[Unit]
Description=Dovecot authentication proxy
After=dovecot.target
Requires=dovecot-auth-proxy.socket

[Service]
User=_dovecot-auth-proxy
StandardInput=null
SyslogFacility=mail
ExecStart=/usr/local/bin/dovecot-auth-proxy.pl

# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectHome=yes
ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX

[Install]
WantedBy=multi-user.target
Also=postfix-sender-login.socket