--- cyrus-sasl2.orig/saslauthd/auth_rimap.c
+++ cyrus-sasl2/saslauthd/auth_rimap.c
@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL;	/* re
 					   service we connect to.	 */
 #define TAG "saslauthd"			/* IMAP command tag */
 #define LOGIN_CMD (TAG " LOGIN ")	/* IMAP login command (with tag) */
+#define LOGOUT_CMD (TAG " LOGOUT ")	/* IMAP logout command (with tag)*/
 #define NETWORK_IO_TIMEOUT 30		/* network I/O timeout (seconds) */
 #define RESP_LEN 1000			/* size of read response buffer  */
 
@@ -307,10 +308,12 @@ auth_rimap (
     int	s=-1;				/* socket to remote auth host   */
     struct addrinfo *r;			/* remote socket address info   */
     struct iovec iov[5];		/* for sending LOGIN command    */
+    struct iovec iov2[2];               /* for sending LOGOUT command   */
     char *qlogin;			/* pointer to "quoted" login    */
     char *qpass;			/* pointer to "quoted" password */
     char *c;				/* scratch pointer              */
     int rc;				/* return code scratch area     */
+    int rcl;				/* return code scratch area     */
     char rbuf[RESP_LEN];		/* response read buffer         */
     char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
     int saved_errno;
@@ -505,6 +508,24 @@ auth_rimap (
            }
         }
     }
+
+    /* close remote imap */
+    iov2[0].iov_base = LOGOUT_CMD;
+    iov2[0].iov_len  = sizeof(LOGOUT_CMD) - 1;
+    iov2[1].iov_base = "\r\n";
+    iov2[1].iov_len  = sizeof("\r\n") - 1;
+
+    if (flags & VERBOSE) {
+        syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
+               LOGOUT_CMD, qlogin, qpass);
+    }
+    alarm(NETWORK_IO_TIMEOUT);
+    rcl = retry_writev(s, iov2, 2);
+    alarm(0);
+    if (rcl == -1) {
+        syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
+    }
+
     (void) close(s);			/* we're done with the remote */
     if (rc == -1) {
 	syslog(LOG_WARNING, "auth_rimap: read (response): %m");