Addition/Force.Users.to.Change.Password.in.90.Days

From iRedMail
(Difference between revisions)
Jump to: navigation, search
 

Latest revision as of 20:46, 9 January 2014

Contents

[edit] Requirements

This tutorial is tested with iRedMail-0.7.0.

Why at least v0.7.0:

  • With MySQL backend:
    • we have new SQL column "passwordlastchange" in table "vmail.mailbox".
    • Roundcube will save date of password change in column "passwordlastchange" of table "vmail.mailbox".

[edit] For MySQL backend only

[edit] Update postfix settings

  • Update postfix setting "smtpd_sender_restrictions" in its config file /etc/postfix/main.cf (Linux) or /usr/local/etc/postfix/main.cf (FreeBSD), add "check_sender_access" to verify date of password last change.
File: main.cf
smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql/force_password_change.cf, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
  • Create new file: /etc/postfix/mysql/force_password_change.cf.
File: /etc/postfix/mysql/force_password_change.cf
user        = vmail
password    = [PASSWORD_OF_vmail]
hosts       = 127.0.0.1
port        = 3306
dbname      = vmail
query       = SELECT 'REJECT PLEASE CHANGE YOUR PASSWORD IMMEDIATELY.' FROM mailbox WHERE username='%s' AND passwordlastchange < DATE_SUB(NOW(), INTERVAL 90 DAY) LIMIT 1
  • Restart postfix to make it work.

[edit] For OpenLDAP backend

Not finished yet.

Personal tools