You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
2.6 KiB
Plaintext
49 lines
2.6 KiB
Plaintext
*Description
|
|
|
|
This extension adds support for password expiration.
|
|
It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
|
|
It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
|
|
Expiration unit is day
|
|
Expiration value for domain is set through Postfix Admin GUI
|
|
|
|
*Installation
|
|
|
|
Perform the following changes:
|
|
|
|
**Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
|
|
|
|
You are invited to backup your DB first, and ensure the table name is correct.
|
|
|
|
Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit line 2 in the script and replace 90 by the required value.
|
|
|
|
**Changes in Postfix Admin :
|
|
|
|
To enable password expiration, add the following to your config.inc.php file:
|
|
$CONF['password_expiration_enabled'] = 'YES';
|
|
|
|
All my tests are performed using $CONF['encrypt'] = 'md5crypt';
|
|
|
|
**If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
|
|
|
|
I recommend to use:
|
|
|
|
$config['password_query'] = 'UPDATE mailbox SET password=%c, modified = now(), password_expiry = now() + interval 90 day';
|
|
|
|
of cource you may adapt to the expected expiration value
|
|
|
|
All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
|
|
|
|
**Changes in Dovecot (adapt if you use another LDA)
|
|
|
|
Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
|
|
|
|
password_query = SELECT username as user, password, concat('/var/vmail/', maildir) as userdb_var, concat('maildir:/var/vmail/', maildir) as userdb_mail, 20001 as userdb_uid, 20001 as userdb_gid, m.domain FROM mailbox m, domain d where d.domain = m.domain and m.username = '%u' AND m.active = '1' AND (m.pw_expires_on > now() or d.password_expiration_value = 0)
|
|
|
|
Of course you may require to adapt the uid, gid, maildir and table to your setup
|
|
|
|
**Changes in system
|
|
|
|
You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).
|
|
Edit the script to adapt the variables to your setup.
|
|
This script is using postfixadmin.my.cnf to read credentials. Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
|