--- a/src/imap-login/client.h	Mon Sep 21 18:36:25 2009 +0300
+++ b/src/imap-login/client.h	Wed Sep 23 22:54:05 2009 +0300
@@ -33,6 +33,7 @@
 	unsigned int cmd_finished:1;
 	unsigned int proxy_sasl_ir:1;
 	unsigned int proxy_seen_banner:1;
+	unsigned int proxy_wait_auth_continue:1;
 	unsigned int skip_line:1;
 	unsigned int input_blocked:1;
 	unsigned int destroyed:1;

--- a/src/imap-login/imap-proxy.c	Mon Sep 21 18:36:25 2009 +0300
+++ b/src/imap-login/imap-proxy.c	Wed Sep 23 22:54:05 2009 +0300
@@ -158,6 +158,7 @@
 	} else {
 		/* master user login without SASL initial response */
 		str_append(str, "L AUTHENTICATE PLAIN");
+		client->proxy_wait_auth_continue = TRUE;
 	}
 	str_append(str, "\r\n");
 }
@@ -221,6 +222,13 @@
 		return 0;
 	} else if (*line == '+') {
 		/* AUTHENTICATE started. finish it. */
+		if (!client->proxy_wait_auth_continue) {
+			client_syslog_err(&client->common, t_strdup_printf(
+				"proxy: Unexpected input: %s",
+				str_sanitize(line, 160)));
+			proxy_failed(client, TRUE);
+			return -1;
+		}
 		str = t_str_new(128);
 		get_plain_auth(client, str);
 		str_append(str, "\r\n");
@@ -352,6 +360,9 @@
 		return 0;
 	} else {
 		/* tagged reply, shouldn't happen. */
+		client_syslog_err(&client->common, t_strdup_printf(
+			"proxy: Unexpected input, ignoring: %s",
+			str_sanitize(line, 160)));
 		return 0;
 	}
 }
@@ -437,6 +448,7 @@
 
 	client->proxy_sasl_ir = FALSE;
 	client->proxy_seen_banner = FALSE;
+	client->proxy_wait_auth_continue = FALSE;
 	client->proxy_user = i_strdup(user);
 	client->proxy_master_user = i_strdup(master_user);
 	client->proxy_password = i_strdup(password);