On Thu, 2 Mar 2006, Felix Brack wrote:
> Perhaps the answer to my question is: "There is no option that makes exim
> log usernames or passwords due to security reasons"?
It's the start of the day, and I am now awake. :-) When I wrote
> PH> That debug looks odd. It should show the entire SMTP dialogue,
I wasn't really thinking it through. What I should have said was that
the debug should show the entire SMTP dialogue *at the top level*. It
doesn't show exchanges that happen inside the authenticator code. I
think that is probably a mistake, the result of an oversight when the
authenticators were first implemented. That's quite a long time ago now,
and I'm surprised nobody noticed it before. I will treat it as a bug,
and fix it.
I don't think there is a security issue, because only an Exim admin user
can start an Exim daemon, and in any case, only an Exim admin user can
set a sufficiently high debug level.
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book
