feat(container): update image ghcr.io/foxcpp/maddy ( 0.7.1 → 0.8.1 )

[lord-of-lightning-bot]

This PR contains the following updates:

Package	Update	Change
ghcr.io/foxcpp/maddy (source)	minor	0.7.1 -> 0.8.1

---

Release Notes

foxcpp/maddy (ghcr.io/foxcpp/maddy)

v0.8.1: maddy 0.8.1

Compare Source

This release includes target.smtp STARTTLS change that originally should have been included in 0.8.0 but was accidentally reverted.

Build attestation

Release artifacts built via GitHub Actions run https://github.com/foxcpp/maddy/actions/runs/12964852891

SLSA Build Attestation for x86_64 linux-musl build: https://github.com/foxcpp/maddy/attestations/4622297
SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4622340

v0.8.0: maddy 0.8.0

Compare Source

Important changes

Go 1.23

maddy now requires Go 1.23 toolchain to build. "go" command in Go 1.21+
will automatically download newer toolchain if necessary.

SASL LOGIN disabled by default

Obsolete SASL LOGIN mechanism is no longer enabled by default. To re-enable
its support, use sasl_login directive in endpoint configuration.

STARTTLS plaintext fallback removed in target.smtp

⚠️ The change is accidentally not included in 0.8, see 0.8.1

If STARTTLS support is requested for connection in target.smtp
and the target server does not support STARTTLS message will not be
sent over plaintext connection.

This change does not affect outbound delivery via MX records/port 25.
The default configuration for these is to require TLS (even if the certificate is invalid)

• this is controlled by min_tls_level encrypted in configuration.

require_tls directive is deprecated and will be removed in a future release.
attempt_starttls directive is deprecated and is equivalent to
the newly added starttls directive.

STARTTLS plaintext fallback in target.remote is more strict

If STARTTLS command is rejected by the remote server or connection error
happens before STARTTLS completes (that is, no TLS handshake takes place)
then unauthenticated TLS or plaintext fallback is no longer attempted.

New features

PROXY protocol support

Thanks @​drdaeman for the work!

maddy now supports HAProxy PROXY protocol for IMAP and SMTP endpoints
via proxy_protocol directive. Both v1 (text) and v2 (binary) versions
are supported. There is also additional support for second TLS layer
between proxy and maddy that can be configured using proxy_protocol.tls
directive.

RFC 2136 libdns provider

Built-in ACME client can be configured to set DNS-01 challenge records
using RFC 2136 protocol.

Support is not compiled-in by default and should be enabled using
libdns_rfc2136 build tag.

ACME-DNS libdns provider

Built-in ACME client can not be configured to delegate DNS-01 challenge
to the https://github.com/joohoi/acme-dns server.

Support should be enabled via libdns_acmedns build tag.

Bug fixes

• check.milter can now connect to milters using Unix sockets (PR #​622) (Thanks @​mmatous!).
• libdns/gandi: Upgraded to the latest version of gandi libdns, which fixes an issue where new records could not be created (PR #​673).
• Add missing global tls_client directive (Issue #​674).
• target/remote: Improve handling of stale connections in pool to prevent resource leaks (Issue #​675).
• modify/replace_sender: Support replacing empty MAIL FROM addresses.
• target/queue: Fix infinite retries after reducing max_tries (Issue #​678).
• imapsql: Fix cross compilation error (Issue #​681).
• imapsql: Make modernc.org SQLite driver usable (Issue #​723).
• config/tls: Disable TLS session tickets (Issue #​730).
• dmarc: Add support for sending from TLD domains (Issue #​736).
• tls/acme: Actually use test_ca

Misc improvements

• build: make "build.sh install" reusable (Thanks @​oidq!).
• docker: Allow to specify additional build tags via Docker build argument.
• endpoint/smtp: Recipients limit is now advertised via LIMITS SMTP extension

Build attestation

• SLSA Build Attestation for x86_64 linux-muslc build: https://github.com/foxcpp/maddy/attestations/4617983
• SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4617988

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[lord-of-lightning-bot]

--- kubernetes/apps/default/smtp-relay/app Kustomization: default/smtp-relay HelmRelease: default/smtp-relay

+++ kubernetes/apps/default/smtp-relay/app Kustomization: default/smtp-relay HelmRelease: default/smtp-relay

@@ -35,13 +35,13 @@

               SMTP_RELAY_SMTP_PORT: 25
             envFrom:
             - secretRef:
                 name: smtp-relay-secret
             image:
               repository: ghcr.io/foxcpp/maddy
-              tag: 0.7.1@sha256:6ab538e2f28baf2324f7cb418c7f9476fd9c7e9fa9b14bc3aecf51a9f6962064
+              tag: 0.8.1@sha256:55636d8a29588eea62d81d51acdafe38e0f694fb91801ab12dc1ed8c47b6439d
             probes:
               liveness:
                 enabled: true
               readiness:
                 enabled: true
             resources:

[lord-of-lightning-bot]

--- HelmRelease: default/smtp-relay Deployment: default/smtp-relay

+++ HelmRelease: default/smtp-relay Deployment: default/smtp-relay

@@ -56,13 +56,13 @@

           value: '465'
         - name: SMTP_RELAY_SMTP_PORT
           value: '25'
         envFrom:
         - secretRef:
             name: smtp-relay-secret
-        image: ghcr.io/foxcpp/maddy:0.7.1@sha256:6ab538e2f28baf2324f7cb418c7f9476fd9c7e9fa9b14bc3aecf51a9f6962064
+        image: ghcr.io/foxcpp/maddy:0.8.1@sha256:55636d8a29588eea62d81d51acdafe38e0f694fb91801ab12dc1ed8c47b6439d
         livenessProbe:
           failureThreshold: 3
           initialDelaySeconds: 0
           periodSeconds: 10
           tcpSocket:
             port: 8080

[frantathefranta]

This needs to be included in next release: foxcpp/maddy#760

[frantathefranta]

Wait until newer version comes out