I am thinking of a way to change user mail accounts’ password once in xx days. It would be nice if I can force users by a link.
Can you give me some ideas?
Won’t would Exim / Dovecot doesn’t know when the last password change was made…
It does not matter. Passes must be changed in 90 days…
I will try to do this with crons. Create a passlist.txt and send users their pass before password change. And change passes with hestia clis on that day.
changing passwords frequently doesnt improve security, better make one strong password and you’re good to go.
2 Likes
Passwords that are stored in a manner that allows them to be sent to users is also a glaring security risk.
2 Likes
It is just a client request. Not about a security…
Good luck with the firewall bans…
Why ?
Users change their passwords but forget their phones to update… And so on…
It is a really bad idea…
thank you for warning… thats in my mind already.
i dont see any reason to implement it, as already written, nothing to do with security and a big issue with firewall bans.
Changing all passwords on regular basis is widely recommended action.
Also this is a request from client, and if it is impelentable, why not. Also some mail servers like exchange has already such feature. And we do not enable firewall. So what is bad about it? It is of course a security thing. Some companies certifications rules are already forcing this rule… It is wierd that you think opposite.
Go ahead if you want/forced to implement it. But so far I know from Exim this can’t be forced. Hestia does currently not log when the last password change happend for each user happend except if you want to implement it feel free to build something your self.
Maybe it can it can be done via Roundcube… But not worth my time …
Ok maybe I just should have said to change passwords once in 90 days only. And inform users beforehand. Anyway thank you for your ideas.
please google that again.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.