I don’t have high hopes this will get a good answer, but I’m posting here praying someone has a solid suggestion.
I’ve installed Stalwart from the Umbrel App Store and began configuration, but I’m stuck at configuring DNS. I was able to import the zonefile into Cloudflare, but my understanding is I will need to provide an A record in addition to the MX, CNAME, TXT, and SRV records provided in Stalwart. A records always must point to an unproxied IP address. I have no idea what this IP address would be.
I already have Cloudflare Tunnels routing to a few Umbrel apps like searxng, but I don’t think a tunnel setup to my Stalwart container is the right choice here either (though I’m happy to be told I’m wrong).
Has anyone successfully set up Stalwart on Umbrel, and if so are you willing to share a tutorial or a brief write-up of steps that worked for you?
You’re not missing a DNS trick — you’re missing a reachable IP.
The A record must point to a publicly reachable IP address. In a home/Umbrel setup, that means the public IP assigned by your ISP (the one you see with curl ifconfig.me). It cannot be a private IP, and it cannot be a Cloudflare Tunnel.
Cloudflare Tunnels only proxy HTTP/HTTPS. They do not work for SMTP, IMAP, or other mail protocols, so they can’t be used to expose a mail server.
On top of that, most residential ISPs block port 25 (inbound and/or outbound). Even with perfect DNS, direct mail delivery from home usually won’t work.
In practice, you have three realistic options:
Use a small VPS as an SMTP/MX relay.
Use a commercial SMTP relay (SES, Mailgun, etc.).
Don’t host mail directly on Umbrel and accept that limitation.
Stalwart itself works fine — the limitation is the residential network environment.
I have tried it very hard in Umbrel and on a separate server, I managed to do everything right but my ISP blocks port 25. I ended up leaving it.