[Dovecot] Deliver prints passwort to the syslog

Dominik Schulz lkml at ds.gauner.org
Fri Oct 5 08:38:00 EEST 2007


Am Dienstag, 18. September 2007 15:52:57 schrieb Timo Sirainen:
> On Tue, 2007-09-18 at 12:16 +0200, Dominik Schulz wrote:
> > Hi,
> > I've got the problem that dovecot's deliver prints the authentification
> > information to the syslog.
> >
> > Like this:
> > Sep 18 12:11:22 mail deliver(user at domain.tld): auth input:
> > user=user at domain.tld
> > Sep 18 12:11:22 mail deliver(user at domain.tld): auth input: password=XXXX
> > Sep 18 12:11:22 mail deliver(user at domain.tld): auth input:
> > home=/home/mail/domain.tld/user
> > Sep 18 12:11:22 mail deliver(user at domain.tld): auth input: uid=8
> > Sep 18 12:11:22 mail deliver(user at domain.tld): auth input: gid=8
> >
> > I guess that it's only a configuration option but right now I can't
> > figure out which one I need to change to turn this off.
>
> First of all it shouldn't be sent to deliver in the first place. What
> userdb do you use and with what kind of a configuration? It shouldn't
> return password field.
>
> Once you've got that fixed, you can unset auth_debug=yes.

I'm using passdb sql and userdb prefetch/sql. auth_debug is set to no.

---
passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }

  userdb prefetch {
  }
  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
---

Best Regards,
Dominik


More information about the dovecot mailing list