[pmg-devel] [PATCH pmg-api/pmg-gui] expand TLS Destination Policy

Stoiko Ivanov s.ivanov at proxmox.com
Tue Mar 17 12:28:44 CET 2020 

Thanks for the review and tests!

On Wed, Mar 11, 2020 at 03:53:05PM +0100, Dominik Csapak wrote:
> looked at and tested, works so far and code looks good
> 2 points i want to mention:
> 
> 1. postfix talks about the syntax [ipv6:<ipv6-address>]
> and says ipv6 adresses must be written this way, but it does not
> actually enforce it. i guess it would be good to also allow
> that syntax just for completeness (e.g. if users edit the
> transport map manually) but this is more tangetially related
good point! (will send an updated v2 with the whole /etc/pmg/transport
parsing adapted - to support it there as well)

> 
> 2. in patch pmg-api 2/2 you could have both domain and destination
> filled in during the 'read_tls_policy' sub, instead of the api
> call, but since we want to remove this anyway, it does not hurt
took a look - see the point of 1 line in Config.pm vs. 2 lines in
API/Transport.pm - but OTOH the backward-compatibility code is quite a few
lines more - and that way it's kept to one source-file - which I would
prefer.
so would leave that as is if you're ok with it?

> 
> Tested-by: Dominik Csapak <d.csapak at proxmox.com>
> Reviewed-by: Dominik Csapak <d.csapak at proxmox.com>
> 
> On 3/4/20 10:31 AM, Stoiko Ivanov wrote:
> > The following patchset addresses #1948, and allows users to specify next-hop
> > destinations (as defined in the transports (5) table) in additions to domains
> > in the tls_policy table. This is needed if you want to set a specific TLS
> > policy for a downstream server (from PMG's perspective) - e.g. if you need
> > to ensure encrypted communication with your mailserver (or if your mailservers'
> > TLS implementation is a broken or outdated and you need to disable TLS for it)
> > 
> > The minimal fix is contained in the first patch for pmg-api.
> > 
> > The remaining patches rename the used 'domain' property into 'destination',
> > since it's more fitting. I tried to maintain backward compatibility on the API
> > level - but would be grateful for suggestions of alternatives.
> > 
> > 
> > pmg-api:
> > Stoiko Ivanov (2):
> >    fix #1948: allow setting TLS policy for transports
> >    TLSPolicy: rename domain to destination
> > 
> >   src/PMG/API2/DestinationTLSPolicy.pm | 82 +++++++++++++++++-----------
> >   src/PMG/Config.pm                    | 34 +++++++++---
> >   2 files changed, 77 insertions(+), 39 deletions(-)
> > 
> > pmg-gui:
> > Stoiko Ivanov (2):
> >    TLSDomains: rename domain to destination
> >    rename TLSDomain to TLSDestination
> > 
> >   ...Domains.js => MailProxyTLSDestinations.js} | 32 +++++++++----------
> >   js/MailProxyTLSPanel.js                       |  8 ++---
> >   js/Makefile                                   |  2 +-
> >   3 files changed, 21 insertions(+), 21 deletions(-)
> >   rename js/{MailProxyTLSDomains.js => MailProxyTLSDestinations.js} (81%)
> > 
> 
>

More information about the pmg-devel mailing list