summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP/files/etc')
-rw-r--r--roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service10
1 files changed, 4 insertions, 6 deletions
diff --git a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
index d20f9c2..3ac0b31 100644
--- a/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
+++ b/roles/IMAP/files/etc/systemd/system/dovecot-auth-proxy.service
@@ -4,8 +4,7 @@ After=dovecot.target
Requires=dovecot-auth-proxy.socket
[Service]
-User=vmail
-Group=vmail
+User=_dovecot-auth-proxy
StandardInput=null
SyslogFacility=mail
ExecStart=/usr/local/bin/dovecot-auth-proxy.pl
@@ -13,14 +12,13 @@ ExecStart=/usr/local/bin/dovecot-auth-proxy.pl
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
-ProtectSystem=strict
-ProtectHome=read-only
-PrivateDevices=yes
PrivateNetwork=yes
+ProtectHome=yes
+ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
-RestrictAddressFamilies=
+RestrictAddressFamilies=AF_UNIX
[Install]
WantedBy=multi-user.target