how exim show password on log files

Question

I want to debug all auth session.

For example on /var/log/exim/mainlog display auth error like this;

login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx)

login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx)

login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx)

but i want to display password too like this;

login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx,set_pwd=yyy) login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx,set_pwd=yyy) login authenticator failed for (xx) [x.x.x.x]: 535 Incorrect authentication data (set_id=xxx,set_pwd=yyy)

I changed dovecot conf and added;

auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes

but /var/log/exim/mainlog still doesn't display password and /var/log/maillog doesn't give any information about smtp.

So, how can i catch auth error with cleared text password.

Answer 1

Configuration options for Exim should be edited in exim.conf, as the dovecot.conf only affects how dovecot works. They are two separate programs.

As far as I know, there is no way to directly configure Exim to log the password in cleartext in the logfile. What you can do is add lines like the following

server_debug_print = "running smtp auth $1 $2"

under the correct authenticator in your exim.conf (or all of them) and then run exim -d which enables the debugging mode (but also makes exim run in the foreground with all debug output going to stdout).

Answer 2

I just found a solution.

I changed dovecot.conf passdb options like;

passdb {
  driver = checkpassword
  args = /etc/dovecot/chk.sh
}

and write a bash script for write args on bash.log file.

like

#!/bin/bash
echo "$1 username and $2 password" > /etc/dovecot/log.txt