SmarterMail Help

Password Requirements

To ensure the security of the mail server and its mailboxes, system administrators can specify minimum requirements for user passwords. To access the password requirements settings, log into SmarterMail as a System Administrator and click on the Settings icon. Then click on Password Requirements in the navigation pane. The password requirement settings will load and the following options will be available:

Requirements

  • Minimum Password Length - The minimum number of characters the password must have. Move the slider to the right to enable this setting.
  • At least one number - Select this option to force users to include a number in the password.
  • At least one capital letter - Select this option to force users to include a capital letter in the password.
  • At least one lowercase letter - Select this option to force users to include a lowercase letter in the password.
  • At least one symbol - Select this option to force users to include a symbol in the password.
  • May not match username - Select this option to ensure that the username and password do not match.

Options

  • Prevent common passwords - Select this option to prevent users from configuring passwords that are included in the list of commonly used, insecure passwords. Note: The default location of the list of commonly used passwords is: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Common_Passwords.xml.
  • Prevent previous passwords use - Select this option to prevent users from using previously used passwords when changing their account password. Note: This setting prohibits old passwords from being used indefinitely. It is not based on a time interval.
  • Skip enforcement for existing passwords - Select this option to allow changes to the password requirements to only affect new users or new passwords.
  • Enable password retrieval - Select this option to allow users to reset their password if they forget it. Note: In order for users to utilize password retrieval, they must have a backup email address configured in their account settings.

Expiration

  • Passwords expire automatically - Toggle the slider to the right to enable password expiration, forcing users to update their account passwords at your specified time.
  • Password Expiration (Months) - The number of months that a password is valid. After the specified time, a user’s outgoing SMTP will be disabled and a password change will be forced upon Web interface login. Move the slider to the right to enable this setting. Note: If a user's 'Disable password changes' setting is enabled, their password will not expire.
  • User Notification Timing - The interval(s) used to notify users of when their password will expire or when their auto-block grace period will end and, subsequently, their outgoing SMTP will be disabled. The default values are 28, 14, 7, 3, 2, 1 days. This means SmarterMail will send out warning messages to the user to change their password 28 days, 14 days, 7 days, 3 days, 2 days and 1 day before their password officially expires or the grace period ends if their password violates the requirements. Note: SmarterMail will send one, single notification for all missed intervals. For example, imagine "Auto-block Grace Period" is set for 30 days and the "User Notification Timing" is set at 60, 45, 25, 10, 2, 1. When a user is in violation, SmarterMail will send a single notification for the 60 and 45 day intervals then continue as normal at the 25 day interval.
  • Auto-block Grace Period (Days) - The number of days a user can wait to update their account password before outgoing SMTP is disabled due to password policy violation. Note: This setting only applies if the "Disable outgoing SMTP when auto-block grace period ends" setting is checked.
  • Disable outgoing mail after grace period ends - Select this option to disable outgoing SMTP after the auto-block grace period ends when a user’s password does not meet the password requirements.