Hi everyone,
I appreciate any thoughts you might offer.
Recently we had an issue when one of our internal accounts passwords was brutforced (i guess), because it was a dictionary password (we think so), and lot's of spam went through our mail server. Which in result ended putting our mail server in lots and lots of blacklists.
We now added enforce_difficult_passwords=1 to directadmin.conf, however this does not solve current weak users passwords. We want to force everyone change their passwords, or, the worst case, change passwords to all of them ourselves, and then give them out. So everyone (every single mailbox) would have decent password.
Any ideas on how to achieve that?
Will roundcube be affected by this enforce_difficult_passwords=1 or users will still be able to set weak passwords?
Maybe you can suggest some thoughts on how to prevent this from happening in the future?
I appreciate any thoughts you might offer.
Recently we had an issue when one of our internal accounts passwords was brutforced (i guess), because it was a dictionary password (we think so), and lot's of spam went through our mail server. Which in result ended putting our mail server in lots and lots of blacklists.
We now added enforce_difficult_passwords=1 to directadmin.conf, however this does not solve current weak users passwords. We want to force everyone change their passwords, or, the worst case, change passwords to all of them ourselves, and then give them out. So everyone (every single mailbox) would have decent password.
Any ideas on how to achieve that?
Will roundcube be affected by this enforce_difficult_passwords=1 or users will still be able to set weak passwords?
Maybe you can suggest some thoughts on how to prevent this from happening in the future?
Last edited: