Everyone, thanks a lot! Ok, u were right! I set trace_level = 1 instead of 2 for imap and pop (in dbmail.conf) and now no more passwords on the logs.
Lorna. On Apr 6, 2005 3:49 PM, Paul J Stevens <[EMAIL PROTECTED]> wrote: > > Fixed in svn. imap commands should not be logged at TRACE_ERROR. I've set it > to > TRACE_INFO (4). > > > Lorna Sanchez M. wrote: > > Hello! > > > > My tracelevel = 2 in the dbmail.conf file for all the options (imap, > > pop, smtp, etc). > > Is there another file that needs to be changed? I already checked the > > start scritps and they do not run with any kind of verbose option... > > > > Cheers! > > > > Lorna. > > > > On Apr 6, 2005 12:50 PM, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > >>Hello, > >> > >> Using stunnel will encrypt your traffic over the net, which is probably > >> where > >>you should be most concerned about. Dbmail itsself gets the plaintext > >>password > >>so it can hash it and compare that to what's in the database; with a high > >>logging > >>level it logs all commands, including LOGIN. You just need to turn down the > >>logging a little. Additionally, it could be a nice feature to block those > >>out > >>of log messages, and you could use the bug tracker to request that, but I > >>don't > >>know offhand if anyone would take the time to impliment it or not (ie. it'd > >>be > >>pretty low priority). > >> > >> > >>---- Original Message ---- > >>From: Lorna Sanchez M. <[email protected]> > >>To: [email protected] > >>Subject: [Dbmail] plain text passwords in the mail log > >>Sent: Wed, 6 Apr 2005 12:35:14 -0500 > >> > >> > >>>Hello! > >>> > >>>First of all, THANKS to everybody that have answered my previous posts!!!! > >>>;) > >>> > >>>Ok, the question: I noticed that dbmail logs to the maillog. When a > >>>user logs in, this is what I get: > >>>Apr 6 12:10:33 localhost dbmail/imap4d[3075]: COMMAND: [A001 LOGIN > >>>"user" "pass"] > >>> > >>>where "pass" is the plain text password of the user! So I tought, "if > >>>I use SSL (specifically stunnel 4) for imap, the password is not going > >>>to show in the logs". But stunnel for imap is working and the password > >>>still shows! > >>> > >>>Maybe I've been barking at the wrong tree, meaning that I tought > >>>stunnel will fix this and it doesn't. Does anybody knows the solution > >>>for this? > >>> > >>>Thanks a LOT! > >>> > >>>Cheers! > >>> > >>>Lorna. > >>>_______________________________________________ > >>>Dbmail mailing list > >>>[email protected] > >>>https://mailman.fastxs.nl/mailman/listinfo/dbmail > >>> > >> > >>-- End Original Message -- > >> > >>-- > >>Jesse Norell > >>jesse @ kci.net > >> > >>_______________________________________________ > >>Dbmail mailing list > >>[email protected] > >>https://mailman.fastxs.nl/mailman/listinfo/dbmail > >> > > > > _______________________________________________ > > Dbmail mailing list > > [email protected] > > https://mailman.fastxs.nl/mailman/listinfo/dbmail > > > > -- > ________________________________________________________________ > Paul Stevens mailto:[EMAIL PROTECTED] > NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] > The Netherlands________________________________http://www.nfg.nl >
