I still don't see any SMTP authentication problem. What am I missing. If I clear the tcp.smtp.cdb file the open relay locks down tight.
I send via Courier-IMAP and it works fine. Try to send from a POP client. Still locked down tight but since it authenticated with POP adds the entry to tcp.smtp.cdb and opens it up for me for the next round thus POP before SMTP is functional. Courier-IMAP is using the local machine so should always be able to send given the user logged in effectively. Isn't this how it is supposed to work? So what is this about a security problem with Vchkpw and Courier? We are about to implement this on our production machines so if there is a hole I sure would like to know about it now. Thanks, Wil Hatfield