File bnc#689021.diff of Package postfix
diff -urN postfix-2.5.12-ipv6_disabled.patch//src/smtpd/smtpd_sasl_proto.c postfix-2.5.12-bnc#689021.patch/src/smtpd/smtpd_sasl_proto.c
--- postfix-2.5.12-ipv6_disabled.patch//src/smtpd/smtpd_sasl_proto.c 2007-10-03 23:37:45.000000000 +0200
+++ postfix-2.5.12-bnc#689021.patch/src/smtpd/smtpd_sasl_proto.c 2011-04-27 16:08:02.789043002 +0200
@@ -184,6 +184,27 @@
return (-1);
}
+ /* Don't reuse the SASL handle after authentication failure. */
+#ifndef SMTPD_FLAG_AUTH_USED
+#define SMTPD_FLAG_AUTH_USED (1<<15)
+#endif
+#ifndef XSASL_TYPE_CYRUS
+#define XSASL_TYPE_CYRUS "cyrus"
+#endif
+ if (state->flags & SMTPD_FLAG_AUTH_USED) {
+ smtpd_sasl_disconnect(state);
+#ifdef USE_TLS
+ if (state->tls_context != 0)
+ smtpd_sasl_connect(state, VAR_SMTPD_SASL_TLS_OPTS,
+ var_smtpd_sasl_tls_opts);
+ else
+#endif
+ smtpd_sasl_connect(state, VAR_SMTPD_SASL_OPTS,
+ var_smtpd_sasl_opts);
+ } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+ state->flags |= SMTPD_FLAG_AUTH_USED;
+ }
+
/*
* All authentication failures shall be logged. The 5xx reply code from
* the SASL authentication routine triggers tar-pit delays, which help to