summaryrefslogtreecommitdiff
path: root/mail-mta/postfix/files/postfix.service
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /mail-mta/postfix/files/postfix.service
reinit the tree, so we can have metadata
Diffstat (limited to 'mail-mta/postfix/files/postfix.service')
-rw-r--r--mail-mta/postfix/files/postfix.service26
1 files changed, 26 insertions, 0 deletions
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service
new file mode 100644
index 000000000000..db585b3e29db
--- /dev/null
+++ b/mail-mta/postfix/files/postfix.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Postfix Mail Transport Agent
+After=network.target
+
+[Service]
+Type=forking
+ExecStartPre=-/usr/bin/newaliases
+ExecStart=/usr/sbin/postfix start
+ExecStop=/usr/sbin/postfix stop
+ExecReload=/usr/sbin/postfix reload
+# Hardening
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ReadWritePaths=-/etc/mail/aliases.db
+CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 17:35:13 +0000