SirrMesh Docs

English

简体中文
日本語
한국어
العربية

English

简体中文
日本語
한국어
العربية

Appearance

Authentication System

SirrMesh provides multiple flexible authentication methods, supporting various authentication mechanisms from traditional passwords to modern blockchain signatures.

Authentication Methods

Blockchain Authentication

Use blockchain wallets for passwordless authentication.

How It Works

  1. Client signs a random message using private key
  2. Server verifies signature and recovers wallet address
  3. Verify the address matches the user account

Configuration Example

toml
[auth.blockchain]
enabled = true
networks = ["ethereum", "bsc", "polygon"]

[auth.blockchain.rpc]
ethereum = "https://mainnet.infura.io/v3/YOUR-PROJECT-ID"
bsc = "https://bsc-dataseed.binance.org"
polygon = "https://polygon-rpc.com"

Supported Networks

  • Ethereum (ETH)
  • BNB Smart Chain (BSC)
  • Polygon (MATIC)
  • All EVM-compatible chains

Client Usage

javascript
// Generate signature
const message = `Login to SirrMesh: ${timestamp}`;
const signature = await web3.eth.personal.sign(message, address);

// SMTP AUTH
AUTH BLOCKCHAIN
<address>
<signature>
<message>

LDAP Authentication

Integrate with enterprise LDAP directory services.

Configuration

toml
[auth.ldap]
enabled = true
server = "ldap://ldap.example.com:389"
bind_dn = "cn=admin,dc=example,dc=com"
bind_password = "password"
user_base = "ou=users,dc=example,dc=com"
user_filter = "(uid={username})"

Active Directory

toml
[auth.ldap]
server = "ldap://dc.example.com:389"
bind_dn = "cn=Administrator,cn=Users,dc=example,dc=com"
bind_password = "password"
user_base = "cn=Users,dc=example,dc=com"
user_filter = "(sAMAccountName={username})"

PAM Authentication

Use Linux system account authentication.

Configuration

toml
[auth.pam]
enabled = true
service = "sirrchat"

PAM Configuration File

Create /etc/pam.d/sirrchat:

auth       required     pam_unix.so
account    required     pam_unix.so

Database Authentication

Traditional username/password authentication.

Configuration

toml
[auth.database]
enabled = true
password_hash = "bcrypt"  # bcrypt, argon2, scrypt

Create User

bash
sirrmeshd user create \
  --username [email protected] \
  --password secretpassword

Multi-Factor Authentication (MFA)

TOTP

Time-based One-Time Password.

toml
[auth.mfa]
enabled = true
issuer = "SirrMesh"

Enable MFA

bash
sirrmeshd mfa enable --user [email protected]

Hardware Keys

Support for FIDO2/WebAuthn hardware keys.

toml
[auth.mfa.webauthn]
enabled = true
rp_name = "SirrMesh Mail Server"

Authentication Protocols

SASL Mechanisms

Supported SASL authentication mechanisms:

  • PLAIN: Plaintext password (requires TLS)
  • LOGIN: Login authentication
  • CRAM-MD5: Challenge-response authentication
  • SCRAM-SHA-256: Secure authentication
  • BLOCKCHAIN: Custom blockchain authentication

Configuration Example

toml
[auth.sasl]
mechanisms = ["PLAIN", "LOGIN", "BLOCKCHAIN"]
require_tls = true

Access Control

IP Whitelist

toml
[auth.access_control]
allowed_ips = ["192.168.1.0/24", "10.0.0.0/8"]

IP Blacklist

toml
[auth.access_control]
blocked_ips = ["203.0.113.0/24"]

Geographic Restrictions

toml
[auth.geo]
enabled = true
allowed_countries = ["US", "GB", "CA"]

Session Management

Session Configuration

toml
[auth.session]
# Session timeout (seconds)
timeout = 3600

# Maximum concurrent sessions
max_sessions = 10

# Session token length
token_length = 32

Session Storage

  • Memory: Fast but not persistent
  • Redis: Distributed session management
  • Database: Persistent storage
toml
[auth.session.storage]
type = "redis"
redis_url = "redis://localhost:6379/0"

Password Policy

Password Requirements

toml
[auth.password_policy]
min_length = 12
require_uppercase = true
require_lowercase = true
require_digits = true
require_special = true

Password History

toml
[auth.password_policy]
remember_count = 5  # Remember last 5 passwords
expiry_days = 90    # Expire after 90 days

Security Features

Brute Force Protection

toml
[auth.security]
max_attempts = 5
lockout_duration = 300  # 5 minutes

Anomaly Detection

toml
[auth.anomaly_detection]
enabled = true
alert_on_new_ip = true
alert_on_new_device = true

Audit Logging

Logged Events

  • Login attempts (success/failure)
  • Password changes
  • MFA status changes
  • Session creation/destruction

Log Format

json
{
  "timestamp": "2025-01-15T10:30:00Z",
  "event": "login_success",
  "user": "[email protected]",
  "ip": "192.168.1.100",
  "method": "blockchain"
}

API Authentication

API Keys

bash
sirrmeshd api-key create --user [email protected]

OAuth 2.0

toml
[auth.oauth]
enabled = true
provider = "custom"
client_id = "sirrchat"
client_secret = "secret"

Best Practices

  1. Always Use TLS: Encrypt authentication credentials in transit
  2. Enable MFA: Improve account security
  3. Regularly Rotate Keys: Update API keys and passwords
  4. Monitor Anomalies: Set up alert notifications
  5. Principle of Least Privilege: Grant only necessary permissions

Related Documentation:

Released under the GPL 3.0 License.

Copyright © 2025 SirrMesh Team