torsdagen den 8 januari 2004 21.05 skrev Michael Bowe:
> ----- Original Message -----
> From: "Andrea Riela" <[EMAIL PROTECTED]>
>
> > With your patch, I've already a security problem? Or removing the
> > open_smtp_relay() calls from the preauthvchmpw.c file to authvchkpw.c,
> > you've fixed that?
>
> Yes, with the patch, the security problem is resolved, because the
> relay isnt opened unless the user has successfully authenticated.
>
> As you say, the open_smtp_relay() calls are moved from the
> pre-auth stage, to post-auth

I tried this patch but could not login. I'm running courier-imap as per 
"http://jonaspasche.de/courier-imap-daemontools.txt";. I will investigate some 
more this weekend, if I find the time.


Reply via email to