Re: [Dbmail] dbmail init systemd

Admin Beckspaced Sun, 17 Jul 2016 03:16:51 -0700

i already postet the impad-unit while the others are identical expect
lmtpd needs access to /var/spool . anyways, attached


-------------- next part --------------
[Unit]
Description=DBMail SIEVE Server
After=network.service systemd-networkd.service network-online.target 
mysqld.service mysqld-dbmail.service

[Service]
Type=simple
ExecStart=/usr/sbin/dbmail-timsieved -D
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutStopSec=5
LimitNOFILE=50000

PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE 
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK 
AF_PACKET AF_X25
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module 
fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents 
iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie 
mbind migrate_pages mount move_pages open_by_handle_at perf_event_open 
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages 
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice

ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/tmp
ReadWriteDirectories=-/var/log

InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/spool

# ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes 
--log-file=/var/log/valgrind/timsieved.log /usr/sbin/dbmail-timsieved -D
# ExecStart=/usr/bin/valgrind --tool=helgrind 
--log-file=/var/log/valgrind/timsieved.log /usr/sbin/dbmail-timsieved -D

[Install]
WantedBy=multi-user.target
-------------- next part --------------
[Unit]
Description=DBMail POP3 Server
After=network.service systemd-networkd.service network-online.target 
mysqld.service mysqld-dbmail.service
Before=dovecot.service

[Service]
Type=simple
ExecStart=/usr/sbin/dbmail-pop3d -D
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutStopSec=5
LimitNOFILE=50000
# TasksMax=2048

PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE 
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK 
AF_PACKET AF_X25
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module 
fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents 
iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie 
mbind migrate_pages mount move_pages open_by_handle_at perf_event_open 
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages 
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice

ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/tmp
ReadWriteDirectories=-/var/log

InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/spool

# ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes 
--log-file=/var/log/valgrind/pop3d.log /usr/sbin/dbmail-pop3d -D
# ExecStart=/usr/bin/valgrind --tool=helgrind 
--log-file=/var/log/valgrind/pop3d.log /usr/sbin/dbmail-pop3d -D

[Install]
WantedBy=multi-user.target
-------------- next part --------------
[Unit]
Description=DBMail LMTP Server
After=network.service systemd-networkd.service network-online.target 
mysqld.service mysqld-dbmail.service

[Service]
Type=simple
ExecStart=/usr/sbin/dbmail-lmtpd -D
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
TimeoutStopSec=5
LimitNOFILE=50000

PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE 
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_PACKET AF_X25
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module 
fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents 
iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie 
mbind migrate_pages mount move_pages open_by_handle_at perf_event_open 
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages 
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice

ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/tmp
ReadWriteDirectories=-/var/log
ReadWriteDirectories=-/var/spool/postfix
ReadWriteDirectories=-/var/lib/postfix

InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum

# ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes 
--log-file=/var/log/valgrind/lmtpd.log /usr/sbin/dbmail-lmtpd -D
# ExecStart=/usr/bin/valgrind --tool=helgrind 
--log-file=/var/log/valgrind/lmtpd.log /usr/sbin/dbmail-lmtpd -D

[Install]
WantedBy=multi-user.target
-------------- next part --------------
[Unit]
Description=DBMail IMAP Server
After=network.service systemd-networkd.service network-online.target 
mysqld.service mysqld-dbmail.service
Before=dovecot.service

[Service]
Type=simple
ExecStart=/usr/sbin/dbmail-imapd -D
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
StartLimitBurst=100
TimeoutStopSec=5
LimitNOFILE=50000
# TasksMax=2048

PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE 
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX AF_NETLINK 
AF_PACKET AF_X25
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module 
fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents 
iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie 
mbind migrate_pages mount move_pages open_by_handle_at perf_event_open 
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages 
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice

ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/tmp
ReadWriteDirectories=-/var/log

InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/spool

# ExecStart=/usr/bin/valgrind --tool=memcheck --leak-check=yes 
--log-file=/var/log/valgrind/imapd.log /usr/sbin/dbmail-imapd -D
# ExecStart=/usr/bin/valgrind --tool=helgrind 
--log-file=/var/log/valgrind/imapd.log /usr/sbin/dbmail-imapd -D

[Install]
WantedBy=multi-user.target

thanks a lot for sharing. makes my tiny sysadmin life a lot easier ;)

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Re: [Dbmail] dbmail init systemd

Reply via email to