From 260bd6cdd6820955d318e1afb8e17648974981da Mon Sep 17 00:00:00 2001
From: Daniel B <daniel@firewall-services.com>
Date: Wed, 20 Apr 2016 06:10:28 +0200
Subject: [PATCH] Prevent credentials being logged in plain text (#249)

* Prevent credentials being logged in plain text
except in the highest debug level

* Fix missing semicolon
---
 lib/Qpsmtpd/TcpServer.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/Qpsmtpd/TcpServer.pm b/lib/Qpsmtpd/TcpServer.pm
index 95b8a57..81b7b7a 100644
--- a/lib/Qpsmtpd/TcpServer.pm
+++ b/lib/Qpsmtpd/TcpServer.pm
@@ -120,7 +120,10 @@ sub read_input {
     while (<STDIN>) {
         alarm 0;
         $_ =~ s/\r?\n$//s;                         # advanced chomp
-        $self->log(LOGINFO, "dispatching $_");
+        my $log = $_;
+        $log =~ s/AUTH PLAIN (.*)/AUTH PLAIN <hidden credentials>/
+          unless ($self->config('loglevel') || '6') >= 7;
+        $self->log(LOGINFO, "dispatching $log");
         $self->connection->notes('original_string', $_);
         defined $self->dispatch(split / +/, $_, 2)
           or $self->respond(502, "command unrecognized: '$_'");