----- Original Message ----- From: "Andrea Riela" <[EMAIL PROTECTED]>
> With your patch, I've already a security problem? Or removing the > open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c, > you've fixed that? Yes, with the patch, the security problem is resolved, because the relay isnt opened unless the user has successfully authenticated. As you say, the open_smtp_relay() calls are moved from the pre-auth stage, to post-auth Michael.