You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
2.5 KiB
Plaintext
39 lines
2.5 KiB
Plaintext
*Description
|
|
This extension adds support for password expiration.
|
|
It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
|
|
It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
|
|
|
|
*Installation
|
|
Perform the following changes:
|
|
|
|
**Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
|
|
You are invited to backup your DB first, and ensure the table name is correct.
|
|
|
|
Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit the last line in the script and replace 90 by the required value.
|
|
|
|
**Changes in Postfix Admin :
|
|
To enable password expiration, add the following to your config.inc.php file:
|
|
$CONF['password_expiration_enabled'] = 'YES';
|
|
|
|
Do not forget to set the expiration value (in days)
|
|
$CONF['password_expiration_value'] = '90';
|
|
|
|
All my tests are performed using $CONF['encrypt'] = 'md5crypt';
|
|
|
|
**If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
|
|
I recommend to use:
|
|
$config['password_query'] = 'UPDATE mailbox SET password=%c, modified=now(),pw_expires_on=now() + interval 90 day';
|
|
of cource you may adapt to the expected expiration value
|
|
|
|
All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
|
|
|
|
**Changes in Dovecot (adapt if you use another LDA)
|
|
Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
|
|
user_query = SELECT concat('/var/vmail/', maildir) as home, concat('maildir:/var/vmail/', maildir) as mail, 20001 AS uid, 20001 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' AND pw_expires_on > now()
|
|
if course you may require to adapt the uid, gid, maildir and table to your setup
|
|
|
|
**Changes in system
|
|
You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).
|
|
Edit the script to adapt the variables to your setup.
|
|
This script is using postfixadmin.my.cnf to read credentials. Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
|