elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New doc: force.user.to.change.password.html.

This commit is contained in:
Zhang Huangbin 2014-10-07 12:35:29 +08:00
parent 7e562dc4fa
commit ecd78803ec
4 changed files with 104 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -11,6 +11,7 @@ We're working on migrating [old wiki documents](http://www.iredmail.org/wiki) to
* [Allow insecure POP3/IMAP/SMTP connections without STARTTLS](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/2-allow.insecure.pop3.imap.smtp.connections.md)
* [Allow user to send email without authentication](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/allow.user.to.send.email.without.authentication.md)
* [Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/configure.thunderbird.md)
* [Force mail user to change password in 90 days](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/force.user.to.change.password.md)
* [Ignore Trash folder in mailbox quota](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/ignore.trash.folder.in.quota.md)
* [LDAP: Add an alias domain](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/ldap.add.alias.domain.md)
* [LDAP: Add a mail alias account](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/ldap.add.mail.alias.md)

49
howto/force.user.to.change.password.md Normal file
View File

@ -0,0 +1,49 @@
# Force mail user to change password in 90 days
## How it works
iRedMail configures Roundcube to store password change date while user changed
their password. For MySQL/MariaDB/PostgreSQL backends, it's stored in SQL database
`vmail`, column `mailbox.passwordlastchange`. For LDAP backends, it's stored in
LDAP attribute `shadowLastChange` of user account. If user didn't change password
before, or user account is newly created, the password last change date
will be set to `0000-00-00 00:00:00`.
iRedAPD has plugin to force mail users to change password before sending email:
* `sql_force_change_password_in_days`: for MySQL, MariaDB and PostgreSQL backends.
* `ldap_force_change_password_in_days`: for LDAP backends (OpenLDAP and OpenBSD
built-in LDAP server `ldapd(8)`).
When user trying to send an email, iRedAPD will invoke these plugin to
check password last change date stored in SQL/LDAP and compare
it with current date. if password last change date is longer than specified
days, this plugin rejects smtp session with specified message.
## How to enable iRedAPD plugin
To enable this plugin, please list the plugin name in iRedAPD config file
`/opt/iredapd/settings.py`, variable `plugins =`. For example:
```python
# For SQL backends
plugins = [..., 'sql_force_change_password_in_days']
# For LDAP backends:
plugins = [..., 'ldap_force_change_password_in_days']
```
There're two addition settings available for this plugin (it's mentioned in
plugin file `/opt/iredapd/plugins/sql_force_change_password_in_days.py` and
`/opt/iredapd/plugins/ldap_force_change_password_in_days`):
```
# User has to change password in 90 days
CHANGE_PASSWORD_DAYS = 90
# MTA will reject user's smtp session with below message. You'd better describe
# why user's email was rejected and guide user to change password.
CHANGE_PASSWORD_MESSAGE = 'Please change your password in webmail before sending email: https://xxx/webmail/'
```
Then restart iRedAPD service.

53
html/force.user.to.change.password.html Normal file
View File

@ -0,0 +1,53 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Force mail user to change password in 90 days</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="force-mail-user-to-change-password-in-90-days">Force mail user to change password in 90 days</h1>
<h2 id="how-it-works">How it works</h2>
<p>iRedMail configures Roundcube to store password change date while user changed
their password. For MySQL/MariaDB/PostgreSQL backends, it's stored in SQL database
<code>vmail</code>, column <code>mailbox.passwordlastchange</code>. For LDAP backends, it's stored in
LDAP attribute <code>shadowLastChange</code> of user account. If user didn't change password
before, or user account is newly created, the password last change date
will be set to <code>0000-00-00 00:00:00</code>.</p>
<p>iRedAPD has plugin to force mail users to change password before sending email:</p>
<ul>
<li><code>sql_force_change_password_in_days</code>: for MySQL, MariaDB and PostgreSQL backends.</li>
<li><code>ldap_force_change_password_in_days</code>: for LDAP backends (OpenLDAP and OpenBSD
built-in LDAP server <code>ldapd(8)</code>).</li>
</ul>
<p>When user trying to send an email, iRedAPD will invoke these plugin to
check password last change date stored in SQL/LDAP and compare
it with current date. if password last change date is longer than specified
days, this plugin rejects smtp session with specified message.</p>
<h2 id="how-to-enable-iredapd-plugin">How to enable iRedAPD plugin</h2>
<p>To enable this plugin, please list the plugin name in iRedAPD config file
<code>/opt/iredapd/settings.py</code>, variable <code>plugins =</code>. For example:</p>
<pre><code class="python">
# For SQL backends
plugins = [..., 'sql_force_change_password_in_days']
# For LDAP backends:
plugins = [..., 'ldap_force_change_password_in_days']
</code></pre>
<p>There're two addition settings available for this plugin (it's mentioned in
plugin file <code>/opt/iredapd/plugins/sql_force_change_password_in_days.py</code> and
<code>/opt/iredapd/plugins/ldap_force_change_password_in_days</code>):</p>
<pre><code># User has to change password in 90 days
CHANGE_PASSWORD_DAYS = 90
# MTA will reject user's smtp session with below message. You'd better describe
# why user's email was rejected and guide user to change password.
CHANGE_PASSWORD_MESSAGE = 'Please change your password in webmail before sending email: https://xxx/webmail/'
</code></pre>
<p>Then restart iRedAPD service.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

1
html/index.html
View File

@ -24,6 +24,7 @@
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without authentication</a></li>
<li><a href="configure.thunderbird.html">Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</a></li>
<li><a href="force.user.to.change.password.html">Force mail user to change password in 90 days</a></li>
<li><a href="ignore.trash.folder.in.quota.html">Ignore Trash folder in mailbox quota</a></li>
<li><a href="ldap.add.alias.domain.html">LDAP: Add an alias domain</a></li>
<li><a href="ldap.add.mail.alias.html">LDAP: Add a mail alias account</a></li>