Addition/Force.Users.to.Change.Password.in.90.Days

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Created page with ' = Requirements = This tutorial is applied to iRedMail-0.7.0 stable, if you're running a earlier version, please upgrade it to 0.7.0. Why v0.7.0: * We have new SQL column '''"pā€¦')
(ā†’Requirements)
Line 2: Line 2:
= Requirements =
= Requirements =
-
This tutorial is applied to iRedMail-0.7.0 stable, if you're running a earlier version, please upgrade it to 0.7.0.
+
This tutorial is applied to iRedMail-0.7.0 stable, if you're running an earlier version, please upgrade it to 0.7.0.
-
Why v0.7.0:
+
Why at least v0.7.0:
-
* We have new SQL column '''"passwordlastchange"''' in table '''"vmail.mailbox"'''.
+
* With MySQL backend:
-
* Roundcube will save date of password change in column '''"passwordlastchange"''' of table '''"vmail.mailbox"'''. Works in both OpenLDAP and MySQL backend.
+
** we have new SQL column '''"passwordlastchange"''' in table '''"vmail.mailbox"'''.
 +
** Roundcube will save date of password change in column '''"passwordlastchange"''' of table '''"vmail.mailbox"'''.
= Check postfix setting =
= Check postfix setting =

Revision as of 00:54, 30 March 2011

Contents

Requirements

This tutorial is applied to iRedMail-0.7.0 stable, if you're running an earlier version, please upgrade it to 0.7.0.

Why at least v0.7.0:

  • With MySQL backend:
    • we have new SQL column "passwordlastchange" in table "vmail.mailbox".
    • Roundcube will save date of password change in column "passwordlastchange" of table "vmail.mailbox".

Check postfix setting

  • Execute below command to make sure you have "$smtpd_sender_restrictions" in "proxy_read_maps". If you don't have it, please append it to "proxy_read_maps" manually.
Terminal: 
# postconf proxy_read_maps
proxy_read_maps = ... $smtpd_sender_restrictions

For MySQL backend only

Update postfix settings

  • Update postfix setting "smtpd_sender_restrictions" in its config file /etc/postfix/main.cf (Linux) or /usr/local/etc/postfix/main.cf (FreeBSD), add "check_sender_access" to verify date of password last change.
File: main.cf 
smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql/force_password_change.cf, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
  • Create new file: /etc/postfix/mysql/force_password_change.cf.
File: /etc/postfix/mysql/force_password_change.cf 
user        = vmail
password    = [PASSWORD_OF_vmail]
hosts       = 127.0.0.1
port        = 3306
dbname      = vmail
query       = SELECT 'REJECT PLEASE CHANGE YOUR PASSWORD IMMEDIATELY.' FROM mailbox WHERE username='%s' AND passwordlastchange < DATE_SUB(NOW(), INTERVAL 90 DAY) LIMIT 1
  • Restart postfix to make it work.

For OpenLDAP backend

Update postfix setting

Retrieved from "http://iredmail.org/wiki/index.php?title=Addition/Force.Users.to.Change.Password.in.90.Days"
Personal tools