[pmg-devel] [PATCH pmg-api/pmg-gui v2 0/5] expand TLS Destination Policy and improve lmtp downstream handling

Stoiko Ivanov s.ivanov at proxmox.com
Wed Mar 18 11:23:41 CET 2020

changes v1->v2:
* incorporated Dominik's feedback w.r.t. the optional 'ipv6:' prefix for
  literal ipv6 addresses (both for 'transport' and 'tls_policy' - huge thanks!
* while testing noted that the rendering of transports with literal ipv6
  addresses was wrong in case the downstream protocol was 'lmtp'
* while testing setting tls policies for lmtp noticed that postfix has
  distinct configuration parameters for lmtp and tls support - added those
  to the main.cf.in template (explicitly setting them to the value for the
  smtp client)
* fixed an oversight in regex subexpression matching

cover-letter of v1:
The following patchset addresses #1948, and allows users to specify next-hop
destinations (as defined in the transports (5) table) in additions to domains
in the tls_policy table. This is needed if you want to set a specific TLS
policy for a downstream server (from PMG's perspective) - e.g. if you need
to ensure encrypted communication with your mailserver (or if your mailservers'
TLS implementation is a broken or outdated and you need to disable TLS for it)

The minimal fix is contained in the first patch for pmg-api.

The remaining patches rename the used 'domain' property into 'destination',
since it's more fitting. I tried to maintain backward compatibility on the API
level - but would be grateful for suggestions of alternatives.

Stoiko Ivanov (5):
  fix rendering of ipv(4|6) literal lmtp transports
  allow for optional 'ipv6:' prefix in transports
  fix #1948: allow setting TLS policy for transports
  TLSPolicy: rename domain to destination
  Add tls options for lmtp to main.cf template

 src/PMG/API2/DestinationTLSPolicy.pm | 82 +++++++++++++++++-----------
 src/PMG/API2/Transport.pm            |  4 +-
 src/PMG/Config.pm                    | 70 ++++++++++++++++++------
 src/templates/main.cf.in             |  6 ++
 4 files changed, 112 insertions(+), 50 deletions(-)

Stoiko Ivanov (2):
  TLSDomains: rename domain to destination
  rename TLSDomain to TLSDestination

 ...Domains.js => MailProxyTLSDestinations.js} | 32 +++++++++----------
 js/MailProxyTLSPanel.js                       |  8 ++---
 js/Makefile                                   |  2 +-
 3 files changed, 21 insertions(+), 21 deletions(-)
 rename js/{MailProxyTLSDomains.js => MailProxyTLSDestinations.js} (81%)


More information about the pmg-devel mailing list