diff -Nur qpsmtpd-0.84_bz9167/plugins/auth/auth_cvm_unix_local qpsmtpd-0.84/plugins/auth/auth_cvm_unix_local
--- qpsmtpd-0.84_bz9167/plugins/auth/auth_cvm_unix_local	2009-04-03 07:48:33.000000000 +0200
+++ qpsmtpd-0.84/plugins/auth/auth_cvm_unix_local	2016-01-06 17:06:18.782453739 +0100
@@ -85,6 +85,11 @@
 
     $self->log(LOGINFO, "authcvm/$method authentication attempt for: $user");
 
+    if ($user =~ /\x00/) {
+        $self->log(LOGERROR, "deny: invalid username");
+        return (DENY, "authcvm, invalid username");
+    };
+
     socket(SOCK, PF_UNIX, SOCK_STREAM, 0) 
         or return (DENY, "authcvm/$method");