-----Original Message----- > > After a lot of logfile analysis and testing, I've recently > > incorporated the code below, into filter_relay(), in my mimedefang- > > filter. It uses a free perl module calld Geo::IP, available > > directly from www.maxmind.com (and also from CPAN). > Interesting, > I am curious, did you do this in response to http://blackholes.us/ being down > the last few days or were you aware you could already do this inside sendmail > (or SA for adding a weighted score instead of an outright block) directly? > Granted, right now blackholes.us seems to be totally down (there is some > discussion about this on the SpamL list) but it would seem to me to be a > better solution that would also allow tieing into your whitelist in the normal > sendmail fashion (access.db for most people). And their DSNBLs seem to be just > as complete if not more complete than the GeoIP database, and is broken down > by country, entity, and more (just depends on how draconian you want to get). Jim, The status of blackholes.us didn't have any bearing on this. It was based on familiarity, and comfort with past success we've had with GeoIP, where we have used it in other applications. When security and marketing were approached with the idea of blocking by country, it was an easier "sell" to use an existing method of determining the country of origin. And with the different API's available for the database, along with some of the commandline tools available for it, it's a solution that can be applied in a lot of non-email-related ways. Lastly, it didnt have the stigma of some "blacklists", for being draconian, so it was an easier "sell" to management familiar with the concept (and complaints) of some blacklists. Ken