Prereq: "2.7.3"
diff -cr --new-file /var/tmp/postfix-2.7.3/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.7.3/src/global/mail_version.h	Tue Mar  1 14:37:15 2011
--- ./src/global/mail_version.h	Tue Apr 19 20:24:58 2011
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20110303"
! #define MAIL_VERSION_NUMBER	"2.7.3"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20110509"
! #define MAIL_VERSION_NUMBER	"2.7.4"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.7.3/HISTORY ./HISTORY
*** /var/tmp/postfix-2.7.3/HISTORY	Sun Feb 27 16:05:13 2011
--- ./HISTORY	Tue Apr 19 19:09:33 2011
***************
*** 15616,15622 ****
  	for the "virtual:" transport to "/etc/postfix/virtual:".
  	Symptom reported by Christoph Anton Mitterer.
  
! 20200102
  
  	Workaround: don't report bogus Berkeley DB close errors as
  	fatal errors. All operations before close are already error
--- 15616,15622 ----
  	for the "virtual:" transport to "/etc/postfix/virtual:".
  	Symptom reported by Christoph Anton Mitterer.
  
! 20100102
  
  	Workaround: don't report bogus Berkeley DB close errors as
  	fatal errors. All operations before close are already error
***************
*** 15884,15886 ****
--- 15884,15893 ----
  
  	Portability: FreeBSD closefrom() support time window.  Sahil
  	Tandon.  File: util/sys_defs.h.
+ 
+ 20110414
+ 
+ 	Bugfix (introduced with Postfix SASL patch 20000314): don't
+ 	reuse a server SASL handle after authentication failure.
+ 	Problem reported by Thomas Jarosch of Intra2net AG. File:
+ 	smtpd/smtpd_proto.c.
diff -cr --new-file /var/tmp/postfix-2.7.3/src/smtpd/smtpd_sasl_proto.c ./src/smtpd/smtpd_sasl_proto.c
*** /var/tmp/postfix-2.7.3/src/smtpd/smtpd_sasl_proto.c	Sun Jun 29 09:22:32 2008
--- ./src/smtpd/smtpd_sasl_proto.c	Tue Apr 19 19:06:42 2011
***************
*** 184,189 ****
--- 184,210 ----
  	return (-1);
      }
  
+     /* Don't reuse the SASL handle after authentication failure. */
+ #ifndef SMTPD_FLAG_AUTH_USED
+ #define SMTPD_FLAG_AUTH_USED	(1<<15)
+ #endif
+ #ifndef XSASL_TYPE_CYRUS 
+ #define XSASL_TYPE_CYRUS	"cyrus"
+ #endif
+     if (state->flags & SMTPD_FLAG_AUTH_USED) {
+ 	smtpd_sasl_deactivate(state);
+ #ifdef USE_TLS
+ 	if (state->tls_context != 0)
+ 	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
+ 				var_smtpd_sasl_tls_opts);
+ 	else
+ #endif
+ 	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
+ 				var_smtpd_sasl_opts);
+     } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+ 	state->flags |= SMTPD_FLAG_AUTH_USED;
+     }
+ 
      /*
       * All authentication failures shall be logged. The 5xx reply code from
       * the SASL authentication routine triggers tar-pit delays, which help to