systemd service file for rootless Exim on Debian Bullseye

exim4.conf

[Unit]
Description=Exim Mail Transport Agent
After=network.target

[Service]
EnvironmentFile=-/etc/default/exim4
PIDFile=/run/exim4/exim.pid
ExecStartPre=+chmod u-s /usr/sbin/exim4
ExecStartPre=+chmod g+r /etc/exim4/exim4.conf
ExecStartPre=+chgrp Debian-exim /etc/exim4/exim4.conf
ExecStartPre=+chown Debian-exim /var/log/exim4/paniclog
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/sbin/exim4 -bd -q${QFLAGS}${QUEUEINTERVAL} $COMMONOPTIONS $QUEUERUNNEROPTIONS $SMTPLISTENEROPTIONS
User=Debian-exim
Group=Debian-exim
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
NoNewPrivileges=true
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target