diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.31.1/lib/Qpsmtpd/Auth.pm mezzanine_patched_qpsmtpd-0.31.1/lib/Qpsmtpd/Auth.pm
--- qpsmtpd-0.31.1/lib/Qpsmtpd/Auth.pm	2005-11-18 04:45:36.000000000 -0500
+++ mezzanine_patched_qpsmtpd-0.31.1/lib/Qpsmtpd/Auth.pm	2006-03-26 11:58:27.000000000 -0500
@@ -240,12 +240,21 @@
         }
         ( $passHash, $user, $passClear ) = split /\x0/,
           decode_base64($prekey);
-
+        unless ($user && $passClear)
+        {
+          $session->respond(504, "Invalid authentification string");
+          return DECLINED;
+        }
     }
     elsif ($mechanism eq "login") {
 
         if ( $prekey ) {
           ($passHash, $user, $passClear) = split /\x0/, decode_base64($prekey);
+          unless ($user && $passClear)
+          {
+            $session->respond(504, "Invalid authentification string");
+            return DECLINED;
+          }
         }
         else {
     
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.31.1/plugins/auth/auth_cvm_unix_local mezzanine_patched_qpsmtpd-0.31.1/plugins/auth/auth_cvm_unix_local
--- qpsmtpd-0.31.1/plugins/auth/auth_cvm_unix_local	2005-11-18 04:45:34.000000000 -0500
+++ mezzanine_patched_qpsmtpd-0.31.1/plugins/auth/auth_cvm_unix_local	2006-03-26 11:38:48.000000000 -0500
@@ -83,6 +83,9 @@
     my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) =
       @_;
 
+    return (DENY, "authcvm/$method: invalid format")
+	unless ($user && $passClear);
+
     $self->log(LOGINFO, "authcvm/$method authentication attempt for: $user");
 
     socket(SOCK, PF_UNIX, SOCK_STREAM, 0)