You can tell VPOP3 to enforce password strength checks by using a Lua script which performs the checks for you.
The Lua script can be edited in Settings → Scripts and is called passwordcheck.lua (in older versions of VPOP3 it is stored in a file called passwordcheck.lua in the VPOP3 directory). VPOP3 calls a function called Check which should have the following prototype:
Check(<username>, <password>, <min password length>)
(where '<min password length>' is the minimum length set in Settings → Security in the VPOP3 settings)
This function should return a boolean value to say whether the password is allowed or not (true = allowed, false = not allowed)
A simple example to prevent the password being the same as the username or 'password' would be:
function Check(Username, Password, minlength)
if Password == Username or Password == 'password' then
return false
else
return true
end
end
A more complex example is:
blockedWords = {"password", "letmein", "computer"} minTypes = 3 function Check(Username, Password, minlength) lowerPassword = string.lower(Password) if Password == Username then return false end for _, value in pairs(blockedWords) do if lowerPassword == value then return false end end hasDigit = 0 hasCaps = 0 hasLower = 0 hasSpecial = 0 if string.find(Password, "%d") then hasDigit = 1 end if string.find(Password, "[A-Z]") then hasCaps = 1 end if string.find(Password, "[a-z]") then hasLower = 1 end if string.find(Password, "[^a-zA-Z0-9]") then hasSpecial = 1 end differentTypes = hasDigit + hasCaps + hasLower + hasSpecial if differentTypes >= minTypes then return true else return false end end
If you need, we can produce a script for you, but there would be a cost for this - contact support@pscs.co.uk with a specification for a quote. (The price is usually £50 + VAT for a simple case)