Launch the Mail Express Server administration interface. (e.g., click Start > Programs > Globalscape > Mail Express > Mail Express Admin or double-click the desktop shortcut).
Log in using the Mail Express Server administrator username and password that you specified during installation of the server.
In the navigation pane, click User Management > General. The General User Settings page appears.
Select (enable) or clear (disable) the check boxes as needed:
-
Require email verification to activate an account—When this check box is selected, for accounts that are created automatically, e.g., by LDAP or by an internal user's invitation, Mail Express sends an email to external users with an activation link. The external user must then click the link in the email to activate the account (thus verifying that it is a valid account).
-
Allow external accounts to expire—When this check box is selected, you can specify whether user accounts can expire and whether the account expires based on age or inactivity. For example, if you want all accounts to expire after 1 month of inactivity, you would select this check box, click Inactivity, then specify 1 month in the drop-down list. You can specify from 1 minute to 99 years.
-
Require external users to agree to Terms of Service—When this check box is selected, a Terms of Service agreement will be displayed to external users upon initial login. They must click Accept to continue to the portal. Their agreement is stored in the Mail Express database, and the account will not be presented with the agreement again. (Refer to Customizing Mail Express Pages and Notifications to customize the TOS message.)
-
Allow internal accounts to expire—When this check box is selected, you can specify whether internal user accounts can expire and whether the account expires based on age or inactivity. For example, if you want accounts to expire after 1 month of inactivity, you would select this check box, click Inactivity, then specify 1 month in the drop-down list. You can specify from 1 minute to 99 years.
-
Allow internal users to send account invitations—When this check box is selected, all internal users are allowed to send account invitations. This is the "global on/off switch" for account invitations. When this check box is selected, the internal user account still needs to have the user-level permission enabled to send account invitations. If this check box is selected, but the user-level permission in the internal user's account is not enabled, the account cannot send invitations.
-
Allow new internal users to send account invitations by default—When this check box is selected, the Allow user to send account invitations check box on the Internal User Details page is selected by default.
-
Allow new internal users to access Drop-Off portal by default—When this check box is selected, the Allow user to access Drop-Off portal check box in the Internal User Details page is selected by default. Users created through LDAP get this privilege by default.
In the Password Policy area, select (enable) or clear (disable) the following check boxes to set the policy:
-
Enable password policy—Select the check box to enable the password policy and display the other policy options. Password policy is disabled by default.
-
Force password change after initial login—Select this check box if you want to set an initial password and then require the user to change their password when they log in for the first time.
-
A-Z—Select the check box to require uppercase characters from A through Z. Selected by default.
-
a-z—Select the check box to require lowercase characters from a through z. Selected by default.
-
0-9—Select the check box to require numbers from 0-9. Selected by default.
-
Non-alphanumeric—Select the check box to require non-alphanumeric characters, such as punctuation. Cleared by default.
-
Minimum length—Select the check box to require a minimum password length. The check box is selected by default, with a minimum length of 8 characters.
-
Must not contain repeated characters—Select the check box if you do not want to allow repeated characters. The check box is selected by default, with a minimum of 3 repeated characters.
-
Must not contain consecutive characters from username—Select the check box if you do not want to allow characters from the username. The check box is selected by default, with a minimum of 3 characters from the username.
-
Password expiration—Select the check box if you want the password to expire, then specify the number of days at which to expire the password (1 day to 999 years). The default expiration is 90 days; the check box is cleared by default.
-
Number of previous passwords to prevent user from reusing—Select this check box to prevent the user from reusing previous passwords, then specify the number of previous passwords to compare (1-99 passwords). The default number of previous passwords is 4; the check box is cleared by default.
In the Account Lockout area, specify the account lockout policy:
-
Enable account lockout policy—Select (enable) or clear (disable) the check box. It is disabled by default.
-
Login attempts allowed—Specify the number of incorrect logins allow before the account is locked, from 1 to 99. The default is 3.
-
Login attempt time period—Specify the period during which to count bad login attempts, from 1 to 99 minutes. The default is 5 minutes. For example, if 3 incorrect login attempts to an account occur within 5 minutes of each other, the account will be locked.
-
Lockout expiration—Select (enable) or clear (disable) the check box, then, if enabled, specify the time after which the lockout will expire and the account will be unlocked, from 1 to 99 minutes. The default is 5 minutes. If no value is defined, the account is locked until the administrator unlocks the account.
Click Save to save the changes on the server or click Restore to restore the settings in the boxes to their last saved state.