In this guide, we’ll look at all the modification you need to Set a secure Password Policy on Zimbra server. By default, Zimbra doesn’t enforce any strong password requirements for a user account. This poses a risk of the account being compromised and ultimately used for spamming.

How To Set Password Policy on Zimbra

So you have a Zimbra server in production ready to use? follow this guide on how to set this up. The first thing you’ll possibly do is check your current password settings on the Zimbra server. This is done using the commands:

$ sudo su - zimbra
$ zmprov gac -v | grep Password | sort | uniq
zimbraFeatureChangePasswordEnabled: TRUEzimbra
MobilePolicyAllowSimpleDevicePassword: FALSE
zimbraMobilePolicyAlphanumericDevicePasswordRequired: FALSEzimbraMobilePolicyDevicePasswordEnabled: TRUE
zimbraMobilePolicyDevicePasswordExpiration: 0zimbraMobilePolicyDevicePasswordHistory: 8
zimbraMobilePolicyMaxDevicePasswordFailedAttempts: 4
zimbraMobilePolicyMinDevicePasswordComplexCharacters: 0
zimbraMobilePolicyMinDevicePasswordLength: 4
zimbraMobilePolicyPasswordRecoveryEnabled: TRUE
zimbraPasswordEnforceHistory: 0
zimbraPasswordLocked: FALSE
zimbraPasswordLockoutDuration: 1h
zimbraPasswordLockoutEnabled: FALSE
zimbraPasswordLockoutFailureLifetime: 1h
zimbraPasswordLockoutMaxFailures: 10
zimbraPasswordMaxAge: 0
zimbraPasswordMaxLength: 64
zimbraPasswordMinAge: 0
zimbraPasswordMinAlphaChars: 0
zimbraPasswordMinDigitsOrPuncs: 0
zimbraPasswordMinLength: 6
zimbraPasswordMinLowerCaseChars: 0
zimbraPasswordMinNumericChars: 0
zimbraPasswordMinPunctuationChars: 0
zimbraPasswordMinUpperCaseChars: 0
zimbraPasswordMinUpperCaseChars: 1

The key items you might want to be keen on are:

zimbraPasswordMaxAge: Set the maximum time the password will remain valid.:
zimbraPasswordLockoutMaxFailures: The number of failed login attempts.
zimbraPasswordMinLength: The minimum length of the password
zimbraPasswordMinNumericChars: The minimum number of numeric characters in the password.
zimbraPasswordMinUpperCaseChars: The minimum number of uppercase character required in a password.

Set strong Password policy on Zimbra

Now that you have seen the key parameters we need to modify, let’s apply them to the server. My settings will be:

zimbraPasswordMaxAge: 90 --> In days
zimbraPasswordMinLength: 7
zimbraPasswordLockoutMaxFailures: 5
zimbraPasswordMinNumericChars: 1
zimbraPasswordMinUpperCaseChars: 1

Changing password policy settings on Zimbra Admin web interface.

If you’re not a terminal-centric person, you can consider making these changes on the web UI. To do so, navigate to:

Home > Configure > Class of Service > default | defaultExternal > Advanced

On the page, there is a section for password policy modification:

zimbra password policy

Change the values to your liking and click on the save button once you’re done.

Changing password policy settings on Zimbra CLI.

You can as well change the settings from the CLI. The syntax for this is:

$ zmprov mc <cos-name> <parameter> <value>

If you don’t know your list of class of service, check with the command:

$ zmprov gac

For more details about a particular cos, use:

$ zmprov gc default


To ensure there is an uppercase character and a number on the password, use:

$ sudo su - zimbra
$ zmprov mc default zimbraPasswordMinNumericChars 1
$ zmprov mc default zimbraPasswordMinUpperCaseChars 1
$ zmprov mc default zimbraPasswordLockoutMaxFailures 5

Follow the same syntax for all other parameters which can be changed.

For more details about how to use the class of service settings on Zimbra, check the help page.

$ zmprov help cos

copyCos(cpc) {src-cos-name|id} {dest-cos-name}
createCos(cc) {name} [attr1 value1 [attr2 value2...]]
deleteCos(dc) {name|id}
getAllCos(gac) [-v]
getCos(gc) {name|id} [attr1 [attr2...]]
modifyCos(mc) {name|id} [attr1 value1 [attr2 value2...]]
renameCos(rc) {name|id} {newName}


Hope this guide on how to Set Password Policy on Zimbra was helpful. If you have other ideas on hardening Zimbra server, please let me know. I’ll definitely add to the guide.

Other Zimbra Articles on this blog:

Managing Distribution Lists on Zimbra Mail Server

Configure whitelist and blacklist Zimbra Amavis Spam filtering

Zimbra Firewall Configuration with ufw for Ubuntu and firewalld for CentOS

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here