I've just recently implemented SMTP_AUTH on a client's mail server (Exim
4.12). Right now we just have Plain and Login set up. I notice that the
password for each auth sending session is written in plain text to the
exim_mainlog in a "A=login:<password in clear text>" entry. Is there
any way to keep it from logging that specific part of the session while
keeping the information level the same for general logging?
If not, is there another auth method you might recommend as an
alternative that doesn't leave the users' passwords lying about?