System Architecture v1.0

Under the Hood

A deep dive into the secure, high-performance email ingestion and zero-knowledge encryption pipeline of tempinbox.cloud.

Ingestion & MTA

External mail (e.g., Gmail) is received by a hardened Postfix instance. Instead of local delivery, Postfix acts as a gateway, forwarding traffic via LMTP over TCP to our Go backend.

Postfix LMTP Go-SMTP

Zero-Knowledge Vault

Every email is secured using an ECDH (X25519) key exchange. We derive a symmetric session key via HKDF, then encrypt the payload with AES-256-GCM.

X25519 AES-GCM HKDF

Scalability & UX

Clients authenticate via JWT tokens synced with inbox TTL. To minimize bandwidth, we use a lazy-loading approach: only headers are fetched initially, payloads are pulled on-demand.

JWT Rate Limiting Lazy-Load

Detailed Transaction Flow

  1. 01. Postfix (MTA) receives SMTP stream -> Relays to Go-LMTP (github.com/emersion/go-smtp).
  2. 02. Backend validates mailbox existence and fetches user's X25519 Public Key.
  3. 03. Go generates ephemeral X25519 key -> Computes Shared Secret (ECDH) -> Derives key via HKDF.
  4. 04. Message body is encrypted with AES-256-GCM. Metadata is indexed in PostgreSQL.
  5. 05. Frontend (Astro/Preact) authenticates via JWT (expiry matched to inbox TTL).
  6. 06. Client-Side Decryption: Private key in LocalStorage + Ephemeral Key + Ciphertext = Plaintext.