mmmail was written from scratch from the ground up, and consists of a suite of SMTP and POP3 servers which can fully run under a unprivileged user. It is released under the terms and conditions of the BSD license with advertizing clause to keep credits to the author. It provides virtual mail users, contrary to traditional UNIX/system ones. It optionally supports chroot(2) at program startup to enclose itself into a jail. It runs great on both BSD and Linux systems and is fairly small in size. Well documented via UNIX manual pages.

The servers can limit their clients connection rate on a per-address basis, and also support bandwidth traffic shaping capabilities in both directions (connection-specific and global ones). It also can limit the connections on several factors (maximum number of addresses, number of allowed connections per address and how many simultaneous connections from the same FTP user to accept). Client hostname resolving is optional for speed, and is performed using asynchroneous methods when enabled. Moreover, the administrator may decide weither to check for HELO and/or MAIL MX DNS records before accepting SMTP mail from a client. Use of HELO may be disabled or enforced. Various techniques were implemented to prevent common Denial Of Service attempts.

For each mail user/password pair can exist several email addresses at several virtual hosts, and aliasing is supported to map unexisting addresses to others, even optionally using wildcard pattern matching. The administrator can also set the address and/or hostname masks through which mail with empty FROM address is sent. Each mailbox can be set customizeable quotas (mailbox total size and total number of messages). All storage (users, mailboxes, and mail itself) uses MySQL, which permits a global database server to be used, even remotely. A persistant connection is established and maintained with the server by each daemon, and re-established if ever necessary.

Various statistics are reliably maintained using the mmstat facility, and the administrator can set the verbosity of wanted events and statistics to be output via syslog. Moreover it uses efficient custom I/O buffering around filedescriptors for speed. Each daemon is configured through it's own configuration file. User password hashes are stored in native crypt(3) format (both MD5 and DES work) so it is possible to translate system users to mmmail virtual ones keeping the same hash. Also, mmpop3d supports unstandard POP3 PAGE command (better than TOP) which was especially implemented for human POP3 clients.

Unfortunately, support for relaying will only be added for mmmail2, a future re-implementation of mmmail which also should support multiple authentication and storage methods, as well as many other features including IMAP. If you are interested in knowing more about mmmail2 ongoing engineering (diagrams and documentation), and to make suggestions, you can download this mmmail-design.pdf document.

mmstatd was originally written for mmftpd and mmmail to asynchroneously maintain statistical counters in an efficient manner. I however also release it separately as it is used by some other people in their projects. These include an IRC network services system which although using db4 for most data storage uses mmstat(3) library for various statistics counters.

It does not require any additional libraries, and provides a simple API for applications to either update counters or query statistics. The update requests are done using an AF_LOCAL/UNIX datagram to the mmstatd service's log socket, similarly to the way syslog(3) works. Statistics are queried via an AF_LOCAL/UNIX stream on another mmstatd socket. Permissions for access to both sockets can be different.

The service consists of a librarian and logger. The logger accumulates requests filling a recovery log, while the librarian processes those logs asynchroneously and syncs the disk database with them from time to time. In case of a crash, the recovery logs which weren't synchronized yet to disk are used to recover from the crash. Provided with it is a utility to query and update statistics from the shell as well.

Written from scratch, consists of a superserver daemon made of two parts, one process running as the superuser (to perform tasks like modifying firewall rules) and the other running as an unprivileged user performing all the work. This privilege separation system is quite effective for a secure setup. Linux 2.2 specific (can work with 2.4+ but without the transparent proxying support). Released under the terms of the GPL (GNU Public License).

mmtcpfwd provides transparent TCP/IP connection proxying from a MASQ enabled gateway to other machines, including FTP connections, via a special userspace passive FTP connections proxy supporting PASV, LPSV and EPSV, and masking the actual FTP server LAN address by supplying the gateway's address instead. Supports SMP where hardware permits. Uses a main configuration file to configure all it's parameters. Also provides an optional random UNIX-ident protocol daemon, allowing masqueraded connections behind the gateway to use services requireing identd to run.

For each forwarded port, a non-privileged process is setup to listen to and forward multiple connections to their configured destination. This destination can consist of a remote or local host, and it is possible to make it resolve IP address by hostname or to specify absolute IP addresses for speed.

Several interesting techniques are implemented to counter Denial of Service attacks: Total number of forwarded simultanious connections per port can be set, as well as per address. Also permits to deny automatically an IP address overflowing connections with a threshold, in which case each active connection from that address are cleanly closed before applying the firewall deny rule, executing a command of our choice. Allows to fake services like portsentry to immediately DENY an IP address that connects, sending a configurable message before closing and applying the DENY rule. Can also automatically undeny IP addresses of offendants after a certain amount of minutes, or indefinitely. As many IP addresses to never deny as we want can be specified.

Uses syslog logging, to keep log of connections/bytes transfered, elapsed time, etc... Hostnames can be resolved or not, on a per-port basis. Supports kernel's IP Transparent Proxying support to fake client's IP address when forwarding. Aimed towards security as much as possible. Fairly small, executable around 30k only.

This server originally consisted of a port of BSD-FTPd to Linux, and various custom features were added which I personally needed at the time. Since I wrote mmftpd which much better suits my needs I no longer maintain ginseng-ftpd. It's still available though, for people who need to run FTP services with real users (where security is generally not that much of a concern). An FTP server allowing use of standard UNIX system users obviously required to run as the superuser. Run mmftpd if you need better security. Was released under the terms of the BSD license.

I here describe a list of the various changes that I made on the original BSD-FTPd code: The popular recently discovered single-byte vulnerability of bsd-ftpd was fixed, some better sanity checking around seteuid(), setegid() and fork() was added. Was fixed against the recursive LIST/NLST problems which alot of FTP servers are vulnerable to, including BSD-FTPd at the time. Now only requires a single configuration file (/etc/ftpusers) for all account options, and users MUST be present in it to be allowed FTP access (contrary to traditional behavior). The configuration file now uses one user per line, and one column per user configurable option.

Support for read-only accounts, umask specification and homedir total size limits on a per/user basis and number of connections per user was added, note that the tree size quotas are only safe if only one simultaneous logins of that user are allowed. Shared memory and semaphores would have been required otherwise which would have strongly impacted performance. This is not the case for mmftpd where threads are used and quotas are safe no matter what. The server was modified to only accept to be launched by the superuser.

The following command switches/parameters were added when starting the daemon: -q to not display ftpd type/version to clients, -n to not resolve hostnames for speed, -x to allow masquerading actual LAN IP address to 0.0.0.0 for passive replies (not that not all clients will work, I recommend using mmtcpfwd passive FTP proxying to masquerade those to the actual gateway's IP address instead, where all clients will work. Finally, -q was added to specify which port to listen to.