[Kolab-devel] [issue968] Postfix logs password on failure
Bernhard Reiter
kolab-issues at intevation.de
Wed Nov 2 15:35:02 CET 2005
New submission from Bernhard Reiter <bernhard at intevation.de>:
Server 2.0.1:
If an SMTP authentification fails, postfix will just log
the password in default settings.
<info> postfix/smtpd[16715]: > localhost.localdomain[127.0.0.1]: 250-AUTH=PLAIN
LOGIN
postfix/smtpd[16715]: > localhost.localdomain[127.0.0.1]: 250 8BITMIME
eione <info> postfix/smtpd[16715]: < localhost.localdomain[127.0.0.1]: AUTH
PLAIN dGVzdDE1QGXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX contains the base64ed password.
I have seen this decoded by postfix, too on another installation.
You can easily reproduce just misstyping the password.
First it is quite verbose for a log,
secondly, it makes it a bit too easy just having the passwords
in the logs.
So should be change this?
Can we change it?
----------
assignedto: steffen
messages: 5785
nosy: bernhard, martin, steffen
priority: minor bug
status: unread
title: Postfix logs password on failure
topic: server
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue968>
________________________________________________
More information about the devel
mailing list