diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 00aca6096f5e3e29a37df13b0faecf13ec184913..8818bde311963101cb9bcc808e570743038c7efd 100755
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -5540,7 +5540,7 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd
 		return 0;
 	user = find_user(of);
 	/* Find user based on user name in the from header */
-	if (user && ast_apply_ha(user->ha, sin)) {
+	if (!mailbox && user && ast_apply_ha(user->ha, sin)) {
 		/* copy vars */
 		for (v = user->vars ; v ; v = v->next) {
 			if((tmpvar = ast_new_variable(v->name, v->value))) {
@@ -5609,7 +5609,7 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd
 			ast_verbose("Found user '%s'\n", user->name);
 	} else {
 		if (user) {
-			if (debug)
+			if (!mailbox && debug)
 				ast_verbose("Found user '%s', but fails host access\n", user->name);
 			ASTOBJ_UNREF(user,sip_destroy_user);
 		}
@@ -7768,8 +7768,8 @@ static int handle_request(struct sip_pvt *p, struct sip_request *req, struct soc
 
 		if (!p->lastinvite) {
 			char mailbox[256]="";
-			char rbox[256];
 			int found = 0;
+
 			/* Handle authentication if this is our first subscribe */
 			res = check_user_full(p, req, cmd, e, 0, sin, ignore, mailbox, sizeof(mailbox));
 			if (res) {
@@ -7798,14 +7798,23 @@ static int handle_request(struct sip_pvt *p, struct sip_request *req, struct soc
 				    p->subscribed = 2;
 				else if (!strcmp(get_header(req, "Accept"), "application/simple-message-summary")) {
 					/* Looks like they actually want a mailbox */
-					snprintf(rbox, sizeof(rbox), ",%s@%s,", p->exten, p->context);
-					if (strstr(mailbox, rbox))
+
+					/* At this point, we should check if they subscribe to a mailbox that
+					  has the same extension as the peer or the mailbox id. If we configure
+					  the context to be the same as a SIP domain, we could check mailbox
+					  context as well. To be able to securely accept subscribes on mailbox
+					  IDs, not extensions, we need to check the digest auth user to make
+					  sure that the user has access to the mailbox.
+					 
+					  Since we do not act on this subscribe anyway, we might as well 
+					  accept any authenticated peer with a mailbox definition in their 
+					  config section.
+					
+					*/
+					if (!ast_strlen_zero(mailbox)) {
 						found++;
-					if (!found) {
-						snprintf(rbox, sizeof(rbox), ",%s,", p->exten);
-						if (strstr(mailbox, rbox))
-							found++;
 					}
+
 					if (found)
 						transmit_response(p, "200 OK", req);
 					else {