summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/systemd
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP/files/etc/systemd')
-rw-r--r--roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service25
-rw-r--r--roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.socket8
2 files changed, 33 insertions, 0 deletions
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
new file mode 100644
index 0000000..3ac0b31
--- /dev/null
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Dovecot authentication proxy
+After=dovecot.target
+Requires=dovecot-auth-proxy.socket
+
+[Service]
+User=_dovecot-auth-proxy
+StandardInput=null
+SyslogFacility=mail
+ExecStart=/usr/local/bin/dovecot-auth-proxy.pl
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX
+
+[Install]
+WantedBy=multi-user.target
+Also=postfix-sender-login.socket
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.socket b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.socket
new file mode 100644
index 0000000..6dee91a
--- /dev/null
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.socket
@@ -0,0 +1,8 @@
+[Socket]
+SocketUser=dovecot
+SocketGroup=dovecot
+SocketMode=0600
+ListenStream=/run/dovecot/auth-proxy
+
+[Install]
+WantedBy=sockets.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 15:50:13 +0000