From 2bad7a14bed49d41c5ab41693ad8c9b61be7cfd4 Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Sat, 12 Nov 2022 11:37:56 +0000 Subject: [PATCH] etc: Simplify default config by removing systemd sockets Having systemd open sockets and pass them to chasquid is neat, but also adds some complexity to the default config, for very little value in practice. This patch simplifies the default config by having chasquid open the sockets instead. Note that systemd file descriptor passing continues to be supported, and existing installations will not be affected. --- etc/chasquid/chasquid.conf | 6 +++--- etc/systemd/system/chasquid-smtp.socket | 11 ----------- etc/systemd/system/chasquid-submission.socket | 11 ----------- etc/systemd/system/chasquid-submission_tls.socket | 11 ----------- etc/systemd/system/chasquid.service | 6 +++--- 5 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 etc/systemd/system/chasquid-smtp.socket delete mode 100644 etc/systemd/system/chasquid-submission.socket delete mode 100644 etc/systemd/system/chasquid-submission_tls.socket diff --git a/etc/chasquid/chasquid.conf b/etc/chasquid/chasquid.conf index 5f9f94e..cd18579 100644 --- a/etc/chasquid/chasquid.conf +++ b/etc/chasquid/chasquid.conf @@ -14,19 +14,19 @@ # Default: "systemd", which means systemd passes sockets to us. # systemd sockets must be named with "FileDescriptorName=smtp". #smtp_address: "systemd" -#smtp_address: ":25" +smtp_address: ":25" # Addresses to listen on for submission (usually port 587). # Default: "systemd", which means systemd passes sockets to us. # systemd sockets must be named with "FileDescriptorName=submission". #submission_address: "systemd" -#submission_address: ":587" +submission_address: ":587" # Addresses to listen on for submission-over-TLS (usually port 465). # Default: "systemd", which means systemd passes sockets to us. # systemd sockets must be named with "FileDescriptorName=submission_tls". #submission_over_tls_address: "systemd" -#submission_over_tls_address: ":465" +submission_over_tls_address: ":465" # Address for the monitoring http server. # Do NOT expose this to the public internet. diff --git a/etc/systemd/system/chasquid-smtp.socket b/etc/systemd/system/chasquid-smtp.socket deleted file mode 100644 index dfb37dd..0000000 --- a/etc/systemd/system/chasquid-smtp.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=chasquid mail daemon (SMTP sockets) - -[Socket] -ListenStream=25 -FileDescriptorName=smtp -Service=chasquid.service - -[Install] -WantedBy=chasquid.target - diff --git a/etc/systemd/system/chasquid-submission.socket b/etc/systemd/system/chasquid-submission.socket deleted file mode 100644 index f182f6d..0000000 --- a/etc/systemd/system/chasquid-submission.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=chasquid mail daemon (submission sockets) - -[Socket] -ListenStream=587 -FileDescriptorName=submission -Service=chasquid.service - -[Install] -WantedBy=chasquid.target - diff --git a/etc/systemd/system/chasquid-submission_tls.socket b/etc/systemd/system/chasquid-submission_tls.socket deleted file mode 100644 index 3d8e0c9..0000000 --- a/etc/systemd/system/chasquid-submission_tls.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=chasquid mail daemon (submission over TLS sockets) - -[Socket] -ListenStream=465 -FileDescriptorName=submission_tls -Service=chasquid.service - -[Install] -WantedBy=chasquid.target - diff --git a/etc/systemd/system/chasquid.service b/etc/systemd/system/chasquid.service index 4c98ea3..8f44cac 100644 --- a/etc/systemd/system/chasquid.service +++ b/etc/systemd/system/chasquid.service @@ -1,8 +1,5 @@ [Unit] Description=chasquid mail daemon (service) -Requires=chasquid-smtp.socket \ - chasquid-submission.socket \ - chasquid-submission_tls.socket [Service] ExecStart=/usr/local/bin/chasquid \ @@ -17,6 +14,9 @@ Restart=always User=mail Group=mail +# Let chasquid listen on ports < 1024. +AmbientCapabilities=CAP_NET_BIND_SERVICE + # Simple security measures just in case. ProtectSystem=full