The problem can be corrected by upgrading the affected package to
version 0.45.6-1ubuntu0.2 (for Ubuntu 4.10), 0.47-3ubuntu1.4 (for
Ubuntu 5.04), or 0.47-3ubuntu7.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Patrick Cheong Shu Yang discovered a flaw in the user account handling
of courier-authdaemon. After successful authorization, the Courier
mail server granted access to deactivated accounts.