rename / merge shell script

2025-11-23 11:22:22 +03:00 · 2021-01-29 21:14:35 +00:00
parent 23db330473
commit cfe08d14f5
3 changed files with 93 additions and 68 deletions
--- a/DOCUMENTS/Password_Expiration.md
+++ b/DOCUMENTS/Password_Expiration.md
@@ -0,0 +1,93 @@
 # Description
 This extension adds support for password expiration.
 It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
 It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
 Expiration unit is day
 Expiration value for domain is set through Postfix Admin GUI
 # Installation
 Password Expiration is merged with PostfixAdmin - so no additional database changes should be necessary.
 ## Database Fields 
 * mailbox.password_expiry - timestamp, when the mailbox password expires.
 * domain.password_expiry - default duration for when a password will expire
 Changes in MySQL/MariaDB mailbox table (as defined in `$CONF['database_tables']` from config.inc.php):
 ## Changes in Postfix Admin :
 To enable password expiration, add the following to your config.inc.php file:
 `$CONF['password_expiration'] = 'YES';`
 ## RoundCube Password Plugin
 If you are using Roundcube's password plugin, you should also adapt the `$config['password_query']` value.
 I recommend to use:
 `$config['password_query'] = 'UPDATE mailbox SET password=%c, modified = now(), password_expiry = now() + interval 90 day';`
 of course, you may adapt to the expiration value to suit.
 ## Changes in Dovecot (adapt if you use another LDA)
 Edit dovecot-mysql.conf file, and replace the user_query (and only this one) to be based on this query:
 ```
 password_query = SELECT username as user, password, concat('/var/vmail/', maildir) as userdb_var, concat('maildir:/var/vmail/', maildir) as userdb_mail, 20001 as userdb_uid, 20001 as userdb_gid, m.domain FROM mailbox m, domain d where d.domain = m.domain and m.username = '%u' AND m.active = '1' AND (m.password_expiry > now() or d.password_expiry = 0)
 ```
 Of course, you may require to adapt the uid, gid, maildir and table to your setup.
 ## Changes in system
 You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration. An example is given below.
 Edit the script to adapt the variables to your setup.
 This script is using `postfixadmin.my.cnf` to read credentials, which might look a bit like : 
 ```ini
 [client]
 user = me
 password = secret
 host = hostname
 ```
 Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
 ### Expiration Script 
 ```bash
 #!/bin/bash
 #Adapt to your setup
 POSTFIX_DB="postfixadmin"
 MYSQL_CREDENTIALS_FILE="postfixadmin.my.cnf"
 REPLY_ADDRESS=noreply@example.com
 # Change this list to change notification times and when ...
 for INTERVAL in 30 14 7
 do
    LOWER=$(( $INTERVAL - 1 ))
    QUERY="SELECT username,password_expiry FROM mailbox WHERE password_expiry > now() + interval $LOWER DAY AND password_expiry < NOW() + interval $INTERVAL DAY"
    mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -B -e "$QUERY" | while read -a RESULT ; do
        echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 30 days before expiration notication" -r $REPLY_ADDRESS  ${RESULT[0]} 
    done
 done
 ```
--- a/DOCUMENTS/README.password_expiration
+++ b/DOCUMENTS/README.password_expiration
@@ -1,48 +0,0 @@
 *Description
 This extension adds support for password expiration.
 It is designed to have expiration on users passwords. An email is sent when the password is expiring in 30 days, then 14 days, then 7 days.
 It is strongly inspired by https://abridge2devnull.com/posts/2014/09/29/dovecot-user-password-expiration-notifications-updated-4122015/, and adapted to fit with Postfix Admin & Roundcube's password plugin
 Expiration unit is day
 Expiration value for domain is set through Postfix Admin GUI
 *Installation
 Perform the following changes:
 **Changes in MySQL/MariaDB mailbox table (as defined in $CONF['database_tables'] from config.inc.php):
 You are invited to backup your DB first, and ensure the table name is correct.
 Execute the attached SQL script (password_expiration.sql) that will add the required columns. The expiration value for existing users will be set to 90 days. If you want a different value, edit line 2 in the script and replace 90 by the required value.
 **Changes in Postfix Admin :
 To enable password expiration, add the following to your config.inc.php file:
 $CONF['password_expiration'] = 'YES';
 All my tests are performed using $CONF['encrypt'] = 'md5crypt';
 **If you are using Roundcube's password plugin, you should also adapt the $config['password_query'] value.
 I recommend to use:
 $config['password_query'] = 'UPDATE mailbox SET password=%c, modified = now(), password_expiry = now() + interval 90 day';
 of cource you may adapt to the expected expiration value
 All my tests are performed using $config['password_algorithm'] = 'md5-crypt';
 **Changes in Dovecot (adapt if you use another LDA)
 Edit dovecot-mysql.conf file, and replace the user_query (and only this one) by this query:
 password_query = SELECT username as user, password, concat('/var/vmail/', maildir) as userdb_var, concat('maildir:/var/vmail/', maildir) as userdb_mail, 20001 as userdb_uid, 20001 as userdb_gid, m.domain FROM mailbox m, domain d where d.domain = m.domain and m.username = '%u' AND m.active = '1' AND (m.password_expiry > now() or d.password_expiry = 0)
 Of course you may require to adapt the uid, gid, maildir and table to your setup
 **Changes in system
 You need to have a script running on a daily basis to check password expiration and send emails 30, 14 and 7 days before password expiration (script attached: check_mailpass_expiration.sh).
 Edit the script to adapt the variables to your setup.
 This script is using postfixadmin.my.cnf to read credentials. Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
--- a/check_mailpass_expiration.sh
+++ b/check_mailpass_expiration.sh
@@ -1,20 +0,0 @@
 #!/bin/bash
 #Adapt to your setup
 POSTFIX_DB="postfix_test"
 MYSQL_CREDENTIALS_FILE="postfixadmin.my.cnf"
 REPLY_ADDRESS=noreply@example.com
 # Change this list to change notification times and when ...
 for INTERVAL in 30 14 7
 do
    LOWER=$(( $INTERVAL - 1 ))
    QUERY="SELECT username,password_expiry FROM mailbox WHERE password_expiry > now() + interval $LOWER DAY AND password_expiry < NOW() + interval $INTERVAL DAY"
    mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -B -e "$QUERY" | while read -a RESULT ; do
        echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 30 days before expiration notication" -r $REPLY_ADDRESS  ${RESULT[0]} 
    done
 done