Addition/Force.Users.to.Change.Password.in.90.Days

From iRedMail
(Difference between revisions)
Jump to: navigation, search
(Check postfix setting)
 
 
(One intermediate revision by one user not shown)
Line 2: Line 2:
 
= Requirements =
 
= Requirements =
  
This tutorial is applied to iRedMail-0.7.0 stable, if you're running an earlier version, please upgrade it to 0.7.0.
+
This tutorial is tested with iRedMail-0.7.0.
  
 
Why at least v0.7.0:
 
Why at least v0.7.0:
Line 8: Line 8:
 
** we have new SQL column '''"passwordlastchange"''' in table '''"vmail.mailbox"'''.
 
** we have new SQL column '''"passwordlastchange"''' in table '''"vmail.mailbox"'''.
 
** Roundcube will save date of password change in column '''"passwordlastchange"''' of table '''"vmail.mailbox"'''.
 
** Roundcube will save date of password change in column '''"passwordlastchange"''' of table '''"vmail.mailbox"'''.
 
= Check postfix setting =
 
* Open Postfix config file '''/etc/postfix/main.cf''', make sure you have '''"$smtpd_sender_restrictions"''' in '''"proxy_read_maps"''' setting. If you don't have it, please append it to '''"proxy_read_maps"''' manually.
 
{{cmd|<pre>
 
proxy_read_maps = ... $smtpd_sender_restrictions
 
</pre>}}
 
  
 
= For MySQL backend only =
 
= For MySQL backend only =
Line 36: Line 30:
  
 
= For OpenLDAP backend =
 
= For OpenLDAP backend =
== Update postfix setting ==
+
Not finished yet.

Latest revision as of 20:46, 9 January 2014

Contents

[edit] Requirements

This tutorial is tested with iRedMail-0.7.0.

Why at least v0.7.0:

  • With MySQL backend:
    • we have new SQL column "passwordlastchange" in table "vmail.mailbox".
    • Roundcube will save date of password change in column "passwordlastchange" of table "vmail.mailbox".

[edit] For MySQL backend only

[edit] Update postfix settings

  • Update postfix setting "smtpd_sender_restrictions" in its config file /etc/postfix/main.cf (Linux) or /usr/local/etc/postfix/main.cf (FreeBSD), add "check_sender_access" to verify date of password last change.
File: main.cf
smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql/force_password_change.cf, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
  • Create new file: /etc/postfix/mysql/force_password_change.cf.
File: /etc/postfix/mysql/force_password_change.cf
user        = vmail
password    = [PASSWORD_OF_vmail]
hosts       = 127.0.0.1
port        = 3306
dbname      = vmail
query       = SELECT 'REJECT PLEASE CHANGE YOUR PASSWORD IMMEDIATELY.' FROM mailbox WHERE username='%s' AND passwordlastchange < DATE_SUB(NOW(), INTERVAL 90 DAY) LIMIT 1
  • Restart postfix to make it work.

[edit] For OpenLDAP backend

Not finished yet.

Personal tools