summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service')
-rw-r--r--roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
index 7e790e3..d20f9c2 100644
--- a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
@@ -1,22 +1,27 @@
[Unit]
Description=Dovecot authentication proxy
After=dovecot.target
Requires=dovecot-auth-proxy.socket
[Service]
User=vmail
Group=vmail
StandardInput=null
SyslogFacility=mail
ExecStart=/usr/local/bin/dovecot-auth-proxy.pl
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=read-only
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
RestrictAddressFamilies=
[Install]
WantedBy=multi-user.target
Also=postfix-sender-login.socket
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 21:35:38 +0000