- Plesk Onyx for Windows
- Plesk for Windows
Why is it possible to change e-mail account password via MailEnable webmail to one weaker than it is allowed at Tools & Settings > Security Policy?
This is the expected behavior. The password changes made using MailEnable Webmail are not currently synchronized with Plesk and performed directly on the MailEnable mail server. Thus, server-wide security policy set in Plesk does not affect MailEnable security settings.
The E-mail security policy can be set by enabling the Prevent simple passwords option in MailEnable.
Note: Prevent simple passwords option is available for non-free MailEnable versions only, e.g. MailEnable Enterprise
This setting is available in the Policies tab at MailEnableAdmin > Servers > right-click localhost > select Properties.
It switches on the following rules for created/changed passwords:
- Passwords must be over 6 characters long
- Passwords cannot match mailbox or account name, or have the mailbox or account name contained in the password string.
- Password cannot be 'password' or cannot have the word 'password' contained in the password string.