How To Detect Weak Mail Passwords On Your ISPConfig 3 Server

By Nedim Hadzimahmutovic <h.nedim@gmail.com>

This is a short tutorial on how to find out weak password for your mail users. This will save you you a huge headache since spammers will find out mail account with weak password and send spam email as that user which will result in your mail server being blacklisted.

Export mail users from database to local file

Use command below to export users and their passwords to local file.

# mysql -u root -p dbispconfig

Run this once logged in mysql.

mysql> SELECT email,password FROM dbispconfig.mail_user INTO OUTFILE '/tmp/sql.txt' FIELDS TERMINATED BY ':' ESCAPED BY '\\' ENCLOSED BY '' LINES TERMINATED BY '\r\n';

A file containing usernames and passwords is created in /tmp/sql.txt

Use "John the Ripper" to find out weak passwords

Install the program.

# apt-get install john

Load the exported mail user list from /tmp/sql.txt file.

# john -single /tmp/sql.txt

John will show you the cracked passwords. To see the cracked passwords later on run command below.

# john --show /tmp/sql.txt

To find out simple numeric passwords like 123456 run john in incremental mode.

# john --incremental=Digits /tmp/sql.txt

To find out simple alphanumeric passwords like abc123 use the wordlist mode as shown below.

# john --wordlist=/usr/share/john/password.lst /tmp/sql.txt

To see more examples run:

# zless /usr/share/doc/john/EXAMPLES.gz

When you finish, do not forget to remove the sql.txt file!!

# rm /tmp/sql.txt