Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(container): update ghcr.io/foxcpp/maddy ( 0.7.1 → 0.8.1 ) #3243

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(container): update ghcr.io/foxcpp/maddy ( 0.7.1 → 0.8.1 ) #3243

wants to merge 1 commit into from

Conversation

layla-bot[bot]
Copy link
Contributor

@layla-bot layla-bot bot commented Jan 24, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
ghcr.io/foxcpp/maddy (source) minor 0.7.1 -> 0.8.1

Release Notes

foxcpp/maddy (ghcr.io/foxcpp/maddy)

v0.8.1: maddy 0.8.1

Compare Source

This release includes target.smtp STARTTLS change that originally should have been included in 0.8.0 but was accidentally reverted.

Build attestation

Release artifacts built via GitHub Actions run https://github.com/foxcpp/maddy/actions/runs/12964852891

SLSA Build Attestation for x86_64 linux-musl build: https://github.com/foxcpp/maddy/attestations/4622297
SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4622340

v0.8.0: maddy 0.8.0

Compare Source

Important changes
Go 1.23

maddy now requires Go 1.23 toolchain to build. "go" command in Go 1.21+
will automatically download newer toolchain if necessary.

SASL LOGIN disabled by default

Obsolete SASL LOGIN mechanism is no longer enabled by default. To re-enable
its support, use sasl_login directive in endpoint configuration.

STARTTLS plaintext fallback removed in target.smtp

⚠️ The change is accidentally not included in 0.8, see 0.8.1

If STARTTLS support is requested for connection in target.smtp
and the target server does not support STARTTLS message will not be
sent over plaintext connection.

This change does not affect outbound delivery via MX records/port 25.
The default configuration for these is to require TLS (even if the certificate is invalid)

  • this is controlled by min_tls_level encrypted in configuration.

require_tls directive is deprecated and will be removed in a future release.
attempt_starttls directive is deprecated and is equivalent to
the newly added starttls directive.

STARTTLS plaintext fallback in target.remote is more strict

If STARTTLS command is rejected by the remote server or connection error
happens before STARTTLS completes (that is, no TLS handshake takes place)
then unauthenticated TLS or plaintext fallback is no longer attempted.

New features
PROXY protocol support

Thanks @​drdaeman for the work!

maddy now supports HAProxy PROXY protocol for IMAP and SMTP endpoints
via proxy_protocol directive. Both v1 (text) and v2 (binary) versions
are supported. There is also additional support for second TLS layer
between proxy and maddy that can be configured using proxy_protocol.tls
directive.

RFC 2136 libdns provider

Built-in ACME client can be configured to set DNS-01 challenge records
using RFC 2136 protocol.

Support is not compiled-in by default and should be enabled using
libdns_rfc2136 build tag.

ACME-DNS libdns provider

Built-in ACME client can not be configured to delegate DNS-01 challenge
to the https://github.com/joohoi/acme-dns server.

Support should be enabled via libdns_acmedns build tag.

Bug fixes
  • check.milter can now connect to milters using Unix sockets (PR #​622) (Thanks @​mmatous!).
  • libdns/gandi: Upgraded to the latest version of gandi libdns, which fixes an issue where new records could not be created (PR #​673).
  • Add missing global tls_client directive (Issue #​674).
  • target/remote: Improve handling of stale connections in pool to prevent resource leaks (Issue #​675).
  • modify/replace_sender: Support replacing empty MAIL FROM addresses.
  • target/queue: Fix infinite retries after reducing max_tries (Issue #​678).
  • imapsql: Fix cross compilation error (Issue #​681).
  • imapsql: Make modernc.org SQLite driver usable (Issue #​723).
  • config/tls: Disable TLS session tickets (Issue #​730).
  • dmarc: Add support for sending from TLD domains (Issue #​736).
  • tls/acme: Actually use test_ca
Misc improvements
  • build: make "build.sh install" reusable (Thanks @​oidq!).
  • docker: Allow to specify additional build tags via Docker build argument.
  • endpoint/smtp: Recipients limit is now advertised via LIMITS SMTP extension
Build attestation

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@layla-bot layla-bot bot requested a review from kashalls as a code owner January 24, 2025 23:05
@layla-bot layla-bot bot added area/kubernetes Changes made in the kubernetes directory cluster/main labels Jan 24, 2025
@layla-bot
Copy link
Contributor Author

layla-bot bot commented Jan 24, 2025
edited
Loading 

--- kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay

+++ kubernetes/main/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay

@@ -39,13 +39,13 @@

               SMTP_RELAY_SMTP_PORT: 25
             envFrom:
             - secretRef:
                 name: smtp-relay-secret
             image:
               repository: ghcr.io/foxcpp/maddy
-              tag: 0.7.1@sha256:6ab538e2f28baf2324f7cb418c7f9476fd9c7e9fa9b14bc3aecf51a9f6962064
+              tag: 0.8.1@sha256:55636d8a29588eea62d81d51acdafe38e0f694fb91801ab12dc1ed8c47b6439d
             probes:
               liveness:
                 enabled: true
               readiness:
                 enabled: true
             resources:

@layla-bot
Copy link
Contributor Author

layla-bot bot commented Jan 24, 2025
edited
Loading 

--- HelmRelease: default/smtp-relay Deployment: default/smtp-relay

+++ HelmRelease: default/smtp-relay Deployment: default/smtp-relay

@@ -53,13 +53,13 @@

           value: '465'
         - name: SMTP_RELAY_SMTP_PORT
           value: '25'
         envFrom:
         - secretRef:
             name: smtp-relay-secret
-        image: ghcr.io/foxcpp/maddy:0.7.1@sha256:6ab538e2f28baf2324f7cb418c7f9476fd9c7e9fa9b14bc3aecf51a9f6962064
+        image: ghcr.io/foxcpp/maddy:0.8.1@sha256:55636d8a29588eea62d81d51acdafe38e0f694fb91801ab12dc1ed8c47b6439d
         livenessProbe:
           failureThreshold: 3
           initialDelaySeconds: 0
           periodSeconds: 10
           tcpSocket:
             port: 8080

@layla-bot layla-bot bot force-pushed the renovate/main-ghcr.io-foxcpp-maddy-0.x branch from d53b435 to 7d74429 Compare January 25, 2025 13:06
@layla-bot layla-bot bot changed the title feat(container): update ghcr.io/foxcpp/maddy ( 0.7.1 → 0.8.0 ) feat(container): update ghcr.io/foxcpp/maddy ( 0.7.1 → 0.8.1 ) Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kashalls kashalls Awaiting requested review from kashalls kashalls is a code owner

Assignees
No one assigned
Labels
area/kubernetes Changes made in the kubernetes directory cluster/main renovate/container type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants