diff --git a/protocol.go b/protocol.go
index a047f02..ff3abb7 100644
--- a/protocol.go
+++ b/protocol.go
@@ -61,7 +61,8 @@ func parseLine(line string) (cmd command) {
 }
 
 func (session *session) handle(line string) {
-
+	session.mutex.Lock()
+	defer session.mutex.Unlock()
 	cmd := parseLine(line)
 
 	// Commands are dispatched to the appropriate handler functions.
@@ -470,7 +471,7 @@ func (session *session) handleAUTH(cmd command) {
 		encodedUsername := ""
 
 		if len(cmd.fields) < 3 {
-			session.reply(334, "VXNlcm5hbWU6")
+			session.reply(334, "VXNlcm5hbWU6") // `Username:`
 			if !session.scanner.Scan() {
 				return
 			}
@@ -486,7 +487,7 @@ func (session *session) handleAUTH(cmd command) {
 			return
 		}
 
-		session.reply(334, "UGFzc3dvcmQ6")
+		session.reply(334, "UGFzc3dvcmQ6") // `Password:`
 
 		if !session.scanner.Scan() {
 			return
diff --git a/smtpd.go b/smtpd.go
index 51fd057..a232a25 100644
--- a/smtpd.go
+++ b/smtpd.go
@@ -158,6 +158,8 @@ type session struct {
 	scanner *bufio.Scanner
 
 	tls bool
+	// mutex is used to guard editing peer's Metadata
+	mutex sync.Mutex
 }
 
 func (srv *Server) newSession(c net.Conn) (s *session) {
@@ -170,11 +172,12 @@ func (srv *Server) newSession(c net.Conn) (s *session) {
 		peer: &Peer{
 			Addr:       c.RemoteAddr(),
 			ServerName: srv.Hostname,
+			Meta:       make(map[string]interface{}, 0),
 		},
 	}
 
 	// Check if the underlying connection is already TLS.
-	// This will happen if the Listerner provided Serve()
+	// This will happen if the Listener provided Serve()
 	// is from tls.Listen()
 
 	var tlsConn *tls.Conn