diff --git a/include/smtpf.h b/include/smtpf.h
new file mode 100644
index 0000000..0a92bb3
--- /dev/null
+++ b/include/smtpf.h
@@ -0,0 +1,28 @@
+/*
+ * ejabberd external authentication program
+ *
+ * (c) Alexander Vdolainen 2013, 2018, 2019, 2021 <alex@vapaa.xyz>
+ *
+ * this is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published
+ * by the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * this is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.";
+ *
+ */
+
+#ifndef __SMTPF_H__
+#define __SMTPF_H__
+
+#define SMTPLINE_LENGTH  320
+
+int smtp_checkuser(struct tlsport *p, struct ejabber_msg *m, const char *host);
+
+#endif /* __SMTPF_H__ */
diff --git a/src/smtp.c b/src/smtp.c
index d22968c..97617bc 100644
--- a/src/smtp.c
+++ b/src/smtp.c
@@ -34,8 +34,63 @@
 
 #include <eport.h>
 #include <tlsport.h>
+#include <smtpf.h>
 
 int smtp_checkuser(struct tlsport *p, struct ejabber_msg *m, const char *host)
 {
-  return -1;
+  char buf[SMTPLINE_LENGTH];
+  int len, mlen, r;
+
+  /* sanity check */
+  if(!m || !m->user) return -1;
+  if(!m->domain || !m->password) return -1;
+  if(!p || !p->ssl) return -1;
+  if(!host) return -1;
+
+  /* clear stack buffers */
+  len = mlen = r = 0;
+  memset(buf, 0, SMTPLINE_LENGTH);
+
+  /* start with hello */
+  mlen = strlen(host) + sizeof(char)*5;
+  if(mlen > SMTPLINE_LENGTH - sizeof(char)) return -1; /* too long message */
+  snprintf(buf, mlen + sizeof(char), "HELO %s", host);
+  len = tls_io(p, buf, mlen, TLSIO_WRITE);
+  if(len < 0) return -1;
+  else memset(buf, 0, mlen);
+  /* check the reply if any */
+  len = tls_io(p, buf, SMTPLINE_LENGTH - sizeof(char), TLSIO_READ);
+  if(len < 4) return -1;
+  else if(strncmp(buf, "250 ", 4)) return -1;
+
+  /* set mail from */
+  mlen = strlen(m->user) + strlen(m->domain) + 15*sizeof(char);
+  if(mlen > SMTPLINE_LENGTH - sizeof(char)) return -1; /* too long message */
+  snprintf(buf, mlen + sizeof(char), "mail from:<%s@%s>", m->user, m->domain);
+  len = tls_io(p, buf, mlen, TLSIO_WRITE);
+  if(len < 0) return -1;
+  else memset(buf, 0, mlen);
+  /* check the reply if any */
+  len = tls_io(p, buf, SMTPLINE_LENGTH - sizeof(char), TLSIO_READ);
+  if(len < 4) return -1;
+  else if(strncmp(buf, "250 ", 4)) return -1;
+
+  /* set recepient, if it's ok - user exists, if it's not - no such user */
+  mlen = strlen(m->user) + strlen(m->domain) + 11*sizeof(char);
+  if(mlen > SMTPLINE_LENGTH - sizeof(char)) return -1; /* too long message */
+  snprintf(buf, mlen + sizeof(char), "rcpt to:<%s@%s>", m->user, m->domain);
+  len = tls_io(p, buf, mlen, TLSIO_WRITE);
+  if(len < 0) return -1;
+  else memset(buf, 0, mlen);
+  /* check the reply if any */
+  len = tls_io(p, buf, SMTPLINE_LENGTH - sizeof(char), TLSIO_READ);
+  if(len < 4) return -1;
+  else if(strncmp(buf, "250 ", 4)) r = -1;
+
+  /* gracefully end smtp session */
+  mlen = strlen("quit");
+  snprintf(buf, mlen + sizeof(char), "quit");
+  tls_io(p, buf, mlen, TLSIO_WRITE);
+
+  return r;
 }