Socket map for check virtual users and virtual domains

[Aravinda-HWK]

📌 Description

This PR is to add a socket map for checking the existence of virtual users and virtual domains to remove the users and domains tables from the shared.db database.

• Closes [FEATURE] Create Policy decision service for check the user existance #280

---

🔍 Changes Made

---

✅ Checklist (Email System)

• Core services tested (SMTP, IMAP, mail storage, end-to-end delivery)
• Security & compliance verified (auth via Thunder IDP, TLS, DKIM/SPF/DMARC, spam/virus filtering)
• Configuration & deployment checked (configs generated, Docker/Compose updated)
• Reliability confirmed (error handling, logging, monitoring)
• Documentation & usage notes updated (README, deployment, API)

---

🧪 Testing Instructions

---

📷 Screenshots / Logs (if applicable)

---

⚠️ Notes for Reviewers

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new, dedicated socket map service to handle virtual user and domain existence checks for the Postfix SMTP server. This change significantly enhances the flexibility and dynamism of user validation by decoupling it from the shared.db SQLite database, allowing for easier integration with external identity providers or user management systems.

Highlights

• New Socketmap Service Introduced: A new Go-based socketmap-server has been added to the Docker Compose stack. This service is responsible for dynamically validating the existence of virtual users and domains, replacing the previous SQLite-based lookup mechanism.
• Postfix Configuration Updated: The gen-postfix-conf.sh script has been modified to configure Postfix's virtual_mailbox_maps to utilize the new socketmap-server for user validation, ensuring that Postfix queries the dedicated service for recipient checks.
• Netstring Protocol Implemented: The socketmap service now correctly implements the Postfix-specific netstring protocol for communication. This crucial fix resolves issues where Postfix was connecting but not sending data, ensuring proper interaction between Postfix and the new service.
• Comprehensive Documentation and Tools: Extensive documentation, including architecture diagrams, Docker deployment guides, quick start instructions, and a detailed troubleshooting guide, has been added. Diagnostic and interactive testing scripts are also included to aid in setup and debugging.

Changelog

• SOCKETMAP_CHANGES.md
  • Documented the key changes and deployment steps for the socketmap integration.
• services/config-scripts/gen-postfix-conf.sh
  • Updated Postfix configuration generation to use the new socketmap service for virtual_mailbox_maps.
  • Clarified comments regarding the use of SQLite for domains/aliases and socketmap for user validation.
• services/docker-compose.yaml
  • Added the socketmap-server service definition to the Docker Compose configuration.
  • Established a dependency from smtp-server to socketmap-server.
• services/socketmap/.gitignore
  • Configured Git to ignore Go build artifacts, test binaries, dependency directories, and common IDE files for the new service.
• services/socketmap/ARCHITECTURE.md
  • Provided detailed diagrams illustrating the mail flow, Docker network topology, configuration flow, and data flow with the new socketmap service.
  • Included a comparison of before (SQLite) vs. after (Socketmap) architectures, caching details, and protocol specifics.
• services/socketmap/DOCKER_DEPLOYMENT.md
  • Documented the Docker deployment process, service definition, Postfix integration, and production considerations for the socketmap service.
  • Included troubleshooting steps and environment variable explanations.
• services/socketmap/Dockerfile
  • Defined the multi-stage Docker build process for the Go socketmap application, using golang:1.21-alpine for building and alpine:latest for the final image.
• services/socketmap/INTEGRATION_SUMMARY.md
  • Summarized the integration of the socketmap service, detailing modified and new files, architecture changes, and deployment instructions.
  • Outlined benefits, migration paths, monitoring, and security considerations.
• services/socketmap/LOGGING_UPDATE.md
  • Described significant enhancements made to the socketmap service's logging for better debugging and troubleshooting, including startup, connection, data reception, request processing, cache, and error details.
• services/socketmap/NETSTRING_FIX.md
  • Explained the resolution of a critical issue by implementing the correct netstring protocol for Postfix socketmap communication.
  • Detailed the netstring encoding/decoding functions and updated connection handling.
• services/socketmap/QUICKSTART.md
  • Provided a quick reference guide for starting, testing, and configuring the socketmap service, including manual testing and Postfix configuration examples.
• services/socketmap/README.md
  • Documented the socketmap service's purpose, deployment options, protocol details, test users, logging, and customization points.
  • Included production considerations and troubleshooting tips.
• services/socketmap/TROUBLESHOOTING.md
  • Offered a comprehensive guide for diagnosing and resolving common issues related to Postfix not sending data to the socketmap service, including configuration checks, direct testing, and log analysis.
• services/socketmap/diagnostic.sh
  • Added a shell script to automate diagnostic checks for socketmap connectivity and configuration, providing detailed output for troubleshooting.
• services/socketmap/go.mod
  • Initialized the Go module for the socketmap service with Go version 1.21.
• services/socketmap/interactive-test.sh
  • Provided an interactive shell script for manual testing of email addresses against the socketmap service.
• services/socketmap/main.go
  • Implemented the core Go socketmap service, including netstring protocol handling for reading requests and writing responses.
  • Added environment variable parsing for host and port configuration.
  • Integrated a simple in-memory cache for user existence checks.
  • Defined test user validation logic, accepting specific users and users from allowed domains.
• services/socketmap/test-netstring.sh
  • Added a specific test script to verify the netstring protocol implementation of the socketmap service, including encoding and decoding functions.
• services/socketmap/test.sh
  • Provided a general automated test suite for the socketmap service's functionality, covering valid/invalid users, cache behavior, and invalid requests.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new socketmap-server Go service to handle virtual user and domain lookups for Postfix, replacing the previous SQLite-based approach. The changes include the Go service itself, Docker integration via docker-compose.yaml, a Dockerfile for building the service, and extensive documentation and test scripts. While this is a significant and valuable feature, the review has identified several critical and high-severity issues. There is a critical race condition in the in-memory cache implementation in main.go that needs to be addressed with a mutex. Additionally, there are widespread inconsistencies between the implemented netstring protocol in the Go service and the plain-text protocol used in most of the test scripts and documentation, rendering them incorrect and non-functional. Other suggestions include improving the Dockerfile for security and reproducibility, and adding a healthcheck to the service in docker-compose.yaml.

[gemini-code-assist]

The reader.Read(data) call does not guarantee that it will read len(data) bytes; it may read fewer bytes without returning an error. This can lead to incorrect parsing of the netstring data. To ensure you read the exact number of bytes specified by the netstring length, you should use io.ReadFull.

You will need to add import "io".

if _, err := io.ReadFull(reader, data); err != nil {
		return "", fmt.Errorf("failed to read data: %w", err)
	}

[gemini-code-assist]

For better security, the container should not run as the root user. You should create a dedicated non-root user, change file ownership, and switch to that user before running the application.

# Create a non-root user and group
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Set ownership for the app directory and binary
RUN chown -R appuser:appgroup /app

# Switch to the non-root user
USER appuser

# Run the service
CMD ["./socketmap"]

[gemini-code-assist]

The socketmap-server service is missing a healthcheck. Adding one would improve the reliability of your stack, especially since smtp-server depends on it. Without a healthcheck, depends_on only waits for the container to start, not for the service to be ready. You could then change the dependency to condition: service_healthy.

Note that the healthcheck command needs to send a valid netstring request, which can be tricky with sh -c. You may want to consider adding a simpler healthcheck mechanism to the Go service itself.

[gemini-code-assist]

The server does not handle graceful shutdown. If it receives a SIGINT or SIGTERM, it will exit immediately, potentially dropping active connections. You should implement signal handling to allow for a graceful shutdown. This typically involves:

1. Listening for os.Interrupt and syscall.SIGTERM signals.
2. On signal, call listener.Close() to stop accepting new connections.
3. Use a sync.WaitGroup to track and wait for active connections to finish before exiting.