Re: [Exim] SMTP_AUTH passwords in mainlog

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: John Jetmore
Fecha:  
A: Todd Jagger
Cc: exim-users
Asunto: Re: [Exim] SMTP_AUTH passwords in mainlog
in the string A=login:password, is login the name of your authenticator?
I believe that the format for this is A=<authenticator>:<id>, where <id>
is value specified for server_set_id in the authenticator. Change that
field to something else and the passwords shouldn't show up in the log

--John

On Fri, 7 Mar 2003, Todd Jagger wrote:

> Hello,
>
> I've just recently implemented SMTP_AUTH on a client's mail server (Exim
> 4.12). Right now we just have Plain and Login set up. I notice that the
> password for each auth sending session is written in plain text to the
> exim_mainlog in a "A=login:<password in clear text>" entry. Is there
> any way to keep it from logging that specific part of the session while
> keeping the information level the same for general logging?
>
> If not, is there another auth method you might recommend as an
> alternative that doesn't leave the users' passwords lying about?
>
> Thanks!
> Todd
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>