qmailadmin password-strenght patch

May 1, 2020 Roberto Puzzanghera 2 comments

May 1 2020 update: This patch has been replaced by the qmailadmin-cracklib patch, that is much more robust. Look here for more info

A big lack of qmail account managers, expecially qmailadmin, is that they do not provide any password complexity check. A couple of days ago I discovered in one of my servers a "test 123456" account and I realized that the time had come to put a patch on it.

Since I had no luck in having cracklib working inside qmailadmin (any help  on the purpose would be veeerrry much appreciated) I've quickly found a solution via a javascript form validation, which refuses unsecure passwords. You can easily customize how it decides to accept/refuse the passwords modifying the file pw_strenght_chk.js in the html dir.

patches | qmail | qmailadmin
add a comment

Comments

where to get and how to apply patch

Peter Sutta January 27, 2018 13:46

Dear Roberto,

i am glad you create such a patch. I would like to get it and make it work. Could you please describe where to get full patch with some short howto apply it on the qmail server?

Thank you in advance.

Reply | Permalink

where to get and how to apply patch

Roberto Puzzanghera Peter Sutta January 27, 2018 14:17

sorry the link was broken... here it is

Info about the installation are in the qmailadmin page

Reply | Permalink

qmail notes

General notes

Preinstallation tasks

daemontools

fehQlibs

ucspi-tcp6

ucspi-ssl

qmail

vpopmail

Patching

Configuring

Testing

autorespond

ezmlm-idx

qmailadmin

Add-ons

RBL

Greetdelay

tcprules

SPF

DKIM

SURBL

Limiting per user/IP outgoing emails

Denying bad DNS HELOs

Greylisting

qmail-taps-extended

moreipme

qmHandle

queue-repair

vQadmin

ezmlm-browse

ezmlm-web

rblsmtpd

qmail-rblchk

Dovecot

Running

Testing

Filtering

Indexing

Expunging

vpopmail-auth driver removal

Spamassassin

Filtering networks

User Prefs

TxRep and Bayesian

Learning and reporting

DMARC

Roundcube

Plugins

ClamAV

clamav-unofficial-sigs

simscan

Testing

fail2ban

Installing a valid SSL certificate

ChangeLog

Need help?

Pay me a coffee:

PayPal - The safer, easier way to pay online.

LXC scripts

Introduction

Basic configuration files

Creating an unprivileged container

Scripts overview

Natting

Other contents

Converting a Linux installation to Slackware in OVH server

Running OpenBoard in a window

Migrating from Linux-VServer to LXC

Linux-VServer on Slackware

Running two php on the same server

rsync backup via ssh

Securing proftpd

Installing mariaDB

Setting up MySQL

SEO friendly URLs with apache mod_rewrite

Building your ownCloud

Building your own mozilla-sync server

Setting up Tex on Mediawiki

Slackware RSS feeds

English
Italiano
Recent comments

RBL and Bordermailer
March 20, 2023 09:31

RBL and Bordermailer
March 20, 2023 09:13

RBL and Bordermailer
March 18, 2023 15:52

Bug in dknewkey
March 18, 2023 11:35

What is qq_internal_bug_?
March 18, 2023 11:28

What is qq_internal_bug_?
March 18, 2023 11:08

What is qq_internal_bug_?
March 18, 2023 08:48

What is qq_internal_bug_?
March 18, 2023 08:08

What is qq_internal_bug_?
March 18, 2023 07:43

What is qq_internal_bug_?
March 18, 2023 04:37

See also...

qmailadmin password-strenght patch

Tags

apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin

Recent posts

ChangeLog

Patching qmail

Configuring DKIM for qmail

smtp-auth + qmail-tls + forcetls patch for qmail

Preinstallation tasks

Configuring qmail

Installing and configuring vpopmail

vQadmin

Dovecot vpopmail-auth driver removal. Migrating to the SQL driver

Installing Dovecot and sieve on a vpopmail + qmail server

RSS feeds