diff --git a/templates/etc/systemd/user/disapp.service.j2 b/templates/etc/systemd/user/disapp.service.j2
index f5c1e249c927930a981ed5927f902521d912a743..e2ac5a511651a5ff59ec033ab1dfd23f08021912 100644
--- a/templates/etc/systemd/user/disapp.service.j2
+++ b/templates/etc/systemd/user/disapp.service.j2
@@ -41,17 +41,19 @@ OOMScoreAdjust=-900
 # documented at "man (5) systemd.exec" and
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 # DEACTIVATED FOR DEBIAN 10, AS SYSTEMD DOESN'T SEEM TO SUPPORT THEM YET.
-ProtectSystem=full
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-LockPersonality=true
-#MemoryDenyWriteExecute=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
+# KEEP DEACTIVATED IF YOU WANT TO SEND EMAILS! EXIM DOESN'T WORK WITH
+# ANY OF THESE SETTINGS IN PLACE!
+#ProtectSystem=full
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+##MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
 ## RemoveIPC=true
 ## PrivateMounts=true
 ## MountFlags=
diff --git a/templates/etc/systemd/user/subapp.service.j2 b/templates/etc/systemd/user/subapp.service.j2
index 191a2356cd02fce81d9112a6e745b0cdf913d1ed..984963fe9bec87b621a9d47198ddfb4394cc8b12 100644
--- a/templates/etc/systemd/user/subapp.service.j2
+++ b/templates/etc/systemd/user/subapp.service.j2
@@ -39,18 +39,20 @@ OOMScoreAdjust=-900
 ### Security features
 # documented at "man (5) systemd.exec" and
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-ProtectSystem=full
+# KEEP DEACTIVATED IF YOU WANT TO SEND EMAILS! EXIM DOESN'T WORK WITH
+# ANY OF THESE SETTINGS IN PLACE!
+#ProtectSystem=full
 ## ProtectHome=read-only
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-LockPersonality=true
-#MemoryDenyWriteExecute=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+##MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
 ## RemoveIPC=true
 ## PrivateMounts=true
 ## MountFlags=
diff --git a/templates/etc/systemd/user/webservice_status_SLUBarchiv.service.j2 b/templates/etc/systemd/user/webservice_status_SLUBarchiv.service.j2
index 6cbf9d2e15afcc3c43a0541b8cac493539006042..bd5a1c12183ce467a3a89975b1c6e51087080151 100644
--- a/templates/etc/systemd/user/webservice_status_SLUBarchiv.service.j2
+++ b/templates/etc/systemd/user/webservice_status_SLUBarchiv.service.j2
@@ -13,18 +13,20 @@ User={{ vault_subapp_user }}
 ### Security features
 # documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 # DEACTIVATED FOR DEBIAN 10, AS SYSTEMD DOESN'T SEEM TO SUPPORT THEM YET.
-ProtectSystem=full
-#ProtectHome=read-only
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-LockPersonality=true
-#MemoryDenyWriteExecute=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
+# KEEP DEACTIVATED IF YOU WANT TO SEND EMAILS! EXIM DOESN'T WORK WITH
+# ANY OF THESE SETTINGS IN PLACE!
+#ProtectSystem=full
+##ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+##MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
 ## RemoveIPC=true
 ## PrivateMounts=true
 ## MountFlags=