Differences

This shows you the differences between two versions of the page.

--- internet:mail:zimbra:zimbra_password_policy [2019/06/07 09:42]
gcooper
+++ internet:mail:zimbra:zimbra_password_policy [2022/03/30 08:55] (current)
gcooper
@@ Line 70: / Line 70: @@
 ===== Expiring Passwords Notification =====
-https://github.com/wuxmedia/Zimbra_passpoll
+**Original**: https://github.com/wuxmedia/Zimbra_passpoll
 <file>
@@ Line 81: / Line 81: @@
 </file>
-Modify at least:
+Modify **at least**:
 <file>
 FROM="admin@yourdomain.tld"
 ADMIN_RECIPIENT="admin@yourdomain.tld"
+SENDMAIL=$(ionice -c3 find /opt/zimbra/common/sbin -type f -iname sendmail)
 </file>
@@ Line 98: / Line 99: @@
 <file>
 # Password Expiration Notifications
-8 * * * /opt/zimbra/passpoll.sh >/dev/null 2>&1
+8 * * * /opt/zimbra/passpoll.sh > /tmp/passpoll.log
 </file>
+==== Modified passpoll.sh ====
+This script has been **modified from the original** in several ways, including:
+  * **Number of user notifications**
+    * Four including final on last day
+  * **Content of user notifications**
+    * Instructions to change password
+    * Zimbra URL
+  * **Content of admin notifications**
+    * Include log
+  * **Daily expired password notifications**
+<file>
+#!/bin/bash
+# TDH 2015-04-27
+# Messy script for zimbra password expiry email notification.
+# Meant to be performed as daily cronjob run as zimbra user.
+# redirect output to a file to get a 'log file' of sorts.
+# Start in tmp folder to eliminate permissions warnings
+cd /tmp
+# Time taken of script;
+echo "Started on: $(date)"
+# Set some vars:
+# Notifications in days, then last warning. Don't use 1 as it's assumed.
+FIRST="10"
+SECOND="5"
+LAST="3"
+# Sent from:
+FROM="admin@yourdomain.tld"
+# Domain to check, e.g. 'example.com'; leave blank for all
+DOMAIN=""
+# Recipient who should receive an email with all expired accounts
+ADMIN_RECIPIENT="admin@yourdomain.tld"
+# URL for your Zimbra in message body
+URL="https://zimbra.yourdomain.tld"
+# Sendmail executable
+SENDMAIL=$(ionice -c3 find /opt/zimbra/common/sbin -type f -iname sendmail)
+# Get all users - it should run once only.
+USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa $DOMAIN | egrep -v "spam\.|ham\.|galsync\.|galsync\@|virus-quarantine")
+#Todays date, in seconds:
+DATE=$(date +%s)
+# Iterate through them in for loop:
+for USER in $USERS
+ do
+# When was the password set?
+USERINFO=$(ionice -c3 /opt/zimbra/bin/zmprov ga "$USER")
+PASS_SET_DATE=$(echo "$USERINFO" | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8)
+PASS_MAX_AGE=$(echo "$USERINFO" | grep "zimbraPasswordMaxAge:" | cut -d " " -f 2)
+NAME=$(echo "$USERINFO" | grep givenName | cut -d " " -f 2)
+# Check if we have set the account to no-expire
+if [[ "$PASS_MAX_AGE" -eq "0" ]]
+then
+  continue
+fi
+# Make the date for expiry from now.
+EXPIRES=$(date -d  "$PASS_SET_DATE $PASS_MAX_AGE days" +%s)
+# Now, how many days until that?
+DEADLINE=$(( (($DATE - $EXPIRES)) / -86400 ))
+# Email to send to victims, ahem - users...
+SUBJECT="$NAME - Your Password will expire in $DEADLINE days"
+BODY="
+Hi $NAME,
+Your Zimbra e-mail account password will expire in $DEADLINE days, Please reset your password soon.
+You can change your password in the Zimbra Web Client by clicking Preferences -> Change Password.
+If you are seeing this message in any other mail client, click here to open the ZWC:
+$URL
+Thanks,
+Your Zimbra Admin Team
+"
+# Send it off depending on days, adding verbose statements for the 'log'
+# First warning
+if [[ "$DEADLINE" -eq "$FIRST" ]]
+then
+        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
+        echo "Reminder email sent to: $USER - $DEADLINE days left"
+# Second
+elif [[ "$DEADLINE" -eq "$SECOND" ]]
+then
+        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
+        echo "Reminder email sent to: $USER - $DEADLINE days left"
+# Third
+elif [[ "$DEADLINE" -eq "$LAST" ]]
+then
+        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
+        echo "Reminder email sent to: $USER - $DEADLINE days left"
+# Final
+elif [[ "$DEADLINE" -eq "1" ]]
+then
+    echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
+        echo "Last chance for: $USER - $DEADLINE days left"
+# Check for Expired accounts, get last logon date add them to EXP_LIST2
+#elif [[ "$DEADLINE" -lt "0" ]] && [ "$(date +%a)" = "Mon" ]
+elif [[ "$DEADLINE" -lt "0" ]]
+ then
+    LASTDATE=$(echo "$USERINFO" | grep zimbraLastLogonTimestamp | cut -d " " -f 2 | cut -c 1-8)
+    LOGON=$(date -d "$LASTDATE")
+        EXP_LIST=$(echo "$USER's password has been expired for ${DEADLINE#-} day(s) now, last logon was $LOGON.")
+        EXP_LIST2="$EXP_LIST2 \n $EXP_LIST"
+else
+# > /dev/null for less verbose logs and a list of users.
+    echo "Account: $USER reports; $DEADLINE days on Password policy"
+fi
+# Finish for loop
+done
+echo ""
+echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
+# Send off list using hardcoded email addresses.
+EXP_BODY="
+Hello Admin team,
+List of expired passwords and their last recorded login date:
+$(echo -e "$EXP_LIST2")
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+Log file:
+$(cat /tmp/passpoll.log)
+"
+echo "Subject: List of accounts with expired passwords" "$EXP_BODY" | $SENDMAIL -f "$FROM" "$ADMIN_RECIPIENT"
+# Expired accts, for the log:
+echo -e "$EXP_LIST2"
+echo "finished in $SECONDS seconds"
+echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools