diff --git a/README.md b/README.md
index 8818eba..d0a04f0 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ This plugin parses the "Received" header for the last hop and checks if TLS was
 receiving MTA.
 
 In Postfix this can be enabled by
-setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail
+setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail and Stalwart
 should work out of the box. Other MTAs have not been explicitly tested.
 
 Note that while this talks about "encryption", this does not imply security. An encrypted mail may still be insecure,
diff --git a/test/TlsIconTest.php b/test/TlsIconTest.php
index f52c4d4..3cbc732 100644
--- a/test/TlsIconTest.php
+++ b/test/TlsIconTest.php
@@ -30,6 +30,8 @@ final class TlsIconTest extends TestCase
 	/** @var string */
 	private $strSendmailCryptedTlsv12WithCipherVerify = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK" />';
 
+	/** @var string */
+	private $strStalwartCryptedTlsv13WithCipher = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384" />';
 
 	public function testInstance()
 	{
@@ -379,4 +381,40 @@ public function testSendmailTLS13MultipleRecipients()
 			]
 		], $headersProcessed);
 	}
+
+	public function testStalwartTls()
+	{
+		$o = new tls_icon();
+		$headersProcessed = $o->message_headers([
+			'output' => [
+				'subject' => [
+					'value' => 'Sent to you',
+				],
+			],
+			'headers' => (object) [
+				'others' => [
+					'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
+					(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
+					by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
+					Mon, 16 Jun 2025 13:33:03 +0000',
+				]
+			]
+		]);
+		$this->assertEquals([
+			'output' => [
+				'subject' => [
+					'value' => 'Sent to you' . $this->strStalwartCryptedTlsv13WithCipher,
+					'html' => 1,
+				],
+			],
+			'headers' => (object) [
+				'others' => [
+					'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
+					(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
+					by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
+					Mon, 16 Jun 2025 13:33:03 +0000',
+				]
+			]
+		], $headersProcessed);
+	}
 }
diff --git a/tls_icon.php b/tls_icon.php
index a6bbecc..40a4b6f 100644
--- a/tls_icon.php
+++ b/tls_icon.php
@@ -2,7 +2,7 @@
 
 class tls_icon extends rcube_plugin
 {
-	const POSTFIX_TLS_REGEX = "/\(using (TLS.*)\) \(/im";
+	const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)\)/im";
 	const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z]*, from userid [0-9]*\)/im";
 	const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for|;)/im";