[Mimedefang] Something new for filter_relay()

[Cormack, Ken]

-----Original Message-----
> > After a lot of logfile analysis and testing, I've recently 
> > incorporated the code below, into filter_relay(), in my mimedefang-
> > filter.  It uses a free perl module calld Geo::IP, available 
> > directly from www.maxmind.com (and also from CPAN).

> Interesting,

> I am curious, did you do this in response to http://blackholes.us/ being
down
> the last few days or were you aware you could already do this inside
sendmail
> (or SA for adding a weighted score instead of an outright block) directly?


> Granted, right now blackholes.us seems to be totally down (there is some
> discussion about this on the SpamL list) but it would seem to me to be a
> better solution that would also allow tieing into your whitelist in the
normal
> sendmail fashion (access.db for most people). And their DSNBLs seem to be
just
> as complete if not more complete than the GeoIP database, and is broken
down
> by country, entity, and more (just depends on how draconian you want to
get).

Jim,

The status of blackholes.us didn't have any bearing on this.

It was based on familiarity, and comfort with past success we've had with
GeoIP, where we have used it in other applications.  When security and
marketing were approached with the idea of blocking by country, it was an
easier "sell" to use an existing method of determining the country of
origin.  And with the different API's available for the database, along with
some of the commandline tools available for it, it's a solution that can be
applied in a lot of non-email-related ways.

Lastly, it didnt have the stigma of some "blacklists", for being draconian,
so it was an easier "sell" to management familiar with the concept (and
complaints) of some blacklists.

Ken