Are you using MD5 passwords (go to your vpopmail source directory and `grep MD5 config.h`)? If not, I think crypt() only uses the first 8 characters of the password. I'm not sure what the limit is if you're using MD5.
Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
So this appears to be a problem with LOGIN, either in the patch or with vPopmail.
Do I have my logic wrong??
--- Anthony Baratta President Keyboard Jockeys
"Conformity is the refuge of the unimaginative."