How To Set Secure Password Policy on Zimbra

In this guide, we’ll look at all the modification you need to Set a secure Password Policy on Zimbra server. By default, Zimbra doesn’t enforce any strong password requirements for a user account. This poses a risk of the account being compromised and ultimately used for spamming.

How To Set Password Policy on Zimbra

So you have a Zimbra server in production ready to use? follow this guide on how to set this up. The first thing you’ll possibly do is check your current password settings on the Zimbra server. This is done using the commands:

$ sudo su - zimbra
$ zmprov gac -v | grep Password | sort | uniq
zimbraFeatureChangePasswordEnabled: TRUEzimbra
MobilePolicyAllowSimpleDevicePassword: FALSE
zimbraMobilePolicyAlphanumericDevicePasswordRequired: FALSEzimbraMobilePolicyDevicePasswordEnabled: TRUE
zimbraMobilePolicyDevicePasswordExpiration: 0zimbraMobilePolicyDevicePasswordHistory: 8
zimbraMobilePolicyMaxDevicePasswordFailedAttempts: 4
zimbraMobilePolicyMinDevicePasswordComplexCharacters: 0
zimbraMobilePolicyMinDevicePasswordLength: 4
zimbraMobilePolicyPasswordRecoveryEnabled: TRUE
zimbraPasswordEnforceHistory: 0
zimbraPasswordLocked: FALSE
zimbraPasswordLockoutDuration: 1h
zimbraPasswordLockoutEnabled: FALSE
zimbraPasswordLockoutFailureLifetime: 1h
zimbraPasswordLockoutMaxFailures: 10
zimbraPasswordMaxAge: 0
zimbraPasswordMaxLength: 64
zimbraPasswordMinAge: 0
zimbraPasswordMinAlphaChars: 0
zimbraPasswordMinDigitsOrPuncs: 0
zimbraPasswordMinLength: 6
zimbraPasswordMinLowerCaseChars: 0
zimbraPasswordMinNumericChars: 0
zimbraPasswordMinPunctuationChars: 0
zimbraPasswordMinUpperCaseChars: 0
zimbraPasswordMinUpperCaseChars: 1

zimbraPasswordMaxAge: Set the maximum time the password will remain valid.:
zimbraPasswordLockoutMaxFailures: The number of failed login attempts.
zimbraPasswordMinLength: The minimum length of the password
zimbraPasswordMinNumericChars: The minimum number of numeric characters in the password.
zimbraPasswordMinUpperCaseChars: The minimum number of uppercase character required in a password.

Set strong Password policy on Zimbra

Now that you have seen the key parameters we need to modify, let’s apply them to the server. My settings will be:

zimbraPasswordMaxAge: 90 --> In days
zimbraPasswordMinLength: 7
zimbraPasswordLockoutMaxFailures: 5
zimbraPasswordMinNumericChars: 1
zimbraPasswordMinUpperCaseChars: 1

Changing password policy settings on Zimbra Admin web interface.

If you’re not a terminal-centric person, you can consider making these changes on the web UI. To do so, navigate to:

Home > Configure > Class of Service > default | defaultExternal > Advanced

On the page, there is a section for password policy modification:

zimbra password policy

Change the values to your liking and click on the save button once you’re done.

Changing password policy settings on Zimbra CLI.

You can as well change the settings from the CLI. The syntax for this is:

$ zmprov mc <cos-name> <parameter> <value>

If you don’t know your list of class of service, check with the command:

$ zmprov gac

For more details about a particular cos, use:

$ zmprov gc default


To ensure there is an uppercase character and a number on the password, use:

$ sudo su - zimbra
$ zmprov mc default zimbraPasswordMinNumericChars 1
$ zmprov mc default zimbraPasswordMinUpperCaseChars 1
$ zmprov mc default zimbraPasswordLockoutMaxFailures 5

Follow the same syntax for all other parameters which can be changed.

For more details about how to use the class of service settings on Zimbra, check the help page.

$ zmprov help cos

copyCos(cpc) {src-cos-name|id} {dest-cos-name}
createCos(cc) {name} [attr1 value1 [attr2 value2...]]
deleteCos(dc) {name|id}
getAllCos(gac) [-v]
getCos(gc) {name|id} [attr1 [attr2...]]
modifyCos(mc) {name|id} [attr1 value1 [attr2 value2...]]
renameCos(rc) {name|id} {newName}

source :
Posted on: March 18, 2024, by :  | 11 views