			fwmail v1.1
		   (c) Oct 99 by Mixter


fwmail is a secure smtp forwarding agent, that must be started via
inetd(8). It will accept and handle incoming connections like a
sendmail server, and forward them to a different host running smtp,
optionally hiding the senders origin.

fwmail can be used as a secure alternative to sendmail and other MTA,
because it does not require root privileges to run. It is coded with
security in mind; as it does not need access to any files, is controlled
via inetd and tcpd, and only forwards traffic, it cannot be used for
denial of service against system resources.

Another possibility is the use of fwmail as application level gateway
to bypass firewalls or proxy servers to forward mail coming from the
internet to a protected LAN sendmail server. In this case, it is suggested
running fwmail on a DMZ server or the gateway itself, and forwarding to
the internal sendmail server.

Caveats: fwmail does only recognize a small scope of the SMTP commands,
namely only the necessary ones. It does not support multiple recipients,
carbon copy, etc. for security purposes and to keep it small.
The host that fwmail is running on will not be able to receive any remote
mail, which is actually the desired behavior. You should run fwmail on a
dedicated server that does not need to receive anything but local mail.

INSTALLATION:

Compile fwmail and move it to a suitable directory, for example,
/usr/local/bin. Add this line to /etc/inetd.conf:

smtp stream tcp nowait nobody /usr/sbin/tcpd /usr/local/bin/fwmail smtp.host.net
^^^^                   ^^^^^^ ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^
port                   user   optionally,    full path to fwmail   host with
                              to enable                            a traffic
                              access lists                         accepting
                                                                   smtp server

A SMTP server, ideally on your own network, that supports relaying and
accepts traffic from the fwmail host, is mandatory.

Finally, make sure that no other sendmail server is running on port
25 of your machine, and then enable the service with 'killall -HUP inetd'.
If compiled with logging enabled, logs about succeeded sessions and
errors can be found in the general messages logfile.


Mixter
mixter@newyorkoffice.com
http://darknetworks.net/~mixter

MD5SUMS
b5ae83c3590150a62cb77f10b8e1e605  Makefile
0084e18edbc9bf2f06802279e4eea748  fwmail.c
