English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
force password change
-
Hi,
I need to disable POP/IMAP/SMTP access until the user logs in via webmail to change their password.
Is this possible?
Thanks
-
There is an option on the account for "Account must change password". If you check this box, it should deny access until the user changes their password using Webmail or Remote Administration. The option can be found in Remote Administration at Main | Account Mananger | Select the Account | Edit | Account Details.
Is this not working for you?
If its not working, what protocol is the user able to login as?
What version of MDaemon are you using?
What does the log show is happening? Can you post a snippet that shows what is occurring?
-
Hi Aron, thanks for your interest.
The MDaemon mail server version is v25.0.3.
When I select "Account must change password," the user can still log in via IMAP/POP/SMTP. They can then configure their mail client (e.g., Outlook, etc.) to access their mailbox without changing their password.
I want the user to be required to log in to webmail to change their password.
Which log file should I check?
-
Are users logging in using an app password? App passwords are not restricted by the account must change password setting.
-
No, users don't use app passwords.
Let me explain... I create new email users and set up a password change when logging into webmail, but "lazy" users don't log into webmail to make the change; they configure their Outlook client directly.
My goal is to force the user to go to webmail to enable IMAP/POP/SMTP.
-
Create a test account, enable Account must change the password. Then login with the account using POP, IMAP, or SMTP. Once the session is complete, find it in the MDaemon log and post the snippet.
You should see something like this being logged after you attempt to authenticate:
Tue 2026-02-17 09:11:14.958: [00112149] Authenticating user@domain.com...
Tue 2026-02-17 09:11:14.961: [00112149] Account must change password
Tue 2026-02-17 09:11:14.961: [00112149] --> 535 5.7.8 Authentication failed
Tue 2026-02-17 09:11:15.589: [00112149] <-- QuitAre the users authenticating using their full email address to login? Are they using an alias to login?
Are you using dynamic authentication with ActiveDirectory?
-
You're absolutely right, what you said happens.
But I can't understand why some users used the same password set by the administrator upon activation.
-
In MDRA if you go to Setup | Account Settings | Passwords, what do you have the value for "Remember this many old passwords" set to? If its zero, then MDaemon will allow them to reuse the password set by the administrator.
-
that value is set to 5
-
With your test account, if you login to webmail or remote administration does it allow you to reuse the password that was set when you created the account?
Do you have an old theme available in webmail (any theme other than Pro, WorldClient, and Lookout is old)? if you use an old theme when logging in, does it allow you to reuse the password?
Please login to reply to this topic!
Search
Latest topics
Forum statistics
- Page views (24h):
- 420
- Page views (30d):
- 9,707
- Topics:
- 601
- Posts:
- 3,741
- Members:
- 747
