Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
So this appears to be a problem with LOGIN, either in the patch or with vPopmail.
When vpopmail stores passwords (at least in cdb), it either uses crypt() with a two-character salt and DES encoding (where only the first 8 characters of the password matter), or it uses an 8-character salt and MD5 encoding.
It would be interesting to see whether the problem exists when using CRAM-MD5 as well. It could also be isolated by trying to authenticate with qmailadmin or courier-imap and using just the first 8 characters of the password.
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/