Back in August of last year, Devin Carraway posted this:
http://www.nntp.perl.org/group/perl.qpsmtpd/2012/08/msg9954.html
And a very short discussion ensued.
I have applied a modified portion of that patch to qpsmtpd-dev. After the patch, the # enclosed area in the following header is removed:
Received: from c-76-121-98-64.hsd1.wa.comcast.net (HELO [10.0.1.125])
(76.121.98.64)
### (smtp-auth username matt@redacted.com, mechanism plain) ###
by mail.theartfarm.com (qpsmtpd/0.92) with (AES128-SHA encrypted)
ESMTPSA; Fri, 26 Apr 2013 02:51:22 -0400
While many mailing list to www gateways redacting email addresses in headers, many do not. It just seems imprudent to be publishing that data into the headers, as well as having logged it.
Matt
--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@@ -824,7 +824,7 @@ sub received_line {
. " (HELO "
. $self->connection->hello_host . ") ("
. $self->connection->remote_ip
- . ")\n $authheader by "
+ . ")\n by "
. $self->config('me')
. " (qpsmtpd/"
. $self->version