-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathspammer-reporter.service
More file actions
46 lines (37 loc) · 1.09 KB
/
Copy pathspammer-reporter.service
File metadata and controls
46 lines (37 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
[Unit]
Description=Report received spam email to SpamCop / GMail / SendGrid
[Service]
Environment="DBUS_TO_USE=system"
Environment="CONFIG=/etc/spammer-block/reporter.conf"
ExecStart=/usr/libexec/spammer-block/bin/python /usr/libexec/spammer-block/bin/spammer-reporter-service $DBUS_TO_USE --config $CONFIG
Type=notify
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_DAC_READ_SEARCH CAP_IPC_LOCK CAP_SYS_NICE
NotifyAccess=main
WatchdogSec=20s
Restart=on-failure
StandardOutput=journal
StandardError=journal
# From low-memory-monitor.service:
CPUSchedulingPolicy=fifo
CPUSchedulingPriority=1
# Filesystem lockdown
ProtectSystem=strict
PrivateDevices=true
ProtectControlGroups=true
# NOTE: Cannot protect homes as they may contain mail!
#ProtectHome=true
PrivateTmp=true
# Network
# NOTE: Need system services, like SMTPd in TCP/25
#PrivateNetwork=true
RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK AF_INET AF_INET6
# Execute Mappings
MemoryDenyWriteExecute=true
# Modules
ProtectKernelModules=true
# Real-time
RestrictRealtime=true
# Privilege escalation
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target