working on deploying Stalwart Mail alongside Twake, with the goal of enabling webmail access. However, we run into some persistent issues connecting Twake to the JMAP endpoint. Despite thoroughly reviewing the configuration, the problem remains unresolved. We’ve reached out to the Twake developers for further assistance on that front. In the meantime, our team has decided to prioritize getting Stalwart Mail properly integrated with Keycloak for 10 users. Rather than continuing to troubleshoot this internally, we’d prefer to have it set up directly by your team. Could you please share:
We’re eager to get this integration up and running smoothly, and we would greatly appreciate your support in making it happen. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, Unfortunately we are are not able to offer remote configuration services at this moment. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, |
Beta Was this translation helpful? Give feedback.
-
|
Looks like Twake has their own backend, what is your interest to use Stalwart as Twake backend? Even JMAP is a standard, did you consider the cost to make changes to both Twake and Stalwart to let them work smoothly together? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, My main interest is not to replace Twake’s backend but simply to use Twake as the webmail/UI while Stalwart handles the backend mail services. I understand there may be adjustments needed, but at this stage my priority is just to get them working together in a basic, stable way. |
Beta Was this translation helpful? Give feedback.
-
|
Hi,
Thank you for your response. To clarify, our intention is to use Twake only
as the webmail/UI, with Stalwart serving as the backend. We understand that
integration may require some adjustments, and we’re open to working
together to make this possible.
We’d greatly appreciate any support or guidance you can provide, and we’re
also available for a Zoom call at your convenience to discuss how best to
move forward.
…On Fri, Aug 22, 2025 at 11:24 AM 9to1url ***@***.***> wrote:
Looks like Twake has their own backend, what is your interest to use
Stalwart as Twake backend? Even JMAP is a standard, did you consider the
cost to make changes to both Twake and Stalwart to let them work smoothly
together?
—
Reply to this email directly, view it on GitHub
<#1918 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BQANAMY33EF2CUBLYX5KE6L3O3VWJAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMJYHA2DKNA>
.
You are receiving this because you modified the open/close state.Message
ID: ***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
|
Hi
please could you kindly let me know what services or support options your
team currently offers
…On Sat, Aug 9, 2025 at 8:39 PM Maurus Decimus ***@***.***> wrote:
Hi,
Unfortunately we are are not able to offer remote configuration services
at this moment.
—
Reply to this email directly, view it on GitHub
<#1918 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BQANAMZCBIJKUZ2MU4EJAYL3MZE5VAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMBVHEYTONQ>
.
You are receiving this because you modified the open/close state.Message
ID: ***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
|
Hi @Nweke-cloud -- I'm sorry but I am not familiar with TWake and can't assist you. Try contacting the TWake team to see if they can help you. |
Beta Was this translation helpful? Give feedback.
-
|
Hi,
Thanks a lot for your reply. My main goal is simply to have a working
webmail or UI connected with Stalwart. Could you please point me in the
right direction on what webmail client or server you recommend or currently
use with Stalwart?
I don’t want to force Twake if it’s not the best fit, so any guidance from
your side would really help me move forward.
thanks.
…On Wed, Aug 27, 2025 at 5:56 PM Maurus Decimus ***@***.***> wrote:
Hi @Nweke-cloud <https://github.com/Nweke-cloud> -- I'm sorry but I am
not familiar with TWake and can't assist you. Try contacting the TWake team
to see if they can help you.
—
Reply to this email directly, view it on GitHub
<#1918 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BQANAM3P5GHMSP3I4YPK7AT3PXPNPAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMRTGU3DGOA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Hi, I've been using twake with stalwart and it works fine, so far with only two limitations:
did you properly configure the jmap url for your stalwart email in twake? Checkout the dev console network tab, it should have a request (assuming mail.example.org is your stalwart server) https://mail.example.org/.well-known/openid-configuration do you see it? you should have a network request failing, it will help you figure out when the connection fails between the webmail and the mail |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I have stalwart working fine with imap (using snappymail webmail client). I have been trying to make twake work with stalwart mail as OIDC provider and mail server, but not working. When https://jmap.mydomain/.well-known/openid-configuration , I got belows: https://jmap.mydomain.com/jmap/session
Could you share your stalwart config.toml and twake env file, with your sensitive data redacted?... thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Hi,
Thank you so much for your detailed response. I believe my issue is mainly
configuration-related. If possible, could you kindly spare a few minutes
for a quick Zoom meeting so I can walk you through my setup and get your
guidance?
Alternatively, I’d be glad to share my full configuration with you by email
if that’s easier. Your assistance would mean a lot, especially as I’m
working within a short timeframe to get this resolved.
thanks
…On Thu, Aug 28, 2025 at 10:15 AM xavier dutoit ***@***.***> wrote:
Hi,
I've been using twake with stalwart and it works fine, so far with only
two limitations:
- no notification (issue with websocket authentication)
- no shared folders
did you properly configure the jmap url for your stalwart email in twake?
Checkout the dev console network tab, it should have a request (assuming
mail.example.org is your stalwart server)
https://mail.example.org/.well-known/openid-configuration
do you see it? you should have a network request failing, it will help you
figure out when the connection fails between the webmail and the mail
—
Reply to this email directly, view it on GitHub
<#1918 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BQANAM4SC2GNUIO3OTR7O533P3CCRAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMRUGMZDCNQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I've been struggling to make Twake webmail client work with Stalwart Mail (Stalwart as OIDC provider). I've been using Snappymail webmail client to work with Stalwart mail server for years. It supports multi-account mail with one login, though its web UI design is not modern, its responsive ui works well on mobile phones too. I did want to try Twake, but could not make it work, so I gave up for now. You may already know that Twake does not support multi-account mail, and they do not consider it a priority. |
Beta Was this translation helpful? Give feedback.
-
|
Hi,
Thanks for your message, below is my values.yaml file
# Source: https://codeberg.org/wrenix/helm-charts (Stalwart Mail Official
Helm Chart)
# Customized for: Production-ready deployment with TLS, Prometheus,
Grafana, and secrets handling
# Custom Logos:
https://github.com/linagora/tmail-flutter/blob/master/docs/configuration/tmail-web-logo.md
ingress:
enabled: true
className: ingress-nginx-private
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
hosts:
- host: mail.secretstartups.org
paths:
- path: /
pathType: Prefix
tls:
- secretName: stalwart-tls
hosts:
- mail.secretstartups.org
# I want you to move these into Vault when you've learned how to use it.
secrets:
env:
FALLBACK_ADMIN_SECRET: "SuperSecureAdminPass123!"
METRICS_USERNAME: "metrics_user"
METRICS_SECRET: "metrics_password"
# CIVO DETAILS - UID: cf3a152f-e307-4f08-877f-c01b871e5699
S3_ACCESS_KEY_ID: "AO8FSFK1IEGFFM1EKC8H"
S3_SECRET_ACCESS_KEY: 'M5V2AxZCrZEWuXHdp1GdfAq5htHyRKcrBqAO0oFD'
S3_ENDPOINT: 'https://objectstore.lon1.civo.com'
S3_BUCKET: 'ss-mail'
S3_REGION: 'lon1'
S3_KEY_PREFIX: 'stalwart/'
S3_TIMEOUT: '30s'
# Certificate
certificate:
certmanager:
dnsNames:
- "mail.secretstartups.org"
config:
authentication:
fallback-admin:
user: "admin"
secret: "%{env:FALLBACK_ADMIN_SECRET}%"
metrics:
prometheus:
enable: true
auth:
username: "%{env:METRICS_USERNAME}%"
secret: "%{env:METRICS_SECRET}%"
certificate:
default:
default: true
cert: "%{file:/opt/stalwart/etc/certs/tls.crt}%"
private-key: "%{file:/opt/stalwart/etc/certs/tls.key}%"
# We're using CIVO
storage:
data: "rocksdb"
fts: "rocksdb"
blob: "rocksdb"
lookup: "rocksdb"
directory: "internal"
store:
rocksdb:
type: rocksdb
path: "/data"
compression: "lz4"
minio:
type: s3
bucket: "%{env:S3_BUCKET}%"
region: "%{env:S3_REGION}%"
access-key: "%{env:S3_ACCESS_KEY_ID}%"
secret-key: "%{env:S3_SECRET_ACCESS_KEY}%"
endpoint: "%{env:S3_ENDPOINT}%" # Optional, for non-AWS S3
timeout: "%{env:S3_TIMEOUT}%"
key-prefix: "%{env:S3_KEY_PREFIX}%"
s3:
type: s3
bucket: "%{env:S3_BUCKET}%"
region: "%{env:S3_REGION}%"
access-key: "%{env:S3_ACCESS_KEY_ID}%"
secret-key: "%{env:S3_SECRET_ACCESS_KEY}%"
endpoint: "%{env:S3_ENDPOINT}%" # Optional, for non-AWS S3
timeout: "%{env:S3_TIMEOUT}%"
key-prefix: "%{env:S3_KEY_PREFIX}%"
directory:
#
https://stalw.art/docs/auth/backend/oidc#introspection-endpoint-with-bearer-token-authentication
vs
#
https://stalw.art/docs/auth/backend/oidc#introspection-endpoint-with-user-provided-access-token
keycloak:
type: "oidc"
timeout: "15s"
#
https://aaa.secretstartups.org/realms/secretstartups/.well-known/openid-configuration
endpoint:
url: "
https://aaa.secretstartups.org/realms/secretstartups/protocol/openid-connect/token/introspect
"
method: "introspect"
auth:
username: "teammail-web"
secret: "N1drH0Svwh1fCGTfx8CGWF3HfkClTVzv"
method: "basic"
cache:
size: 1048576
ttl:
negative: "10m"
positive: "1h"
fields:
email: "email"
username: "email"
full-name: "username"
# internal:
# type: "internal"
# store: "rocksdb"
prometheus:
servicemonitor:
enabled: true
labels:
release: prometheus
grafana:
dashboards:
enabled: true
labels:
grafana_dashboard: "1"
annotations: {}
# Add more overrides below ONLY if you are customizing them
# https://github.com/linagora/tmail-flutter/tree/master/docs
twake:
# -- deploy a
# @section -- Twake Webmail Client
enabled: true
config:
env:
WEB_OIDC_CLIENT_ID: "teammail-web"
SERVER_URL: "https://mail.secretstartups.org"
DOMAIN_REDIRECT_URL: "https://webmail.secretstartups.org"
OIDC_SCOPES:
- openid
- email
- offline_access
APP_GRID_AVAILABLE: "supported"
FORWARD_WARNING_MESSAGE: ""
PLATFORM: other
WS_ECHO_PING: true
JMAP_URL: "https://mail.secretstartups.org/jmap"
OIDC_DISCOVERY_URL: "
https://mail.secretstartups.org/.well-known/openid-configuration"
ingress:
enabled: true
className: "ingress-nginx-private"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
hosts:
- host: webmail.secretstartups.org
paths:
- path: /
pathType: Prefix
tls:
- secretName: webmail-tls
hosts:
- webmail.secretstartups.org
My company standardizes all application configuration through *Helm*, so
everything lives inside a single values.yaml file for consistency.
I’ve attached my current values.yaml here so you can see how I’ve
configured both *Stalwart Mail* and the *Twake webmail client* (with OIDC).
One additional thing I’d like to maintain is a *token-based account
creation flow*, so that new accounts can be provisioned securely without
editing configuration files manually.
Could you have a look at my values.yaml and let me know if it’s structured
correctly.
Thanks a lot for your guidance!
…On Sun, Aug 31, 2025 at 9:27 AM bthoven ***@***.***> wrote:
Hi, I have stalwart working fine with imap (using snappymail webmail
client). I have been trying to make twake work with stalwart mail as OIDC
provider and mail server, but not working.
Could you share the stalwart config.toml and twake env file?... thanks.
—
Reply to this email directly, view it on GitHub
<#1918 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BQANAM7DUIVZCH6KPEP4QPT3QKWYJAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMRWGY3DANY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Hi
The values.yaml i shared is just for dev stage not for prod cause i will
definitely have to change some of my config to move into production stage.
…On Sun, Aug 31, 2025 at 2:21 PM Nweke Henry ***@***.***> wrote:
Hi,
Thanks for your message, below is my values.yaml file
# Source: https://codeberg.org/wrenix/helm-charts (Stalwart Mail Official
Helm Chart)
# Customized for: Production-ready deployment with TLS, Prometheus,
Grafana, and secrets handling
# Custom Logos:
https://github.com/linagora/tmail-flutter/blob/master/docs/configuration/tmail-web-logo.md
ingress:
enabled: true
className: ingress-nginx-private
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
hosts:
- host: mail.secretstartups.org
paths:
- path: /
pathType: Prefix
tls:
- secretName: stalwart-tls
hosts:
- mail.secretstartups.org
# I want you to move these into Vault when you've learned how to use it.
secrets:
env:
FALLBACK_ADMIN_SECRET: "SuperSecureAdminPass123!"
METRICS_USERNAME: "metrics_user"
METRICS_SECRET: "metrics_password"
# CIVO DETAILS - UID: cf3a152f-e307-4f08-877f-c01b871e5699
S3_ACCESS_KEY_ID: "AO8FSFK1IEGFFM1EKC8H"
S3_SECRET_ACCESS_KEY: 'M5V2AxZCrZEWuXHdp1GdfAq5htHyRKcrBqAO0oFD'
S3_ENDPOINT: 'https://objectstore.lon1.civo.com'
S3_BUCKET: 'ss-mail'
S3_REGION: 'lon1'
S3_KEY_PREFIX: 'stalwart/'
S3_TIMEOUT: '30s'
# Certificate
certificate:
certmanager:
dnsNames:
- "mail.secretstartups.org"
config:
authentication:
fallback-admin:
user: "admin"
secret: "%{env:FALLBACK_ADMIN_SECRET}%"
metrics:
prometheus:
enable: true
auth:
username: "%{env:METRICS_USERNAME}%"
secret: "%{env:METRICS_SECRET}%"
certificate:
default:
default: true
cert: "%{file:/opt/stalwart/etc/certs/tls.crt}%"
private-key: "%{file:/opt/stalwart/etc/certs/tls.key}%"
# We're using CIVO
storage:
data: "rocksdb"
fts: "rocksdb"
blob: "rocksdb"
lookup: "rocksdb"
directory: "internal"
store:
rocksdb:
type: rocksdb
path: "/data"
compression: "lz4"
minio:
type: s3
bucket: "%{env:S3_BUCKET}%"
region: "%{env:S3_REGION}%"
access-key: "%{env:S3_ACCESS_KEY_ID}%"
secret-key: "%{env:S3_SECRET_ACCESS_KEY}%"
endpoint: "%{env:S3_ENDPOINT}%" # Optional, for non-AWS S3
timeout: "%{env:S3_TIMEOUT}%"
key-prefix: "%{env:S3_KEY_PREFIX}%"
s3:
type: s3
bucket: "%{env:S3_BUCKET}%"
region: "%{env:S3_REGION}%"
access-key: "%{env:S3_ACCESS_KEY_ID}%"
secret-key: "%{env:S3_SECRET_ACCESS_KEY}%"
endpoint: "%{env:S3_ENDPOINT}%" # Optional, for non-AWS S3
timeout: "%{env:S3_TIMEOUT}%"
key-prefix: "%{env:S3_KEY_PREFIX}%"
directory:
#
https://stalw.art/docs/auth/backend/oidc#introspection-endpoint-with-bearer-token-authentication
vs
#
https://stalw.art/docs/auth/backend/oidc#introspection-endpoint-with-user-provided-access-token
keycloak:
type: "oidc"
timeout: "15s"
#
https://aaa.secretstartups.org/realms/secretstartups/.well-known/openid-configuration
endpoint:
url: "
https://aaa.secretstartups.org/realms/secretstartups/protocol/openid-connect/token/introspect
"
method: "introspect"
auth:
username: "teammail-web"
secret: "N1drH0Svwh1fCGTfx8CGWF3HfkClTVzv"
method: "basic"
cache:
size: 1048576
ttl:
negative: "10m"
positive: "1h"
fields:
email: "email"
username: "email"
full-name: "username"
# internal:
# type: "internal"
# store: "rocksdb"
prometheus:
servicemonitor:
enabled: true
labels:
release: prometheus
grafana:
dashboards:
enabled: true
labels:
grafana_dashboard: "1"
annotations: {}
# Add more overrides below ONLY if you are customizing them
# https://github.com/linagora/tmail-flutter/tree/master/docs
twake:
# -- deploy a
# @section -- Twake Webmail Client
enabled: true
config:
env:
WEB_OIDC_CLIENT_ID: "teammail-web"
SERVER_URL: "https://mail.secretstartups.org"
DOMAIN_REDIRECT_URL: "https://webmail.secretstartups.org"
OIDC_SCOPES:
- openid
- email
- offline_access
APP_GRID_AVAILABLE: "supported"
FORWARD_WARNING_MESSAGE: ""
PLATFORM: other
WS_ECHO_PING: true
JMAP_URL: "https://mail.secretstartups.org/jmap"
OIDC_DISCOVERY_URL: "
https://mail.secretstartups.org/.well-known/openid-configuration"
ingress:
enabled: true
className: "ingress-nginx-private"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
hosts:
- host: webmail.secretstartups.org
paths:
- path: /
pathType: Prefix
tls:
- secretName: webmail-tls
hosts:
- webmail.secretstartups.org
My company standardizes all application configuration through *Helm*, so
everything lives inside a single values.yaml file for consistency.
I’ve attached my current values.yaml here so you can see how I’ve
configured both *Stalwart Mail* and the *Twake webmail client* (with
OIDC).
One additional thing I’d like to maintain is a *token-based account
creation flow*, so that new accounts can be provisioned securely without
editing configuration files manually.
Could you have a look at my values.yaml and let me know if it’s
structured correctly.
Thanks a lot for your guidance!
On Sun, Aug 31, 2025 at 9:27 AM bthoven ***@***.***> wrote:
> Hi, I have stalwart working fine with imap (using snappymail webmail
> client). I have been trying to make twake work with stalwart mail as OIDC
> provider and mail server, but not working.
>
> Could you share the stalwart config.toml and twake env file?... thanks.
>
> —
> Reply to this email directly, view it on GitHub
> <#1918 (reply in thread)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/BQANAM7DUIVZCH6KPEP4QPT3QKWYJAVCNFSM6AAAAACCMWOJMWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMRWGY3DANY>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***
> com>
>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey everyone,
I’ve been trying out Stalwart Mail using the official Helm chart from Codeberg and got it running in our dev Kubernetes cluster. Everything seems to spin up fine services are up and no obvious errors on the surface.
But when I tried connecting Twake Mail to use Stalwart as the backend, I hit a roadblock:
"Unexpected error: Failed to fetch" shows up on the Twake login screen.
We didn’t make many changes to the chart — mostly just some tweaks for Ingress and secrets. I wanted to ask
What could be causing this error?
Are there any known steps or configs needed to make Twake and Stalwart work together?
Anything I should double-check in the Helm values?
I’ve attached a screenshot of the error for context.
Really appreciate any help or pointers 🙏
Thanks a lot!
Beta Was this translation helpful? Give feedback.
All reactions