This plugin prevents an authenticated user (via SMTP AUTH) from sending their username and password out in a message (e.g. like replying to a phish).
If their username and password are detected inside the message body, then the message is rejected with the message:
Credential leak detected: never give out your username/password to anyone!
Note that if the username is qualified e.g. firstname.lastname@example.org - then the
plugin will search for both
email@example.com for maximum
No configuration is required. Simply add the plugin to your
file. It should be added before any other plugins that run on hook_data_post
for maximum efficiency.