Raven MDA v0.6.0
Raven MDA v0.6.0
What's New
✨ New Features
Socketmap Service (migrated from Silver)
The Socketmap service has been moved into the Raven repository, consolidating the full MDA stack in one place. This service implements the Postfix socketmap protocol with:
- Alias resolution with caching
- Domain existence validation against the Thunder IDP
- Handlers for user existence checks and virtual domain lookups
- Netstring protocol communication over TCP
- Input sanitization and secure TLS configuration
Group Email Support (LMTP)
The LMTP server can now deliver mail to group/distribution addresses. Group email resolution integrates with the Thunder IDP to expand group addresses to individual recipients, including organization unit handling and user profile fetching.
Spam Restoration
When a message is unmarked as spam, it is now automatically restored to its original folder rather than remaining in the spam folder. This improves the user experience for false-positive spam corrections.
🔧 Improvements
IDP Responsibility Refactoring
Removed functionality from Raven that belongs to the Identity Provider (IDP). Key changes:
- User identification is now email-based rather than user-ID-based across the IMAP server, middleware, and selection handlers.
- Recipient existence checks are now delegated to the IDP rather than handled internally.
- Role mailbox functions no longer require a
domain_idparameter, simplifying the internal API. - Authentication flow updated to use username identifiers with improved domain-matching validation.
SASL Authentication Scope Configuration
The SASL server now supports explicit scope configuration to differentiate between TCP and Unix socket listeners. Validation is applied at startup to ensure the correct listener type is launched based on the configured scope.
🔒 Security
- Improved error handling in configuration validation for SASL startup.
- Secure TLS configuration enforced for HTTP clients communicating with Thunder IDP (resolving
InsecureSkipVerifyusage). - Workflow added to automatically update the security policy table on each release.
🐛 Bug Fixes
- Fixed SASL authentication scope not being properly applied when switching between TCP and Unix socket modes.
- Fixed silent failure in DB migration error handling during spam restoration.
- Fixed import ordering issues in
blobstorageandconfigpackages.
Breaking Changes
- Internal IMAP server interfaces now use email addresses instead of user IDs for database lookups. Any custom integrations against internal interfaces will need to be updated accordingly.
- The
domain_idparameter has been removed from role mailbox functions.
Docker
Pull the latest image:
docker pull ghcr.io/lsflk/raven:latestThe Socketmap service is now available as part of the Raven image and can be started via the entrypoint script.
What's Changed
| # | Type | Description |
|---|---|---|
| #233 | Bug Fix | Configure SASL authentication scope for TCP vs Unix socket |
| #236 | Bug Fix | Restore messages to original folder when unmarked as spam |
| #238 | Refactor | Remove functionality that is the responsibility of the IDP |
| #243 | Feature | Add group email support to LMTP server |
| #245 | Feature | Move Socketmap service from Silver repo to Raven repo |
| #248 | CI | Fix GitHub token for welcome action |
| #240 | CI | Add workflow to update security policy on release |
Contributors
Thank you to everyone who contributed to this release! 🎉
| Contributor | GitHub |
|---|---|
| H.W.K.Aravinda | [@Aravinda-HWK](https://github.com/Aravinda-HWK) |
| Maneesha | [@maneeshaxyz](https://github.com/maneeshaxyz) |
| Nazik | [@MohamadNazik](https://github.com/MohamadNazik) |
Full Changelog: v0.5.0...v0.6.0