Generally speaking, this is a bad idea, it comes from an out of dated concept of account security that for some reason thinks changing the users password every 6 months will somehow increase security, it does not (in most situations), instead you should look to the security features that ensure passwords are sufficiently complex, and that detect hacked accounts. See https://surgemail.com/knowledge-base/find-and-stop-spammers-and-hackers/#Check_for_accounts_with_weak_passwords
Also be aware that it's kind of impossible, because imap/pop/smtp do not support the concept, so you cannot force the password change in a meaningful way...
Anyway, now assuming you still want to do it! 🙂
g_authent_reminders "140" # Remind users to change passwords every 150 days
g_authent_require "150" # Require usres to change passwords every 150 days, done in SurgeWeb where it is safe
g_authent_enforce "300" # Never use this, it actually stops the user logging in if they didn't get the hint.