postfix did not clear the receive buffer after the STARTTLS
command. A man-in-the middle could therefore inject
commands in the unencrypted stream that get interpreted in
the encrypted phase after STARTTLS (CVE-2011-0411).