postfix tls feature request

[Eray Aslan]

I am looking for a quick way to determine whether the client and server
tls setting are at their default values.  Something similar to the
attached patch perhaps.

Use case: If ssl support is requested by the user, I am hoping to issue

  postfix tls all-default-client && postfix tls enable-client
  postfix tls all-default-server && postfix tls enable-server

and enable tls out of the box during installation.

-- 
Eray

--- a/conf/postfix-tls-script	2016-02-10 12:13:55.686879914 +0000
+++ b/conf/postfix-tls-script	2016-02-10 13:55:10.133778381 +0000
@@ -143,6 +143,12 @@
 # .sp
 #	The default \fIkeyfile\fR list consists of the two supported
 #	algorithms \fBrsa\fR and \fBecdsa\fR.
+# .IP "\fBall-default-client\fR"
+#	Return 0 if all	SMTP client TLS settings are at their default
+#	values.  Otherwise, return 1.
+# .IP "\fBall-default-server\fR"
+#	Return 0 if all	SMTP server TLS settings are at their default
+#	values.  Otherwise, return 1.
 # CONFIGURATION PARAMETERS
 # .ad 
 # .fi
@@ -219,6 +225,10 @@
 ERROR="$LOGGER -p error"
 FATAL="$LOGGER -p fatal"
 
+# smtp/smtpd settings to check (tls at default?)
+client_settings="use_tls enforce_tls tls_enforce_peername tls_security_level tls_cert_file"
+server_settings="use_tls enforce_tls tls_security_level tls_cert_file"
+
 #
 # Can't do much without these in place.
 #
@@ -781,8 +791,7 @@
 }
 
 enable_client() {
-    if all_default smtp_ \
-	use_tls enforce_tls tls_enforce_peername tls_security_level tls_cert_file
+    if all_default smtp_ ${client_settings}
     then
 	set -- \
 	    "smtp_tls_security_level = may" \
@@ -810,8 +819,7 @@
     algo=$1; shift
     bits=$1; shift
 
-    if all_default smtpd_ \
-	use_tls enforce_tls tls_security_level tls_cert_file
+    if all_default smtpd_ ${server_settings}
     then
 	# algo bits keyfile deploy [hostnames ...]
 	new_server_cert "${algo}" "${bits}" "" "enable" "$@" || return 1
@@ -1041,9 +1049,33 @@
 	fi
 	;;
 
+all-default-client)
+	cmd=$1; shift; OPTIND=1
+
+	# No arguments for all-default-client
+	if [ $# -ge "${OPTIND}" ]; then
+	    $FATAL "usage: postfix tls $cmd"
+	    exit 1
+	fi
+
+	all_default smtp_ ${client_settings} || exit 1
+	;;
+
+all-default-server)
+	cmd=$1; shift; OPTIND=1
+
+	# No arguments for all-default-server
+	if [ $# -ge "${OPTIND}" ]; then
+	    $FATAL "usage: postfix tls $cmd"
+	    exit 1
+	fi
+
+	all_default smtpd_ ${server_settings} || exit 1
+	;;
+
 *)
 	$ERROR "unknown tls command: '$1'"
-	$FATAL "usage: postfix tls enable-client (or enable-server, new-server-key, new-server-cert, deploy-server-cert, output-server-csr, output-server-tlsa)"
+	$FATAL "usage: postfix tls enable-client (or enable-server, new-server-key, new-server-cert, deploy-server-cert, output-server-csr, output-server-tlsa, all-default-client, all-default-server)"
 	exit 1
 	;;