6
Password policy violation - Blank Sender
Problem reported by Jon Eastwood - November 17, 2014 at 2:27 AM
Being Fixed
I have enabled the new features of the password violation so that it emails users to tell them if their password needs updating and when they must update it by.
 
Several emails have already gone out to users but they all have blank sender info, where should it be gettign this info from so that i can update it to make sure its not blank as users have already emailed me asking if its real and not spam or a spoof email
 
They look like this:
 
 
 
Any ideas why?
 
 

10 Replies

Reply to Thread
3
John Marx Replied
November 17, 2014 at 5:55 AM
I believe that SmarterMail sends out blank emails. I would like to propose a feature request item that allows us to set a master email that is used for administration that goes out on all emails. For example, website@domain.com or something similar that we can set. This would help fix the problem with not only SmarterMail but SmarterStats sending out emails in this manner.
1
Shaun Peet Replied
November 17, 2014 at 11:36 AM
I was just about to start a new thread on this exact subject!
 
First off, this is a *GREAT* new feature but hopefully it's just a start.  This morning was the first time that our users started getting these emails and I've gotten no less than 30 people asking if it was legit or not because the email is extremely spammy-looking.  If we can't customize the email template (which hopefully is coming soon) can we at least see a default email with much more information in it?
 
Ideally, the email should have as a minimum what the password policy is and why the user's current password is violating it.  It should also have some clear instructions for the user on *how* to change their password - and even better with links and/or videos.
 
And as others have mentioned already, the fact that the email comes "from" nobody also makes people very suspicious (which they should be).
 
3
Employee Replied
November 17, 2014 at 12:09 PM
Employee Post
We will change it so the user name is "System Administrator".  We will also let the user know to log into webmail to change the password and what the password policy is.
 
The notification messages can't be changed in the current version.  We are discussing having a template option in SmarterMail 14 for not just the password violation and expiration notifications, but all SmarterMail generated messages to users.  You would be able to set the sender address and user name as well.  I can't guarantee that will be in version 14 as we haven't locked down those features yet, but I will add a note to this feature request that we have had a number of people in the community asking for it.
0
Robert Emmett Replied
December 4, 2014 at 2:02 PM
Employee Post
With SM 13.1, notification emails for password expirations and password policy violations now explain that the password can be changed by logging into webmail, show the sender as System Administrator, and explain which rules the user's current password is violating.
 
We are still considering having a customizable template for system email notifications.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
2
John Marx Replied
December 5, 2014 at 4:40 AM
When the system shows as "System Administrator" what email address is this that is used? Is it:
 
1. The overall administrator that?
2. Is it the administrator for a domain?
3. Something else entirely?
 
(Proposed Idea) If not already I would like the option to have an option that defaults to the primary administrator for the domain but with the option for the domain account to set who they would want it to be. This way if John is the person that should get questions today and Jane the questions next month as John has left the organization it can be changed. Then if say John's account was deleted either revert back to the primary account or popup a notice stating that now that John has been deleted that someone new needs to be set and that so-and-so email has now been set as the contact until you change it in the settings.
1
Jon Eastwood Replied
December 5, 2014 at 4:45 AM
BTW, I am a bit unsure this thread should be marked as 'resolved' as many of us still think it need more work/investigation?
1
Chris Danks Replied
December 5, 2014 at 8:29 AM
I today upgraded to Smartermail 13.1
 
I go to manage > password policy compliance
send email
 
How do I put in the email templates like [EmailAddress] or [DomainName] so i can send an email that says your email mail@domain.com  blah blah blah, go to http://mail.DOMAIN to login and change your password
 
 
0
Jon Eastwood Replied
December 12, 2014 at 1:52 AM
Upgraded to the latest version,
 
Compliance report now has less users on it so people are finally changing there passwords.
 
But I have several users tell me they have changed their password to match the requirements but they are still getting violation emails.
 
One user today got the following email:
 
The password for xxxx@xxxx.xom violates the password policy and must be changed.
 
Outbound messages will be blocked if the password has not been updated by 15/12/2014.
 
A prompt to set a new password will appear the next time you log into webmail.
 
Your current password violates the following password policy rules:
                * Must be at least 8 characters long.
                * Must contain at least one capital letter.
                * Must contain at least one symbol.
                * Must contain at least one number.
 
 
But I have checked the users password and even though this is not the EXACT password this is the same format as they have which you will see conforms to the requirements.
 
Tihhwi0456!
 
So why would a password as above still show up on the report and still get these emails?
 
 
2
Robert Emmett Replied
April 21, 2015 at 8:18 AM
Employee Post
The ability to customize system-generated password policy violation messages has been implemented and is available in SmarterMail 14, which is currently in BETA testing.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Chris Danks Replied
June 25, 2015 at 7:39 AM
HI
 
I am using Smartermail 14 Enterprise Edition
 
if i go to manage > password policy compliance
select all
send email
 
I want to compose an email that says your email address: EMAILADDRESS has a weak password
 
how would I replace EMAILADDRESS  with the email address of the email account??

Reply to Thread