Prevent credentials being logged in plain text (#249)

* Prevent credentials being logged in plain text except in the highest debug level * Fix missing semicolon
smtpd · Apr 20, 2016 · 260bd6c · 260bd6c
1 parent 044fff9
commit 260bd6c
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/Qpsmtpd/TcpServer.pm b/lib/Qpsmtpd/TcpServer.pm
@@ -120,7 +120,10 @@ sub read_input {
     while (<STDIN>) {
         alarm 0;
         $_ =~ s/\r?\n$//s;                         # advanced chomp
-        $self->log(LOGINFO, "dispatching $_");
+        my $log = $_;
+        $log =~ s/AUTH PLAIN (.*)/AUTH PLAIN <hidden credentials>/
+          unless ($self->config('loglevel') || '6') >= 7;
+        $self->log(LOGINFO, "dispatching $log");
         $self->connection->notes('original_string', $_);
         defined $self->dispatch(split / +/, $_, 2)
           or $self->respond(502, "command unrecognized: '$_'");