The remote host is missing an update to courier announced via advisory DSA 917-1. Patrick Cheong Shu Yang discovered that courier-authdaemon, the authentication daemon of the Courier Mail Server, grants access to accounts that are already deactivated. For the old stable distribution (woody) this problem has been fixed in version 0.37.3-2.8.

For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge4. For the unstable distribution (sid) this problem has been fixed in version 0.47-12. We recommend that you upgrade your courier packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20917-1