There have been many improvements around password functionality in SmarterMail 13.x, however there still does not seem to be a way to force a user to change password at next login.
What we had been doing to get around this is to set a password that does not meet the password requirements at user creation. At first login to webmail the user is forced to change their password.
Currently we have built a custom web application that uses the SmarterMail web services to create and update user mailboxes. Using the web services we are not able to perform this workaround.
How are others forcing password changes? How is there not a checkbox to force a password change at next login? This is a glaring oversight by SmarterMail.