> I can't readily think of a more appropriate place to perform these > checks, except maybe by modifying the Imail Web interface itself to > use a geolocation database, but I'm not sure if that's even > possible.
You're talking about a task typically done by an ISAPI filter on the box or by a reverse proxy -- something host header aware. Fastream's IQRP, which we swear by here, can block by geo. Tometa's GeoSniper is an ISAPI geo filter which I haven't used but which could be perfect for you. ISAPI-based IPSes like ThreatSentry, DotDefender, WebKnight can be bound only to a specific virtual server in IIS and detect trends over time, such as too many hits on the mail submission form in a short period. Don't think any of these used geolocation outright the last time I used them. WhosOn, a user tracking app that we also use, can tail your logs every 15 seconds and also find aberrations like this, though it is technically out-of-band. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html