One of the cPanel servers I am running has constant troubles with compromised email accounts. I believe many of the users on this server have very weak passwords. I have increased the minimum password security, but that only takes effect when passwords are changed... Is there any way to force a one-time password change for all cPanel accounts and cPanel email addresses? This way I could force all users to generate new, secure passwords.
UPDATE: I have found that each account has files at ~/etc/domain.name/{passwd,shadow}
which contain Unix-style passwd and shadow files for all email accounts. However, if I edit them manually I am still able to send email :-(
If I can locate the file which exim uses to authenticate users and mangle the passwords there, that would solve my issue...