Neat! I have to cringe as I read the source code though. There are only 19 commented lines out of 826! Also, it wasn't written with security in mind. For instance, if I have ftp access to an account on a machine running smtp.pl, I can execute arbitrary shell commands by uploading a file to my home directory named ".perlsmtp" containing the line "maildeliver = |/do/whatever".

Here's another thing that jumped out at me:

    open(CONFIG, $_[0]) or die "Could not open config file $_[0]\n";
[download]

Randal would call this "running with scissors". You should always, always, always specify a mode for open(). E.g.:

    open(CONFIG, "<$_[0]") or die "Could not open config file $_[0]\n"
+;
[download]

Otherwise you run the risk of a malicious user sneaking a value like "|rm -rf /home" into the filename. The above example isn't exploitable in the smtp script, mind you, but seeing that, I have to wonder what other bad habits might be lurking in the other 825 lines.

-Matt