I've implemented an AS2 solution hundreds of times. Of course I used the plethora of commercial software out there, including free software. I'm going to assume you've read the RFC which will let you know how your software needs to act in order to be compliant.
/n software has a solution that is free for one trading partner. I've used it successfully at a client location. I've heard people have success with AS2Secure if you absolutely need a PHP-based solution. If your partner requires MD5 hash algorithm, then this solution (based on their site) will NOT work. This is just one example why rolling your own can be tricky.
Things to think about:
How difficult will it be to integrate with your EDI translator? Seamless? Or will scripting need to happen? How are MDNs handled, and how much setup is required to handle it? Are they synchronous or asynchronous? What encryption / signing algorithms do you need / want to support? Will this scale to multiple trading partners? Are you going to build in mailboxing for each partner and route based on ID?
I understand the desire to roll your own service, but this horse has been beaten to death.
There are so many good applications out there that will scale and integrate with your integration solution, and most of the time you will get a quick ROI from the commercial based software.
Personally, I had the best luck with Cleo Lexicom. Not free, but the most plug / play.