but i will try anyway. hello folks. i've been interested lately to log a little bit more about the entries that concern wrong passwords. both in cyrus and in postfix. so i hacked a bit lib/server.c and plugins/plain.c to log password as well. but it's still an ugly hack. i was wondering if anyone else thought about this. i have millions of queries daily, and some are right on the money. like the right user, the right domain. and after a few weeks of trying this i figured out, sometimes they even have an old password. all sorts of weird IPs. like from china, north korea, ukraine, russia and so on. i know it's a bad idea to log passwords, but in this case, it's a good thing to know which passwords are compromised.
