Architecture Design
SirrMesh adopts a modular architecture to provide a flexible, extensible mail server solution.
Overall Architecture
┌─────────────────────────────────────────────┐
│ Client Layer │
│ (Thunderbird, Outlook, Mobile Apps) │
└──────────────┬──────────────────────────────┘
│
▼
┌─────────────────────────────────────────────┐
│ Protocol Layer │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ SMTP │ │ IMAP │ │Submission│ │
│ └─────────┘ └─────────┘ └─────────┘ │
└──────────────┬──────────────────────────────┘
│
▼
┌─────────────────────────────────────────────┐
│ Authentication Layer │
│ ┌──────────┐ ┌─────┐ ┌─────┐ ┌──────┐ │
│ │Blockchain│ │LDAP │ │ PAM │ │Custom│ │
│ └──────────┘ └─────┘ └─────┘ └──────┘ │
└──────────────┬──────────────────────────────┘
│
▼
┌─────────────────────────────────────────────┐
│ Processing Layer │
│ ┌─────────┐ ┌──────┐ ┌─────────┐ │
│ │ Filter │ │Modify│ │ Check │ │
│ │ (Sieve)│ │(DKIM)│ │(SPF/etc)│ │
│ └─────────┘ └──────┘ └─────────┘ │
└──────────────┬──────────────────────────────┘
│
▼
┌─────────────────────────────────────────────┐
│ Storage Layer │
│ ┌──────────┐ ┌────────────┐ │
│ │ Database │ │ Storage │ │
│ │(PG/MySQL)│ │(Local/S3) │ │
│ └──────────┘ └────────────┘ │
└─────────────────────────────────────────────┘Core Components
Protocol Handlers
SMTP Server
- Receive and send emails
- Support STARTTLS encryption
- Implement rate limiting and anti-spam measures
IMAP Server
- Mail storage and retrieval
- Folder management
- Mail search functionality
- Support IDLE push notifications
Submission Server
- Mail submission (port 587)
- Mandatory authentication
- Automatic DKIM signing
Authentication Modules
Blockchain Authentication
go
type BlockchainAuth struct {
networks map[string]RPCClient
cache *AuthCache
}
func (b *BlockchainAuth) Verify(address, signature, message string) bool {
// 1. Recover signer address
// 2. Verify address matches
// 3. Check timestamp validity
return verified
}LDAP Authentication
- Active Directory support
- Organizational Unit (OU) mapping
- Attribute synchronization
PAM Authentication
- System account integration
- Support for various PAM modules
Message Processing Pipeline
Mail Received → Anti-Spam Check → Virus Scan → Filter Rules
↓
Store to Database ← DKIM Signing ← Content Modification ← User RulesStorage System
Database Layer
- User Data: Account info, quotas, settings
- Mail Metadata: Sender, recipient, subject, timestamp
- Indexes: Fast search and retrieval
File Storage
- Maildir Format: One file per email
- Compression: Automatic compression of old emails
- S3 Compatible: Scalable to cloud storage
Data Flow
Sending Mail Flow
1. Client connects (SMTP/Submission)
↓
2. Authentication verification
↓
3. Receive mail content
↓
4. Verify recipient
↓
5. Apply filter rules
↓
6. DKIM signing
↓
7. Queue processing
↓
8. Send to destination serverReceiving Mail Flow
1. External server connects
↓
2. SPF/DKIM/DMARC checks
↓
3. Anti-spam checks
↓
4. Apply user rules (Sieve)
↓
5. Store to database
↓
6. Save mail file
↓
7. Notify client (IMAP IDLE)Module System
Core Modules
- auth: Authentication providers
- storage: Storage backends
- filter: Mail filtering
- modify: Content modification
- check: Verification checks
Extension Points
go
type Module interface {
Name() string
Init(config Config) error
Process(ctx Context, msg *Message) error
}Performance Optimization
Concurrency Model
- Goroutine Pool: Handle concurrent connections
- Async IO: Non-blocking network operations
- Batch Processing: Database batch operations
Caching Strategy
- Authentication Cache: Reduce blockchain RPC calls
- User Data Cache: In-memory caching of frequently used data
- DNS Cache: Reduce DNS queries
Connection Pooling
- Database Connection Pool: Reuse database connections
- RPC Connection Pool: Blockchain node connection reuse
Security Design
Multi-Layer Protection
- Network Layer: TLS encryption
- Authentication Layer: Multi-factor authentication support
- Application Layer: Input validation, SQL injection protection
- Data Layer: Data-at-rest encryption
Rate Limiting
- Connection Rate: Prevent connection abuse
- Send Rate: Prevent spam
- Authentication Attempts: Prevent brute force attacks
Scalability
Horizontal Scaling
┌─────────────┐
│Load Balancer│
└──────┬──────┘
│
┌─────────┼─────────┐
▼ ▼ ▼
┌──────┐ ┌──────┐ ┌──────┐
│ Node │ │ Node │ │ Node │
│ 1 │ │ 2 │ │ 3 │
└───┬──┘ └───┬──┘ └───┬──┘
│ │ │
└─────────┼─────────┘
▼
┌────────────────┐
│ Shared Storage│
│ (Database/S3) │
└────────────────┘Component Separation
- Independent Deployment: SMTP, IMAP can scale independently
- Shared Storage: Multiple instances share data
- Load Balancing: Smart traffic distribution
Monitoring and Logging
Metrics Collection
- System Metrics: CPU, memory, disk
- Application Metrics: Mail throughput, latency
- Business Metrics: User activity, storage usage
Logging System
Application Logs → Structured Output → Log Aggregation → Analysis Platform
(ELK/Loki)High Availability
Failover
- Master-Slave Replication: Database master-slave configuration
- Automatic Switchover: Health checks and automatic failover
- Data Backup: Regular backups and recovery testing
Health Checks
go
type HealthCheck struct {
Database bool
SMTP bool
IMAP bool
Storage bool
}More technical details: