Skip to content

Raven MDA v0.6.0

Choose a tag to compare

@Aravinda-HWK Aravinda-HWK released this 26 Mar 05:42
1e08a67

Raven MDA v0.6.0

What's New

✨ New Features

Socketmap Service (migrated from Silver)

The Socketmap service has been moved into the Raven repository, consolidating the full MDA stack in one place. This service implements the Postfix socketmap protocol with:

  • Alias resolution with caching
  • Domain existence validation against the Thunder IDP
  • Handlers for user existence checks and virtual domain lookups
  • Netstring protocol communication over TCP
  • Input sanitization and secure TLS configuration

Group Email Support (LMTP)

The LMTP server can now deliver mail to group/distribution addresses. Group email resolution integrates with the Thunder IDP to expand group addresses to individual recipients, including organization unit handling and user profile fetching.

Spam Restoration

When a message is unmarked as spam, it is now automatically restored to its original folder rather than remaining in the spam folder. This improves the user experience for false-positive spam corrections.

🔧 Improvements

IDP Responsibility Refactoring

Removed functionality from Raven that belongs to the Identity Provider (IDP). Key changes:

  • User identification is now email-based rather than user-ID-based across the IMAP server, middleware, and selection handlers.
  • Recipient existence checks are now delegated to the IDP rather than handled internally.
  • Role mailbox functions no longer require a domain_id parameter, simplifying the internal API.
  • Authentication flow updated to use username identifiers with improved domain-matching validation.

SASL Authentication Scope Configuration

The SASL server now supports explicit scope configuration to differentiate between TCP and Unix socket listeners. Validation is applied at startup to ensure the correct listener type is launched based on the configured scope.

🔒 Security

  • Improved error handling in configuration validation for SASL startup.
  • Secure TLS configuration enforced for HTTP clients communicating with Thunder IDP (resolving InsecureSkipVerify usage).
  • Workflow added to automatically update the security policy table on each release.

🐛 Bug Fixes

  • Fixed SASL authentication scope not being properly applied when switching between TCP and Unix socket modes.
  • Fixed silent failure in DB migration error handling during spam restoration.
  • Fixed import ordering issues in blobstorage and config packages.

Breaking Changes

  • Internal IMAP server interfaces now use email addresses instead of user IDs for database lookups. Any custom integrations against internal interfaces will need to be updated accordingly.
  • The domain_id parameter has been removed from role mailbox functions.

Docker

Pull the latest image:

docker pull ghcr.io/lsflk/raven:latest

The Socketmap service is now available as part of the Raven image and can be started via the entrypoint script.


What's Changed

# Type Description
#233 Bug Fix Configure SASL authentication scope for TCP vs Unix socket
#236 Bug Fix Restore messages to original folder when unmarked as spam
#238 Refactor Remove functionality that is the responsibility of the IDP
#243 Feature Add group email support to LMTP server
#245 Feature Move Socketmap service from Silver repo to Raven repo
#248 CI Fix GitHub token for welcome action
#240 CI Add workflow to update security policy on release

Contributors

Thank you to everyone who contributed to this release! 🎉

Contributor GitHub
H.W.K.Aravinda [@Aravinda-HWK](https://github.com/Aravinda-HWK)
Maneesha [@maneeshaxyz](https://github.com/maneeshaxyz)
Nazik [@MohamadNazik](https://github.com/MohamadNazik)

Full Changelog: v0.5.0...v0.6.0