> It is my understanding that > setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" > is not sufficient to enable the roaming user functionality in > courier-imap. > > Instead you need to edit the file > authlib/preauthvchkpw.c > and remove the line : > #undef HAVE_OPEN_SMTP_RELAY > and then recompile courier-imap > > This roaming user functionality was hardcoded off on purpose, > because there is a flaw in the current design. If you enable > roaming users in courier, then any user will be able to relay > after performing an auth attempt, regardless of whether the > auth contained a valid username/password.
Thanks Michael, I think you have hit the problem! Then what I've to do? If I remove the line #undef HAVE_OPEN_SMTP_RELAY, I've the auth bug that you say. I've to apply your patch courier-imap-2.1.1-vchkpw-updates.diff.txt? Probably my steps will be: cd into courier-imap-2.1.1/authlib patch -u < courier-imap-2.1.1-vchkpw-updates.diff.txt ./configure --prefix=/usr/local/courier-imap --disable-root-check --without-authpam --without-authldap --without-authpwd --without-authmysql --without-authpgsql --without-authshadow --without-authuserdb --without-authcustom --without-authcram --without-authdaemon --with-authvchkpw --with-ssl --with-piddir=/var/run setenv CFLAGS="-DHAVE_OPEN_SMTP_RELAY" gmake gmake install gmake install-configure With your patch, I've already a security problem? Or removing the open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c, you've fixed that? Thanks for all Regards Andrea