On Wed, Feb 10, 2016 at 07:11:46PM +0000, Eray Aslan wrote:
> On Wed, Feb 10, 2016 at 06:04:59PM +0000, Viktor Dukhovni wrote:
> > Well "postfix tls enable-client|server" already checks whether the
> > key client or server TLS settings are at their defaults, and if
> > not only suggests recommended settings without making any changes.
> >
> > Are you looking to avoid the "noisy" suggestions?
>
> Yes. I am trying to avoid lots of -essentially useless once you
> configure tls- output each time there is a postfix upgrade.
>
> > This is indeed one of the goals of the new feature, but I thought
> > that for now (and perhaps long-term) this should be left up to
> > distributions, which install Postfix packages, rather than Postfix
> > itself.
>
> This is something that will make my life easier as postfix maintainer
> for Gentoo. No big deal if the answer is no. However, duplicating
> postfix tls effort seems suboptimal.
Sounds like a fair request. Your patch looks correct, and includes
a documentation update, so it stands a reasonable chance of getting
adopted. The only thing I might change in the below:
+# .IP "\fBall-default-client\fR"
+# Return 0 if all SMTP client TLS settings are at their default
+# values. Otherwise, return 1.
+# .IP "\fBall-default-server\fR"
+# Return 0 if all SMTP server TLS settings are at their default
+# values. Otherwise, return 1.
is that you say "Return 0", but really that's the exit code, whereas
for a shell command, "Return 0" might be misread as "output 0".
So perhaps it should say:
# .IP "\fBall-default-client\fR"
# Exit with a 0 (success) status code if all SMTP client TLS settings
# are at their default values. Otherwise, the exit code is non-zero.
# .IP "\fBall-default-server\fR"
# Exit with a 0 (success) status code if some SMTP server TLS settings
# are at their default values. Otherwise, the exit code is non-zero.
--
Viktor.