
Version 1.3.3
- -----------

  * Released version.


Version 1.3.2
- -----------

  * Removed `%' from the list of forbidden chars in envelope addresses.


Version 1.3.1
- -----------

  * Modified syslog messages.  Error messages start now always with a
    minus sign followed by a word (or token) in uppercase followed by
    a colon, e.g. `-RCPT:'.  The token can be used as initial hint what
    went wrong.  Positive log entries are `+MAIL:' (mail delivered) and
    `+OK:' if the proxy terminates.


Version 1.2.2
- -----------

  * Fixed major bug spooldata() which broke the mail content.


Version 1.2.1
- -----------

  * New option `-m <domain>': If this option is set the sender's
    SMTP envelope domainname will be replaced with <domain> just
    before the address is sent to the SMTP server (especially after
    have verified the address against the senderlist).

    
Version 1.2.0
- -----------

  * Start supporting access and command control programs.


Version 1.1.3
- -----------

  * Increased logging, the sender and each recipient is written to
    syslog.


Version 1.1.1
- -----------

  * Added support for multiline server greetings.


Version 1.1.0
- -----------

  * What is smtp.proxy?

    smtp.proxy is an application level gateway for the SMTP protocol
    based on the specification in RFC 821.  It also supports some
    commands that came with later RFCs.  Unlike generic TCP proxys
    smtp.proxy looks into the data streams it forward and watches
    over the protocol.


  * Installation and usage

    smtp.proxy must be started from a superserver like inetd or
    tcpproxy, it can't bind to a port on it's own.  You must at least
    specify the address of the server that will handle the request.
    
    A inetd configuration could be

      smtp  stream  tcp  nowait  nobody  /usr/sbin/tcpd  \
        /usr/local/sbin/smtp.proxy mail.domain.com

    The tcpproxy documentation (tcpproxy is a different package) comes
    with configuration samples, but see below.

    smtp.proxy is typically used on an Internet (or intranet) access
    system when SMTP traffic has to be forwarded across that access
    server and IP packet forwarding is not possible.


  * Bi-directional setup

    Consider the case that you have an internal mail server and that
    you use your provider's SMTP server as mail relay.  In between
    sits the access server that has now (a) to forward connections
    from the outside to your local mail server for receiving mails
    and (b) to forward connections from inside to the provider's mail
    relay (sending mail).

    To solve this you have to implement some kind of service selection.
    The simplest solution is to look at the interface on which the
    client connected and to decide in which direction the request
    should be forwarded.  Assuming that 192.168.1.1 is your internal
    IP number and 192.7.100.47 is the external you could use tcpproxy
    with the following configuration:

      port 25

        # connections on the inner side are forwarded to our
	# provider
	#
        interface 192.168.1.1
	  exec /usr/local/sbin/smtp.proxy -s @domain.com smtp.provider.com
	
	# connects on the outer side go to our internal server
	#
	interface 192.7.100.47
	  exec /usr/local/sbin/smtp.proxy -r @domain.com mail.domain.com

    Other solutions could decide the forwarding direction on the client's
    address.


  * Address checking

    smtp.proxy supports (if enabled) some basic address checking, based on
    the sender's or recipient's email address (sample shown above).  These
    restrictors shall implement a simple protection against unallowed
    relay usage.


  * Local mail system

    smtp.proxy can not only forward requests to different machines but also
    to a local SMTP server program that does SMTP on standard input/output.
    The sendmail program is an example for that.  In this mode smtp.proxy
    would simply protect the local mail system against buffer overflow
    attacks.


  * And finally

    Remember that there is no guarantee.  For nothing.  Especially that
    smtp.proxy will protect your server against anything.

