DROP_HOSTILE is inaccurate

Hi,

indeed, currently, Spamhaus DROP, EDROP and DROPv6 are solicited in addition to some ASNs and IP networks identified by the IPFire developers as rogue - that list can be retrieved here.

This is primarily because Spamhaus’ ASN-DROP list is still suspended from service due to “operational constraints”. Since it was very helpful, we tried to adapt the worst ASNs listed there, to protect IPFire users. Similar to Spamhaus’ policy, this of course strives for a zero false-positive rate, and we have not heard of FPs caused by this so far. :slight_smile:

Could you post the IP address in question here? The corresponding /24 subnet is also sufficient.

Thanks, and best regards,
Peter Müller

3 Likes