summaryrefslogtreecommitdiffstats
path: root/roles/MSA/files/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-02 14:12:26 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-02 14:12:32 +0200
commit1395cc86969823d9972517833c614becba8660a0 (patch)
tree679715cf69e88560a83e438a7bf9dc7c18d13e0a /roles/MSA/files/etc
parent6dc22513d0e978993c200bd39786cf932c311159 (diff)
move postfix-sender-login.{service,socket} to files/.
Diffstat (limited to 'roles/MSA/files/etc')
-rw-r--r--roles/MSA/files/etc/systemd/system/postfix-sender-login.service23
-rw-r--r--roles/MSA/files/etc/systemd/system/postfix-sender-login.socket8
2 files changed, 31 insertions, 0 deletions
diff --git a/roles/MSA/files/etc/systemd/system/postfix-sender-login.service b/roles/MSA/files/etc/systemd/system/postfix-sender-login.service
new file mode 100644
index 0000000..3ceb310
--- /dev/null
+++ b/roles/MSA/files/etc/systemd/system/postfix-sender-login.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Postfix sender login socketmap
+After=mail-transport-agent.target
+Requires=postfix-sender-login.socket
+
+[Service]
+User=postfix
+Group=postfix
+StandardInput=null
+SyslogFacility=mail
+ExecStart=/usr/local/bin/postfix-sender-login.pl
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+RestrictAddressFamilies=AF_UNIX
+
+[Install]
+WantedBy=multi-user.target
+Also=postfix-sender-login.socket
diff --git a/roles/MSA/files/etc/systemd/system/postfix-sender-login.socket b/roles/MSA/files/etc/systemd/system/postfix-sender-login.socket
new file mode 100644
index 0000000..e8d99b5
--- /dev/null
+++ b/roles/MSA/files/etc/systemd/system/postfix-sender-login.socket
@@ -0,0 +1,8 @@
+[Socket]
+SocketUser=postfix
+SocketGroup=postfix
+SocketMode=0600
+ListenStream=/var/spool/postfix-msa/private/sender-login
+
+[Install]
+WantedBy=sockets.target