Courier & Exim: Logging Passwords

[interactive]

Hello,
Kind of an odd request, but we're planning on migrating our mailserver. As part of this process we have to convert all mail user's passwords. We could run L0ptCrack to jam out the roughly 3,100 mailboxes, but this would take quite a while.

However, after doing some testing I discovered that with Courier & Exim (on a differently configured non-CPanel server), you can turn up the logging levels. So I've changed /etc/syslog.conf from mail.info to mail.debug and it works perfectly. User's passwords are logged in clear text.

Here's the configuration section that I have working on a non-CPanel server and it logs passwords in clear text perfectly:

Code:

cram:
  driver = cram_md5
  public_name = CRAM-MD5       
  server_advertise_condition = *
  server_secret = ${lookup mysql{SELECT userClearPassword FROM mailUsers WHERE userEmailAddress = '${quote_mysql:$1}'}{$value}fail}
  server_set_id = $1

Obviously we already have the passwords stored in clear text, but there's gotta be a way to where we can get this to work.

Here's the configuration from our CPanel server:

Code:

fixed_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
server_set_id = $2

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{checkuserpass}{$1}{$2}}"
server_set_id = $1

I'm hesitant to modify the configuration for the CPanel server because I obviously don't want to prevent user's from checking their e-mail.

As a last resort, is there anyway I could modify the $perl{checkuserpass} to get it to possible log all of the converted passwords? Then I could do just a dictionary brute force on our mail users.

Thanks, any insight would be greatly appreciate.

[interactive]

Anyone have any suggestions on this?