This is a `shim' mailer. It's designed to be put in front of your world-facing MX host(s) when you're getting hammered by user-unknown connections, typically backscatter from spam runs. It is designed to be very lightweight; it deals with all the hard parts of SMTP by handing them off to some other ("backend") machine. It speaks SMTP to the client until a valid username is received, at which point it establishes a connection to the backend machine's SMTP server and simply passes protocol between the two. Of course, it has to be able to tell what addresses are valid. This test is isolated in a separate file (validaddr.c). The code as distributed expects to find a list of local-parts in /etc/mailshim-userlist, and requires that the addresses be @example.net; you presumably will want to change at least the latter. If your backend machine is prepared to handle mail for multiple domains, you can insert a single mailshim in front of them all by making this code more elaborate. It is not critical that mailshim be able to tell _exactly_ what addresses are valid. If mailshim thinks a valid address is invalid, it will reject mail to that address, so don't do this; but if mailshim thinks an invalid address is valid, all that will happen is that the backend mailserver will have to reject it. As long as mailshim cuts the huge numbers of unknown-user connections to your backend mailserver down to something manageable, it will be doing its job. This does have the potential disadvantage that certain anti-spam measures taken at SMTP time, such as ident checks, and some other measures like SMTP AUTH that are not normally thought of as anti-spam, cannot be done with mailshim as distributed. If you're a decent C coder, you may be able to hack such things in, but otherwise, you'll have to choose between them and mailshim. One thing that mailshim _does_ do is DNSBL checks. This too is pulled out into a separate module; see checkip.c. Another thing is banner delays; see the DEF_SLEEP define and the "xctl sbb" local command. Building: Compile the C files and link the results together. Which C files you want depends on which program you're trying to build. While the Makefile probably won't work for you (it refers to an include file that isn't in the package), it will tell you which source files go to make up which program (strictly, which object files, but they are 1-to-1 with source files). This program's home machine is a NetBSD system; I think I've mostly managed to avoid nonportabilities, except for a few gccisms (I see a nested function, for example). If you have trouble, let me know and I'll see what I can do to help. README.linux is a document collecting some findings from someone who worked on getting it to behave on Linux. Copyright licensing: this program is in the public domain. Anyone may use it in any way for any purpose (though I would appreciate credit where it is due). If it breaks you get to keep both pieces. If you find bugs, I'd like to hear about them, especially if you also fix them. If you make improvements you think are worth rolling back into the main distribution (and don't mind releasing into the public domain), I'm also interested in those. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B