On 25 Jan 2005, [EMAIL PROTECTED] wrote: > That protection is already there. Well, anyway, it protects against > stealing mail. If you give away access to mailalternateaddress, a > user can still break other mailboxes at will. Of course, nobody > will be able to send to the broken mail address anyway, so a broken > auth_pop response seems appropriate. At least it will make your > phone ring so you can fix it.
Since you show that a duplicate e-mail address will not result in a security issue (that user A's account can be accessed with user B's password) then your patch is fine. That was my only concern - as I said, I think your patch is great otherwise. Ted
