diff -Naur popa3d-1.0.2-pa/pop_auth.c popa3d-1.0.2/pop_auth.c
--- popa3d-1.0.2-pa/pop_auth.c	2002-09-09 13:07:48.000000000 +0200
+++ popa3d-1.0.2/pop_auth.c	2008-04-29 08:53:31.000000000 +0200
@@ -27,7 +27,7 @@
 {
 	char *user;
 
-	user = pop_get_param(&params);
+	user = pop_get_userparam(&params);
 	if (!user || pop_user || params) return POP_ERROR;
 	if (!(pop_user = strdup(user))) return POP_CRASH_SERVER;
 	return POP_OK;
diff -Naur popa3d-1.0.2-pa/protocol.c popa3d-1.0.2/protocol.c
--- popa3d-1.0.2-pa/protocol.c	2003-02-20 04:17:31.000000000 +0100
+++ popa3d-1.0.2/protocol.c	2008-04-29 08:52:35.000000000 +0200
@@ -160,6 +160,23 @@
 	return current;
 }
 
+char *pop_get_userparam(char **params)
+{
+	char *current, *next;
+
+	if ((current = *params)) {
+		if ((next = strchr(current, ' '))) {
+			*next++ = 0;
+			*params = *next ? next : NULL;
+		} else
+			*params = NULL;
+
+		if (strlen(current) > 120) current = NULL;
+	}
+
+	return current;
+}
+
 int pop_get_int(char **params)
 {
 	char *param, *error;
diff -Naur popa3d-1.0.2-pa/protocol.h popa3d-1.0.2/protocol.h
--- popa3d-1.0.2-pa/protocol.h	2006-03-05 13:46:18.000000000 +0100
+++ popa3d-1.0.2/protocol.h	2008-04-29 08:50:49.000000000 +0200
@@ -62,6 +62,7 @@
  * to be valid (as defined in the RFC).
  */
 extern char *pop_get_param(char **params);
+extern char *pop_get_userparam(char **params);
 
 /*
  * Returns the next parameter as a non-negative number, or -1 if there's