2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2014-10-06 23:35:29 -05:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Force mail user to change password in 90 days< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2014-10-06 23:35:29 -05:00
< / head >
< body >
< div id = "navigation" >
2016-04-19 12:48:51 -05:00
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "force-mail-user-to-change-password-in-90-days" > Force mail user to change password in 90 days< / h1 >
2014-10-06 23:35:29 -05:00
< h2 id = "how-it-works" > How it works< / h2 >
2014-10-08 07:27:14 -05:00
< p > iRedMail configures Roundcube webmail to store last password change date while
user changed password. For MySQL/MariaDB/PostgreSQL backends, it's stored in
2014-10-06 23:39:09 -05:00
SQL database < code > vmail< / code > , column < code > mailbox.passwordlastchange< / code > . For LDAP backends,
it's stored in LDAP attribute < code > shadowLastChange< / code > of user account. If user
didn't change password before, or user account is newly created, the password
last change date will be set to < code > 0000-00-00 00:00:00< / code > .< / p >
2014-10-06 23:35:29 -05:00
< p > iRedAPD has plugin to force mail users to change password before sending email:< / p >
< ul >
2014-10-06 23:39:09 -05:00
< li > < code > sql_force_change_password_in_days< / code > : for SQL backends (MySQL, MariaDB and
PostgreSQL).< / li >
2014-10-06 23:35:29 -05:00
< li > < code > ldap_force_change_password_in_days< / code > : for LDAP backends (OpenLDAP and OpenBSD
built-in LDAP server < code > ldapd(8)< / code > ).< / li >
< / ul >
2014-10-08 07:27:14 -05:00
< p > When user trying to send an email, iRedAPD will invoke this plugin to
2014-10-06 23:35:29 -05:00
check password last change date stored in SQL/LDAP and compare
it with current date. if password last change date is longer than specified
days, this plugin rejects smtp session with specified message.< / p >
< h2 id = "how-to-enable-iredapd-plugin" > How to enable iRedAPD plugin< / h2 >
< p > To enable this plugin, please list the plugin name in iRedAPD config file
< code > /opt/iredapd/settings.py< / code > , variable < code > plugins =< / code > . For example:< / p >
2014-10-06 23:39:46 -05:00
< pre > < code class = "python" > # For SQL backends
2014-10-06 23:35:29 -05:00
plugins = [..., 'sql_force_change_password_in_days']
# For LDAP backends:
plugins = [..., 'ldap_force_change_password_in_days']
< / code > < / pre >
2014-10-08 21:47:39 -05:00
< p > There're two optional settings you can set in < code > /opt/iredapd/settings.py< / code > :< / p >
< pre > < code > # User has to change password in certain days. Default is 90 days.
2014-10-06 23:35:29 -05:00
CHANGE_PASSWORD_DAYS = 90
# MTA will reject user's smtp session with below message. You'd better describe
# why user's email was rejected and guide user to change password.
CHANGE_PASSWORD_MESSAGE = 'Please change your password in webmail before sending email: https://xxx/webmail/'
< / code > < / pre >
2016-05-19 06:51:20 -05:00
< p > Then restart iRedAPD service.< / p > < div class = "footer" >
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
2015-02-05 07:02:53 -06:00
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
2014-10-13 19:28:43 -05:00
< / script >
< / body > < / html >