Overview

File OpenSMTPD.service of Package OpenSMTPD

[Unit]
Description=Simple Mail Transfer Protocol daemon
After=network-online.target
ConditionFileIsExecutable=/usr/sbin/smtpd

[Service]
ExecStartPre=/usr/sbin/smtpd -n
ExecStart=/usr/sbin/smtpd
Type=forking
PIDFile=@rundir@/smtpd.pid
Restart=on-abnormal
PrivateDevices=true
ProtectSystem=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
LockPersonality=true
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@reboot
SystemCallFilter=~@sandbox
SystemCallFilter=~@swap
SystemCallFilter=~memfd_create
CapabilityBoundingSet=~CAP_AUDIT_CONTROL
CapabilityBoundingSet=~CAP_AUDIT_READ
CapabilityBoundingSet=~CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND
CapabilityBoundingSet=~CAP_BPF
CapabilityBoundingSet=~CAP_CHECKPOINT_RESTORE
CapabilityBoundingSet=~CAP_DAC_OVERRIDE
CapabilityBoundingSet=~CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_IPC_OWNER
CapabilityBoundingSet=~CAP_KILL
CapabilityBoundingSet=~CAP_LEASE
CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE
CapabilityBoundingSet=~CAP_MAC_ADMIN
CapabilityBoundingSet=~CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_MKNOD
CapabilityBoundingSet=~CAP_NET_ADMIN
CapabilityBoundingSet=~CAP_NET_RAW
CapabilityBoundingSet=~CAP_PERFMON
CapabilityBoundingSet=~CAP_SETFCAP
CapabilityBoundingSet=~CAP_SETPCAP
CapabilityBoundingSet=~CAP_SYSLOG
CapabilityBoundingSet=~CAP_SYS_BOOT
CapabilityBoundingSet=~CAP_SYS_MODULE
CapabilityBoundingSet=~CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_SYS_PTRACE
CapabilityBoundingSet=~CAP_SYS_RAWIO
CapabilityBoundingSet=~CAP_SYS_TIME
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_WAKE_ALARM
RestrictAddressFamilies=~AF_APPLETALK
RestrictAddressFamilies=~AF_AX25
RestrictAddressFamilies=~AF_BLUETOOTH
RestrictAddressFamilies=~AF_CAN
RestrictAddressFamilies=~AF_DECnet
RestrictAddressFamilies=~AF_IB
RestrictAddressFamilies=~AF_IPX
RestrictAddressFamilies=~AF_KCM
RestrictAddressFamilies=~AF_LLC
RestrictAddressFamilies=~AF_MPLS
RestrictAddressFamilies=~AF_PACKET
RestrictAddressFamilies=~AF_PPPOX
RestrictAddressFamilies=~AF_RDS
RestrictAddressFamilies=~AF_TIPC
RestrictAddressFamilies=~AF_VSOCK
RestrictAddressFamilies=~AF_X25
RestrictAddressFamilies=~AF_XDP
RestrictNamespaces=~cgroup
RestrictNamespaces=~ipc
RestrictNamespaces=~mnt
RestrictNamespaces=~net
RestrictNamespaces=~pid
RestrictNamespaces=~user
RestrictNamespaces=~uts
MemoryDenyWriteExecute=true
InaccessiblePaths=/dev/shm
NoNewPrivileges=true
RestrictSUIDSGID=true
IPAddressDeny=multicast

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places