1 (edited by tyllee 2015-06-28 02:35:24)

Topic: iredmail password expire

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.7
- Linux/BSD distribution name and version: Debian 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? yes
- Related log if you're reporting an issue:
====

Hi, I have several user accounts where the password have stopped working and I have been forced to reset the password. Is there any build in password expire function in iRedmail?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iredmail password expire

iRedMail doesn't have builtin password expire function. But iRedAPD has plugin 'sql_force_change_password_in_days' to force users to change password in certain days (default is 90 days).

3

Re: iredmail password expire

ZhangHuangbin wrote:

iRedMail doesn't have builtin password expire function. But iRedAPD has plugin 'sql_force_change_password_in_days' to force users to change password in certain days (default is 90 days).

So, if the user is using external mail client e.g. thunderbird. The password will expire in 90 days without any heads up? Or can iRadAPD send an email before the password stops working?

How is the plugin meant to be working and how do I disable or change the time limit?

Thank you for your awesome work with iRedMail!

4

Re: iredmail password expire

tyllee wrote:

So, if the user is using external mail client e.g. thunderbird. The password will expire in 90 days without any heads up? Or can iRadAPD send an email before the password stops working?

How is the plugin meant to be working and how do I disable or change the time limit?

You have to write your own script to notify users. If password expired, when user sends email, it will get a rejection with message like "Password expired, please change your password in webmail before sending email".

You can custom the rejection message and time limit in iRedAPD config file /opt/iredapd/settings.py, like below:

CHANGE_PASSWORD_DAYS = 90
CHANGE_PASSWORD_MESSAGE = 'Password expired, please change your password in webmail before sending email'

Default values are defined in file /opt/iredapd/libs/default_settings.py. You may want to include webmail URLs or iRedAdmin-Pro (with self-service enabled) in the rejection message.

5 (edited by tyllee 2015-06-28 19:13:27)

Re: iredmail password expire

Hm. I don't have this option in /opt/iredapd/settings.py. Is the default 90 days activated by default even if there's no option in /opt/iredapd/settings.py?

output of /opt/iredapd/settings.py :


# Listen address and port.
listen_address = "127.0.0.1"
listen_port = "7777"

# Run as a low privileged user.
# If you don't want to create one, you can try 'nobody'.
run_as_user = "iredapd"

# Path to pid file.
pid_file = '/var/run/iredapd.pid'

# Path to log file.
# Set 'log_file = /dev/null' if you don't want to keep the log.
log_file = '/var/log/iredapd.log'

# Log level: info, debug.
log_level = "info"

# Backend: ldap, mysql, pgsql.
backend = "mysql"

# Enabled plugins.
# - Plugin name is file name which placed under 'plugins/' directory,
#   without file extension '.py'.
# - Plugin names MUST be seperated by comma.
plugins = ["sql_alias_access_policy", "sql_user_restrictions"]

####################
# For ldap backend.
#
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap/*.cf.
#
ldap_uri = 'ldap://127.0.0.1:389'
ldap_basedn = 'o=domains,dc=iredmail,dc=org'
ldap_binddn = 'cn=vmail,dc=iredmail,dc=org'
ldap_bindpw = ''

#
# For MySQL and PostgreSQL backends.
#
sql_server = "127.0.0.1"
sql_port = "3306"
sql_db = "vmail"
sql_user = "vmail"
sql_password = ""

6

Re: iredmail password expire

*) If plugin name is not listed in variable 'plugins =' in /opt/iredapd/settings.py, that means this plugin is not enabled.
*) iRedAPD defines some default values for easy use in /opt/iredapd/libs/default_settings.py, you can add same variable names (with different values) in /opt/iredapd/settings.py to override default values.

7

Re: iredmail password expire

Do you have any other explanation why I have to reset the password for a couple of users? It does not seam to be iRedAPD that is causing the password trouble.

8

Re: iredmail password expire

I have no idea at all, iRedMail doesn't have cron job or similar tool to automatically reset the password.