torsdagen den 8 januari 2004 21.05 skrev Michael Bowe: > ----- Original Message ----- > From: "Andrea Riela" <[EMAIL PROTECTED]> > > > With your patch, I've already a security problem? Or removing the > > open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c, > > you've fixed that? > > Yes, with the patch, the security problem is resolved, because the > relay isnt opened unless the user has successfully authenticated. > > As you say, the open_smtp_relay() calls are moved from the > pre-auth stage, to post-auth
I tried this patch but could not login. I'm running courier-imap as per "http://jonaspasche.de/courier-imap-daemontools.txt". I will investigate some more this weekend, if I find the time.