0

As an admin of a Mail server, I would like to force logged-in users of an email account (e.g. in their Outlook, Thunderbird) to login again with new password and prevent everyone from sending/receiving any more emails until they re-login.

What I've tried:

  1. I have an account say: test@mydomain.com
  2. I have logged in to the account on Thunderbird with IMAP and original password.
  3. THEN I have changed the account's password on the server.
  4. After about 30 minutes the email client started asking for the new password as expected. But it still receives emails! :-(

How can I force everyone with the old password to relogin/reauthenticate with new password?
Does IMAP enable closing all sessions?
I expect POP3 to fail to login sooner than IMAP, but I need to logout POP3 users too.

If this helps anyhow, the mail server is hosted on OVH.com, so don't have access to console on the IMAP server myself.

I'm mainly curious if the forced logout is even possible.

kub1x
  • 111
  • Suppose you should mention the IMAP software and what sort of access you do have? – anx Mar 03 '21 at 12:25
  • 1
    Just report it to them as a security issue. Kicking old sessions should be possible when updating credentials, how else are customers expected to remove access? – anx Mar 03 '21 at 12:28
  • Stop and restart the IMAP service on the server. – joeqwerty Mar 03 '21 at 12:50

0 Answers0