Before we get started let me start by saying that this software is provided as is and should only be used in the understanding that I accept no liability in regards to any damages that might result from its use (or misuse). Setting up RADIUS before SMTP: 1. Figure out where to put your database file and the Perl scripts and edit the Perl scripts to match your choice. by default its assumed the database is in /var/mail/radius-smtp.db and the scripts are in /usr/local/bin 2. set up your RADIUS server to execute the Perl scripts for Start and Stop accounting packets. First you need a radius server that can execute commands in response to accounting events such as FreeRADIUS. a sample radius.conf and acct-user file are provided. You will need at minimum: 1) The Livingston radius compatible files module loaded in the modules section of the radius.conf file like so: files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } 2) A preacct section that passes off to the files module. preacct { files } 3) an acct-user file that calls start and stop with the framed IP address of the user for both Start and Stop accounting packets (this adds the user's IP to the database on login and removes it on logout to control who is allowed in by the MTA or whatever else you want to control access to). DEFAULT Acct-Status-Type == Start Exec-Program = "/usr/local/bin/start %{Framed-IP-Address}" DEFAULT Acct-Status-Type == Stop Exec-Program = "/usr/local/bin/stop %{Framed-IP-Address}" 3. Finally you need to setup your own MTA to use the Berkeley database hash file to control access to your mail server. I recommend you let the database populate for at least a day or more before doing this so that just about everyone that is really logged in will be in the database. You just need to setup your dialup pools to be denied access to your mail server and accept any IP address that is in the database file. Since the scripts just simply put in (or remove) their arguments in the database file you can easily test your ACL by running the start and stop scripts by hand. another good command to monitor the database is the db command that comes as part of most Berkley db distributions. just type db hash and the full path to the database file to see its contents. for example "db hash /var/mail/radius-smtp.db" will spit out the contents of the database file /var/mail/radius-smtp.db.