[pmg-devel] [PATCH pmg-api/pmg-gui] expand TLS Destination Policy

Dominik Csapak d.csapak at proxmox.com
Wed Mar 11 15:53:05 CET 2020 

looked at and tested, works so far and code looks good
2 points i want to mention:

1. postfix talks about the syntax [ipv6:<ipv6-address>]
and says ipv6 adresses must be written this way, but it does not
actually enforce it. i guess it would be good to also allow
that syntax just for completeness (e.g. if users edit the
transport map manually) but this is more tangetially related

2. in patch pmg-api 2/2 you could have both domain and destination
filled in during the 'read_tls_policy' sub, instead of the api
call, but since we want to remove this anyway, it does not hurt

Tested-by: Dominik Csapak <d.csapak at proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak at proxmox.com>

On 3/4/20 10:31 AM, Stoiko Ivanov wrote:
> The following patchset addresses #1948, and allows users to specify next-hop
> destinations (as defined in the transports (5) table) in additions to domains
> in the tls_policy table. This is needed if you want to set a specific TLS
> policy for a downstream server (from PMG's perspective) - e.g. if you need
> to ensure encrypted communication with your mailserver (or if your mailservers'
> TLS implementation is a broken or outdated and you need to disable TLS for it)
> 
> The minimal fix is contained in the first patch for pmg-api.
> 
> The remaining patches rename the used 'domain' property into 'destination',
> since it's more fitting. I tried to maintain backward compatibility on the API
> level - but would be grateful for suggestions of alternatives.
> 
> 
> pmg-api:
> Stoiko Ivanov (2):
>    fix #1948: allow setting TLS policy for transports
>    TLSPolicy: rename domain to destination
> 
>   src/PMG/API2/DestinationTLSPolicy.pm | 82 +++++++++++++++++-----------
>   src/PMG/Config.pm                    | 34 +++++++++---
>   2 files changed, 77 insertions(+), 39 deletions(-)
> 
> pmg-gui:
> Stoiko Ivanov (2):
>    TLSDomains: rename domain to destination
>    rename TLSDomain to TLSDestination
> 
>   ...Domains.js => MailProxyTLSDestinations.js} | 32 +++++++++----------
>   js/MailProxyTLSPanel.js                       |  8 ++---
>   js/Makefile                                   |  2 +-
>   3 files changed, 21 insertions(+), 21 deletions(-)
>   rename js/{MailProxyTLSDomains.js => MailProxyTLSDestinations.js} (81%)
>

More information about the pmg-devel mailing list