----- Original Message ----- 
From: "Andrea Riela" <[EMAIL PROTECTED]>

> With your patch, I've already a security problem? Or removing the
> open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c,
> you've fixed that?

Yes, with the patch, the security problem is resolved, because the
relay isnt opened unless the user has successfully authenticated.

As you say, the open_smtp_relay() calls are moved from the
pre-auth stage, to post-auth 

Michael.

Reply via email to