I still don't see any SMTP authentication problem. What am I missing. If I
clear the tcp.smtp.cdb file the open relay locks down tight.
I send via Courier-IMAP and it works fine. Try to send from a POP client.
Still locked down tight but since it authenticated with POP adds the entry
to tcp.smtp.cdb and opens it up for me for the next round thus POP before
SMTP is functional. Courier-IMAP is using the local machine so should always
be able to send given the user logged in effectively.
Isn't this how it is supposed to work? So what is this about a security
problem with Vchkpw and Courier? We are about to implement this on our
production machines so if there is a hole I sure would like to know about it