Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » zimbra » zimbra_password_policy
Trace: hyper-v-create-virtual-machine home_directories
internet:mail:zimbra:zimbra_password_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:zimbra:zimbra_password_policy [2019/06/07 09:04]
gcooper 		internet:mail:zimbra:zimbra_password_policy [2022/03/30 08:55] (current)
gcooper
Line 70: Line 70:
 ===== Expiring Passwords Notification ===== ===== Expiring Passwords Notification =====
  
-http://jogi-sysadmin.blogspot.com/2015/06/password-expiry-notification-for-users.html+**Original**: https://github.com/wuxmedia/Zimbra_passpoll 
 + 
 +<file> 
 +cd /opt/zimbra 
 +wget https://raw.githubusercontent.com/wuxmedia/Zimbra_passpoll/master/passpoll.sh 
 +chown zimbra.zimbra passpoll.sh 
 +chmod +x passpoll.sh 
 +su zimbra 
 +vi passpoll.sh 
 +</file> 
 + 
 +Modify **at least**: 
 + 
 +<file> 
 +FROM="admin@yourdomain.tld" 
 +ADMIN_RECIPIENT="admin@yourdomain.tld" 
 +SENDMAIL=$(ionice -c3 find /opt/zimbra/common/sbin -type f -iname sendmail) 
 +</file> 
 + 
 +Modify the ''zimbra'' user crontab to run the script daily: 
 + 
 +<file> 
 +crontab -e 
 +</file> 
 + 
 +Append at the bottom: 
 + 
 +<file> 
 +# Password Expiration Notifications 
 +0 8 * * * /opt/zimbra/passpoll.sh > /tmp/passpoll.log 
 +</file> 
 + 
 +==== Modified passpoll.sh ==== 
 + 
 +This script has been **modified from the original** in several ways, including: 
 + 
 +  * **Number of user notifications** 
 +    * Four including final on last day 
 +  * **Content of user notifications** 
 +    * Instructions to change password 
 +    * Zimbra URL 
 +  * **Content of admin notifications** 
 +    * Include log 
 +  * **Daily expired password notifications**
  
 <file> <file>
 #!/bin/bash #!/bin/bash
-#Script for zimbra password expiry email notification. +TDH 2015-04-27 
-# Meant to be performed as daily cronjob run as zimbra user. +# Messy script for zimbra password expiry email notification. 
 +# Meant to be performed as daily cronjob run as zimbra user.
 # redirect output to a file to get a 'log file' of sorts. # redirect output to a file to get a 'log file' of sorts.
 +
 +# Start in tmp folder to eliminate permissions warnings
 +cd /tmp
  
 # Time taken of script; # Time taken of script;
-echo "$SECONDS Started on: $(date)" +echo "Started on: $(date)" 
-# Set variables+ 
-First notification in days, then last warning: +# Set some vars
-FIRST="7"+Notifications in days, then last warning. Don't use 1 as it's assumed. 
 +FIRST="10" 
 +SECOND="5"
 LAST="3" LAST="3"
-# pass expiry in days, we are assuming passwd exiry is 150 Days 
-POLICY="150" 
 # Sent from: # Sent from:
-FROM="admin@domain.com"+FROM="admin@yourdomain.tld" 
 +# Domain to check, e.g. 'example.com'; leave blank for all 
 +DOMAIN="" 
 +# Recipient who should receive an email with all expired accounts 
 +ADMIN_RECIPIENT="admin@yourdomain.tld" 
 +# URL for your Zimbra in message body 
 +URL="https://zimbra.yourdomain.tld" 
 + 
 +# Sendmail executable 
 +SENDMAIL=$(ionice -c3 find /opt/zimbra/common/sbin -type f -iname sendmail) 
 # Get all users - it should run once only. # Get all users - it should run once only.
-USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa domain.com)+USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa $DOMAIN | egrep -v "spam\.|ham\.|galsync\.|galsync\@|virus-quarantine")
  
 #Todays date, in seconds: #Todays date, in seconds:
 DATE=$(date +%s) DATE=$(date +%s)
 +
 # Iterate through them in for loop: # Iterate through them in for loop:
 for USER in $USERS for USER in $USERS
  do  do
 # When was the password set? # When was the password set?
-USERINFO=$(ionice -c3 /opt/zimbra/bin/zmprov ga $USER)+USERINFO=$(ionice -c3 /opt/zimbra/bin/zmprov ga "$USER")
 PASS_SET_DATE=$(echo "$USERINFO" | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8) PASS_SET_DATE=$(echo "$USERINFO" | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8)
 +PASS_MAX_AGE=$(echo "$USERINFO" | grep "zimbraPasswordMaxAge:" | cut -d " " -f 2)
 NAME=$(echo "$USERINFO" | grep givenName | cut -d " " -f 2) NAME=$(echo "$USERINFO" | grep givenName | cut -d " " -f 2)
 +
 +# Check if we have set the account to no-expire
 +if [[ "$PASS_MAX_AGE" -eq "0" ]]
 +then
 +  continue
 +fi
  
 # Make the date for expiry from now. # Make the date for expiry from now.
-#echo PASS_SET_DATE is $PASS_SET_DATE +EXPIRES=$(date -d  "$PASS_SET_DATE $PASS_MAX_AGE days" +%s) 
-EXPIRES=$(date -d  "$PASS_SET_DATE $POLICY days" +%s) +
-#echo PASS_SET_DATE is $PASS_SET_DATE +
-#echo EXPIRES DAYS  is $EXPIRES+
 # Now, how many days until that? # Now, how many days until that?
 DEADLINE=$(( (($DATE - $EXPIRES)) / -86400 )) DEADLINE=$(( (($DATE - $EXPIRES)) / -86400 ))
  
-# Email to send to users...+# Email to send to victims, ahem - users...
 SUBJECT="$NAME - Your Password will expire in $DEADLINE days" SUBJECT="$NAME - Your Password will expire in $DEADLINE days"
 BODY=" BODY="
 Hi $NAME, Hi $NAME,
-Your account password will expire in "$DEADLINEdays, Please reset your password soon. + 
-You may also enter a zimbra calendar event to remind you+Your Zimbra e-mail account password will expire in $DEADLINE days, Please reset your password soon. 
-Thanks,  + 
- Email Admin team+You can change your password in the Zimbra Web Client by clicking Preferences -> Change Password. 
 + 
 +If you are seeing this message in any other mail client, click here to open the ZWC: 
 + 
 +$URL 
 + 
 +Thanks, 
 +Your Zimbra Admin Team 
 " "
 # Send it off depending on days, adding verbose statements for the 'log' # Send it off depending on days, adding verbose statements for the 'log'
Line 122: Line 193:
 if [[ "$DEADLINE" -eq "$FIRST" ]] if [[ "$DEADLINE" -eq "$FIRST" ]]
 then then
- echo "Subject: $SUBJECT" "$BODY"/opt/zimbra/postfix-2.10.3.2z/sbin/sendmail -f $FROM "$USER" +        echo "Subject: $SUBJECT" "$BODY"$SENDMAIL -f "$FROM"$USER" 
- echo "Reminder email sent to: $USER - $DEADLINE days left" +        echo "Reminder email sent to: $USER - $DEADLINE days left"
 # Second # Second
 +elif [[ "$DEADLINE" -eq "$SECOND" ]]
 +then
 +        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
 +        echo "Reminder email sent to: $USER - $DEADLINE days left"
 +# Third
 elif [[ "$DEADLINE" -eq "$LAST" ]] elif [[ "$DEADLINE" -eq "$LAST" ]]
 then then
- echo "Subject: $SUBJECT" "$BODY"/opt/zimbra/postfix-2.10.3.2z/sbin/sendmail -f $FROM "$USER" +        echo "Subject: $SUBJECT" "$BODY"$SENDMAIL -f "$FROM"$USER" 
- echo "Reminder email sent to: $USER - $DEADLINE days left"+        echo "Reminder email sent to: $USER - $DEADLINE days left"
 # Final # Final
 elif [[ "$DEADLINE" -eq "1" ]] elif [[ "$DEADLINE" -eq "1" ]]
 then then
-    echo "Subject: $SUBJECT" "$BODY"/opt/zimbra/postfix-2.10.3.2z/sbin/sendmail -f $FROM "$USER" +    echo "Subject: $SUBJECT" "$BODY"$SENDMAIL -f "$FROM"$USER" 
- echo "Last chance for: $USER - $DEADLINE days left" +        echo "Last chance for: $USER - $DEADLINE days left" 
-  + 
-# Check for Expired accounts, get last logon date add them to EXP_LIST2 every monday +# Check for Expired accounts, get last logon date add them to EXP_LIST2 
-elif [[ "$DEADLINE" -lt "0" ]] && [ '$(date +%a) = "Mon"]  +#elif [[ "$DEADLINE" -lt "0" ]] && [ "$(date +%a)= "Mon" 
- then +elif [[ "$DEADLINE" -lt "0" ]
 + then
     LASTDATE=$(echo "$USERINFO" | grep zimbraLastLogonTimestamp | cut -d " " -f 2 | cut -c 1-8)     LASTDATE=$(echo "$USERINFO" | grep zimbraLastLogonTimestamp | cut -d " " -f 2 | cut -c 1-8)
     LOGON=$(date -d "$LASTDATE")     LOGON=$(date -d "$LASTDATE")
- EXP_LIST=$(echo "$USER's password has been expired for ${DEADLINE#-} day(s) now, last logon was $LOGON."+        EXP_LIST=$(echo "$USER's password has been expired for ${DEADLINE#-} day(s) now, last logon was $LOGON."
- EXP_LIST2="$EXP_LIST2 \n $EXP_LIST"+        EXP_LIST2="$EXP_LIST2 \n $EXP_LIST"
  
-else +else
 # > /dev/null for less verbose logs and a list of users. # > /dev/null for less verbose logs and a list of users.
     echo "Account: $USER reports; $DEADLINE days on Password policy"     echo "Account: $USER reports; $DEADLINE days on Password policy"
Line 151: Line 228:
 done done
  
 +echo ""
 echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
  
-# Send off list using hardcoded email addresses. +# Send off list using hardcoded email addresses.
  
 EXP_BODY=" EXP_BODY="
-Hello Email Admin team, +Hello Admin team, 
-This is the monthly list of expired passwords and their last recorded login date:+ 
 +List of expired passwords and their last recorded login date: 
 $(echo -e "$EXP_LIST2") $(echo -e "$EXP_LIST2")
-Regards, + 
-Email Admin Team.+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
 + 
 +Log file: 
 + 
 +$(cat /tmp/passpoll.log) 
 " "
-echo "Subject: List of accounts with expired passwords" "$EXP_BODY"/opt/zimbra/postfix-2.10.3.2z/sbin/sendmail -f  admin@domain.com+echo "Subject: List of accounts with expired passwords" "$EXP_BODY"$SENDMAIL -f "$FROM" "$ADMIN_RECIPIENT"
 # Expired accts, for the log: # Expired accts, for the log:
 echo -e "$EXP_LIST2" echo -e "$EXP_LIST2"
  
 echo "finished in $SECONDS seconds" echo "finished in $SECONDS seconds"
-echo "Thank you"+echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
 </file> </file>
internet/mail/zimbra/zimbra_password_policy.1559919872.txt.gz · Last modified: 2019/06/07 09:04 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki