Last active
December 15, 2016 12:19
-
-
Save lucaswerkmeister/cffd9ee2bb562695981154cfc0b85e32 to your computer and use it in GitHub Desktop.
systemd configuration files for OpenDMARC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/opendmarc.service | |
| [Unit] | |
| Description=OpenDMARC email validation system | |
| Documentation=man:opendmarc(8) man:opendmarc.conf(5) man:opendmarc-import(8) man:opendmarc-reports(8) http://www.trusteddomain.org/opendmarc/ | |
| After=network.target nss-lookup.target | |
| [Service] | |
| RuntimeDirectory=opendmarc | |
| Type=forking | |
| PIDFile=/run/opendmarc/opendmarc.pid | |
| User=opendmarc | |
| ExecStart=/usr/sbin/opendmarc -u opendmarc -P /run/opendmarc/opendmarc.pid | |
| Restart=on-failure | |
| ExecReload=/bin/kill -USR1 $MAINPID | |
| # not allowed to write anywhere | |
| ReadOnlyDirectories=/ | |
| # ...except: | |
| # PidFile (-P); cf. RuntimeDirectory=opendmarc | |
| ReadWriteDirectories=/run/opendmarc | |
| # TemporaryDirectory (default); cf. PrivateTmp=yes | |
| ReadWriteDirectories=/var/tmp | |
| # HistoryFile | |
| ReadWriteDirectories=/var/log/opendmarc | |
| # Socket | |
| ReadWriteDirectories=/var/spool/postfix/opendmarc | |
| # custom /tmp, /var/tmp, /dev | |
| PrivateTmp=yes | |
| PrivateDevices=yes | |
| # read-only system directories | |
| ProtectSystem=full | |
| # no home at all | |
| ProtectHome=yes | |
| # no setuid, no sticky bit | |
| NoNewPrivileges=yes | |
| # only a few address families: | |
| # Socket for communication with sendmail | |
| RestrictAddressFamilies=AF_UNIX | |
| # IPv4 for DNS (_dmarc.domain) | |
| RestrictAddressFamilies=AF_INET | |
| # IPv6 for DNS (_dmarc.domain) | |
| RestrictAddressFamilies=AF_INET6 | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
opendmarcconfiguration notes:PidFileandUserIdspecifications in the configuration file can be removed, since the command line arguments toopendmarc(seeExecStart=) override them./etc/opendmarc.conf, not in/etc/defaults/opendmarc.ReadWriteDirectories=directives assume aSocketin/var/spool/postfix/opendmarcand aHistoryFilein/var/log/opendmarc. Adjust the paths to your setup as necessary.