diff -cr /var/tmp/postfix-2.5.12/HISTORY ./HISTORY
*** /var/tmp/postfix-2.5.12/src/smtpd/smtpd_sasl_proto.c	Wed Oct  3 17:37:45 2007
--- ./src/smtpd/smtpd_sasl_proto.c	Tue Apr 19 18:33:55 2011
***************
*** 184,189 ****
--- 184,210 ----
  	return (-1);
      }
  
+     /* Don't reuse the SASL handle after authentication failure. */
+ #ifndef SMTPD_FLAG_AUTH_USED
+ #define SMTPD_FLAG_AUTH_USED	(1<<15)
+ #endif
+ #ifndef XSASL_TYPE_CYRUS
+ #define XSASL_TYPE_CYRUS	"cyrus"
+ #endif
+     if (state->flags & SMTPD_FLAG_AUTH_USED) {
+ 	smtpd_sasl_disconnect(state);
+ #ifdef USE_TLS
+ 	if (state->tls_context != 0)
+ 	    smtpd_sasl_connect(state, VAR_SMTPD_SASL_TLS_OPTS,
+ 			       var_smtpd_sasl_tls_opts);
+ 	else
+ #endif
+ 	    smtpd_sasl_connect(state, VAR_SMTPD_SASL_OPTS,
+ 			       var_smtpd_sasl_opts);
+     } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+ 	state->flags |= SMTPD_FLAG_AUTH_USED;
+     }
+ 
      /*
       * All authentication failures shall be logged. The 5xx reply code from
       * the SASL authentication routine triggers tar-pit delays, which help to