How To Detect Weak Mail Passwords On Your ISPConfig 3 Server
By Nedim Hadzimahmutovic <email@example.com>
This is a short tutorial on how to find out weak password for your mail users. This will save you you a huge headache since spammers will find out mail account with weak password and send spam email as that user which will result in your mail server being blacklisted.
Export mail users from database to local file
Use command below to export users and their passwords to local file.
# mysql -u root -p dbispconfig
Run this once logged in mysql.
mysql> SELECT email,password FROM dbispconfig.mail_user INTO OUTFILE '/tmp/sql.txt' FIELDS TERMINATED BY ':' ESCAPED BY '\\' ENCLOSED BY '' LINES TERMINATED BY '\r\n';
A file containing usernames and passwords is created in /tmp/sql.txt
Use "John the Ripper" to find out weak passwords
Install the program.
# apt-get install john
Load the exported mail user list from /tmp/sql.txt file.
# john -single /tmp/sql.txt
John will show you the cracked passwords. To see the cracked passwords later on run command below.
# john --show /tmp/sql.txt
To find out simple numeric passwords like 123456 run john in incremental mode.
# john --incremental=Digits /tmp/sql.txt
To find out simple alphanumeric passwords like abc123 use the wordlist mode as shown below.
# john --wordlist=/usr/share/john/password.lst /tmp/sql.txt
To see more examples run:
# zless /usr/share/doc/john/EXAMPLES.gz
When you finish, do not forget to remove the sql.txt file!!
# rm /tmp/sql.txt