From: Maksim Usmanov <maks@adw.es>
To: pmg-devel@lists.proxmox.com
Cc: maks <maks@adw.es>
Subject: [PATCH] fix #7476: config: allow TLS policy nexthops with port
Date: Sat, 2 May 2026 10:02:12 +0200 [thread overview]
Message-ID: <20260502080212.30722-1-maks@adw.es> (raw)
From: maks <maks@adw.es>
Postfix smtp_tls_policy_maps require an exact nexthop match. When a
transport uses an explicit port (e.g. smtp:[1.2.3.4]:25), the TLS
policy key must include the port as well.
The previous validation used a greedy regex, causing bracketed
addresses with a port to fail validation.
Handle bracketed nexthops ([host] or [host]:port) and unbracketed
nexthops (host or host:port) explicitly.
Signed-off-by: Maksim Usmanov <maks@adw.es>
---
src/PMG/Config.pm | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 495fe70..91fe8ac 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1196,19 +1196,15 @@ sub pmg_verify_transport_domain_or_nexthop {
if (pmg_verify_transport_domain($name, 1)) {
return $name;
- } elsif ($name =~ m/^(\S+)(?::\d+)?$/) {
- my $nexthop = $1;
- if ($nexthop =~ m/^\[(.*)\]$/) {
- $nexthop = $1;
- }
- return $name if pmg_verify_transport_address($nexthop, 1);
- # else fall through, because it is a failure
+ } elsif ($name =~ m/^\[([^\]]+)\](?::\d+)?$/) {
+ return $name if pmg_verify_transport_address($1, 1);
+ } elsif ($name =~ m/^([^:\s]+)(?::\d+)?$/) {
+ return $name if pmg_verify_transport_address($1, 1);
}
return undef if $noerr;
die "value does not look like a valid domain or next-hop\n";
}
-
sub read_tls_policy {
my ($filename, $fh) = @_;
--
2.53.0
reply other threads:[~2026-05-02 8:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260502080212.30722-1-maks@adw.es \
--to=maks@adw.es \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.