Yesterday we made a change to the password policy requirements and today users started receiving password policy violation emails stating that outbound messages will be blocked if the password has not been updated by x date.
The "Disable password strength for existing passwords" option is also selected. My understanding is that this should mean existing users are not sent these emails and don't have their outbound messages blocked. For some reason this doesn't appear to be the case.
Looks like a bug in the logic somewhere.