Exim panic log & filtering it
Andreas Metzler
ametzler at bebt.de
Thu Nov 30 12:02:44 GMT 2023
On 2023-11-21 Sander Smeenk via Pkg-exim4-users <pkg-exim4-users at alioth-lists.debian.net> wrote:
> My LDAP lookups sometimes fail and this causes a line to be written to
> the panic log which i've abbreviated for obvious reasons:
> | 2023-11-20 09:55:55 1r504M-00BW1W-QL failed to expand "${sg{${lookup
> | ldapm{binddn pass=MyActualLDAPBindPassword ldaps:///..." while checking a
> | list: lookup of ... pass=MyActualLDAPBindPassword ... gave DEFER: ...
> As i'd rather not mail plain text passwords i thought i'd try to filter
> those out and found a reference to "/usr/local/lib/exim4/nonzero_paniclog_hook"
> being called from /etc/cron.daily/exim4-base if it exists.
> Google has about 5 results for "nonzero_paniclog_hook".
> This looks a bit like a "forgotten feature", so i wonder what the idea
> for this hook was and wether my way of using it to sed -E certain things
> before the log gets e-mailed is the correct way to do this. ;)
Hello Sander,
According to GIT it was added in 2006 by Marc. "forgotten feature" seems
to be the correct characterization. ;-)
Perhaps using "hide" for the respective seeting in the config might
prevent logging the password at all.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-users
mailing list