Architecture
A complete mail system consits of multiple components. Using Illumos Zones as a containerization technology each component runs independent. This simplyfies management and isolates failures.
Components
| Controller, The API Endpoint | Offers a JSON/Rest API to manages Accounts and Aliases |
|---|---|
| MX-Server | Accepts Emails from the Internet, Scans for Spam and Malware and delivers it to the Mailbox Server |
| Mailbox Server | This system is responsible for storing your mailbox and makes it available via POP and IMAP |
| Submission | If you want to send Email your Client submits it to this system and it will make sure it gets deliverd to its recipient. |
Fault Isolation
Each component holds a full replica of the account and alias database. This allows them to continue working even if communication to the controller is disrupted. MX and Submission Servers can be placed in multiple datacenters.
Cryptography
TLS/SSL encryption is used between servers and clients. This helps against passive snooping along the way.
- For Clients TLS is mandatory so you'll never accidentally compromise account passwords.
- For full end-to-end security you might also want to look into PGP or SMIME.
- Communication between the components (Control channel and MX delivery to Mailbox) is encrypted with spipe.
Scalability
As your mailvolume grows so can your infrastructure. Seperation of MX and Submission systems allows to scale this independently. If you are a sender of bulk mail you might want to use more Submission servers.
Open-Source
All software and deployment code is open-source and published on GitHub.