Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » zimbra » zimbra_password_policy
Trace:
internet:mail:zimbra:zimbra_password_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:zimbra:zimbra_password_policy [2019/06/07 10:10]
gcooper 		internet:mail:zimbra:zimbra_password_policy [2022/03/30 08:55] (current)
gcooper
Line 70: Line 70:
 ===== Expiring Passwords Notification ===== ===== Expiring Passwords Notification =====
  
-https://github.com/wuxmedia/Zimbra_passpoll+**Original**: https://github.com/wuxmedia/Zimbra_passpoll
  
 <file> <file>
Line 102: Line 102:
 </file> </file>
  
 +==== Modified passpoll.sh ====
 +
 +This script has been **modified from the original** in several ways, including:
 +
 +  * **Number of user notifications**
 +    * Four including final on last day
 +  * **Content of user notifications**
 +    * Instructions to change password
 +    * Zimbra URL
 +  * **Content of admin notifications**
 +    * Include log
 +  * **Daily expired password notifications**
 +
 +<file>
 +#!/bin/bash
 +# TDH 2015-04-27
 +# Messy script for zimbra password expiry email notification.
 +# Meant to be performed as daily cronjob run as zimbra user.
 +# redirect output to a file to get a 'log file' of sorts.
 +
 +# Start in tmp folder to eliminate permissions warnings
 +cd /tmp
 +
 +# Time taken of script;
 +echo "Started on: $(date)"
 +
 +# Set some vars:
 +# Notifications in days, then last warning. Don't use 1 as it's assumed.
 +FIRST="10"
 +SECOND="5"
 +LAST="3"
 +# Sent from:
 +FROM="admin@yourdomain.tld"
 +# Domain to check, e.g. 'example.com'; leave blank for all
 +DOMAIN=""
 +# Recipient who should receive an email with all expired accounts
 +ADMIN_RECIPIENT="admin@yourdomain.tld"
 +# URL for your Zimbra in message body
 +URL="https://zimbra.yourdomain.tld"
 +
 +# Sendmail executable
 +SENDMAIL=$(ionice -c3 find /opt/zimbra/common/sbin -type f -iname sendmail)
 +
 +# Get all users - it should run once only.
 +USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa $DOMAIN | egrep -v "spam\.|ham\.|galsync\.|galsync\@|virus-quarantine")
 +
 +#Todays date, in seconds:
 +DATE=$(date +%s)
 +
 +# Iterate through them in for loop:
 +for USER in $USERS
 + do
 +# When was the password set?
 +USERINFO=$(ionice -c3 /opt/zimbra/bin/zmprov ga "$USER")
 +PASS_SET_DATE=$(echo "$USERINFO" | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8)
 +PASS_MAX_AGE=$(echo "$USERINFO" | grep "zimbraPasswordMaxAge:" | cut -d " " -f 2)
 +NAME=$(echo "$USERINFO" | grep givenName | cut -d " " -f 2)
 +
 +# Check if we have set the account to no-expire
 +if [[ "$PASS_MAX_AGE" -eq "0" ]]
 +then
 +  continue
 +fi
 +
 +# Make the date for expiry from now.
 +EXPIRES=$(date -d  "$PASS_SET_DATE $PASS_MAX_AGE days" +%s)
 +
 +# Now, how many days until that?
 +DEADLINE=$(( (($DATE - $EXPIRES)) / -86400 ))
 +
 +# Email to send to victims, ahem - users...
 +SUBJECT="$NAME - Your Password will expire in $DEADLINE days"
 +BODY="
 +Hi $NAME,
 +
 +Your Zimbra e-mail account password will expire in $DEADLINE days, Please reset your password soon.
 +
 +You can change your password in the Zimbra Web Client by clicking Preferences -> Change Password.
 +
 +If you are seeing this message in any other mail client, click here to open the ZWC:
 +
 +$URL
 +
 +Thanks,
 +Your Zimbra Admin Team
 +
 +"
 +# Send it off depending on days, adding verbose statements for the 'log'
 +# First warning
 +if [[ "$DEADLINE" -eq "$FIRST" ]]
 +then
 +        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
 +        echo "Reminder email sent to: $USER - $DEADLINE days left"
 +# Second
 +elif [[ "$DEADLINE" -eq "$SECOND" ]]
 +then
 +        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
 +        echo "Reminder email sent to: $USER - $DEADLINE days left"
 +# Third
 +elif [[ "$DEADLINE" -eq "$LAST" ]]
 +then
 +        echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
 +        echo "Reminder email sent to: $USER - $DEADLINE days left"
 +# Final
 +elif [[ "$DEADLINE" -eq "1" ]]
 +then
 +    echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER"
 +        echo "Last chance for: $USER - $DEADLINE days left"
 +
 +# Check for Expired accounts, get last logon date add them to EXP_LIST2
 +#elif [[ "$DEADLINE" -lt "0" ]] && [ "$(date +%a)" = "Mon" ]
 +elif [[ "$DEADLINE" -lt "0" ]]
 + then
 +    LASTDATE=$(echo "$USERINFO" | grep zimbraLastLogonTimestamp | cut -d " " -f 2 | cut -c 1-8)
 +    LOGON=$(date -d "$LASTDATE")
 +        EXP_LIST=$(echo "$USER's password has been expired for ${DEADLINE#-} day(s) now, last logon was $LOGON.")
 +        EXP_LIST2="$EXP_LIST2 \n $EXP_LIST"
 +
 +else
 +# > /dev/null for less verbose logs and a list of users.
 +    echo "Account: $USER reports; $DEADLINE days on Password policy"
 +fi
 +
 +# Finish for loop
 +done
 +
 +echo ""
 +echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
 +
 +# Send off list using hardcoded email addresses.
 +
 +EXP_BODY="
 +Hello Admin team,
 +
 +List of expired passwords and their last recorded login date:
 +
 +$(echo -e "$EXP_LIST2")
 +
 +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 +
 +Log file:
 +
 +$(cat /tmp/passpoll.log)
 +
 +"
 +echo "Subject: List of accounts with expired passwords" "$EXP_BODY" | $SENDMAIL -f "$FROM" "$ADMIN_RECIPIENT"
 +# Expired accts, for the log:
 +echo -e "$EXP_LIST2"
 +
 +echo "finished in $SECONDS seconds"
 +echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
 +</file>
internet/mail/zimbra/zimbra_password_policy.1559923822.txt.gz · Last modified: 2019/06/07 10:10 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki