--- a/src/deliver/auth-client.c	Thu Nov 20 19:32:58 2008 +0200
+++ b/src/deliver/auth-client.c	Fri Nov 21 14:35:46 2008 +0200
@@ -125,7 +125,7 @@
 }
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-				    const char *user, uid_t euid, pool_t pool,
+				    const char **user, uid_t euid, pool_t pool,
 				    ARRAY_TYPE(const_string) *extra_fields_r)
 {
         struct auth_master_connection *conn;
@@ -134,12 +134,13 @@
 	int ret = EX_TEMPFAIL;
 
 	conn = auth_master_init(auth_socket, debug);
-	switch (auth_master_user_lookup(conn, user, "deliver", pool, &reply)) {
+	switch (auth_master_user_lookup(conn, *user, "deliver", pool, &reply)) {
 	case 0:
 		ret = EX_NOUSER;
 		break;
 	case 1:
-		if (set_env(&reply, user, euid) == 0) {
+		if (set_env(&reply, *user, euid) == 0) {
+			*user = p_strdup(pool, reply.user);
 			restrict_access_by_env(TRUE);
 			ret = EX_OK;
 		}

--- a/src/deliver/auth-client.h	Thu Nov 20 19:32:58 2008 +0200
+++ b/src/deliver/auth-client.h	Fri Nov 21 14:35:46 2008 +0200
@@ -2,7 +2,7 @@
 #define AUTH_CLIENT_H
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-				    const char *user, uid_t euid, pool_t pool,
+				    const char **user, uid_t euid, pool_t pool,
 				    ARRAY_TYPE(const_string) *extra_fields_r);
 
 #endif

--- a/src/deliver/deliver.c	Thu Nov 20 19:32:58 2008 +0200
+++ b/src/deliver/deliver.c	Fri Nov 21 14:35:46 2008 +0200
@@ -814,7 +814,7 @@
 	const char *config_path = DEFAULT_CONFIG_FILE;
 	const char *mailbox = "INBOX";
 	const char *auth_socket;
-	const char *home, *destaddr, *user, *value, *errstr, *path;
+	const char *home, *destaddr, *user, *value, *errstr, *path, *orig_user;
 	ARRAY_TYPE(const_string) extra_fields = ARRAY_INIT;
 	struct mail_user *mail_user, *raw_mail_user;
 	struct mail_namespace *raw_ns;
@@ -980,21 +980,30 @@
 		}
 
 		userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
+		orig_user = user;
 		ret = auth_client_lookup_and_restrict(auth_socket,
-						      user, process_euid,
+						      &user, process_euid,
 						      userdb_pool,
 						      &extra_fields);
 		if (ret != 0)
 			return ret;
+
+		if (strcmp(user, orig_user) != 0) {
+			/* auth lookup changed the user. */
+			if (getenv("DEBUG") != NULL)
+				i_info("userdb changed username to %s", user);
+			i_set_failure_prefix(t_strdup_printf("deliver(%s): ",
+							     user));
+		}
 	}
-	if (destaddr == NULL)
-		destaddr = user;
 
 	expand_envs(user);
 	if (userdb_pool != NULL) {
 		putenv_extra_fields(&extra_fields);
 		pool_unref(&userdb_pool);
 	}
+	if (destaddr == NULL)
+		destaddr = user;
 
 	/* Fix namespaces with empty locations */
 	for (i = 1;; i++) {

--- a/src/lib-auth/auth-master.c	Thu Nov 20 19:32:58 2008 +0200
+++ b/src/lib-auth/auth-master.c	Fri Nov 21 14:35:46 2008 +0200
@@ -97,7 +97,8 @@
 	reply->gid = (gid_t)-1;
 	p_array_init(&reply->extra_fields, conn->pool, 64);
 
-	for (; *args != NULL; args++) {
+	reply->user = p_strdup(conn->pool, *args);
+	for (args++; *args != NULL; args++) {
 		if (conn->debug)
 			i_info("auth input: %s", *args);
 

--- a/src/lib-auth/auth-master.h	Thu Nov 20 19:32:58 2008 +0200
+++ b/src/lib-auth/auth-master.h	Fri Nov 21 14:35:46 2008 +0200
@@ -6,7 +6,7 @@
 struct auth_user_reply {
 	uid_t uid;
 	gid_t gid;
-	const char *home, *chroot;
+	const char *user, *home, *chroot;
 	ARRAY_TYPE(const_string) extra_fields;
 };