Here is a shortened version of the output from iptables-save (full version simply has more "-A pests" lines).
# Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012 *filter :INPUT ACCEPT [252417:278747603] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [255016:258290199] :pests - [0:0] -A INPUT -p tcp -j pests -A pests -s 1.85.17.0/24 -p tcp -j DROP -A pests -s 67.228.245.0/24 -p tcp -j DROP COMMIT # Completed on Sun Dec 23 16:24:44 2012 Here is the complete header from the spam email... Return-path: <[email protected]> Envelope-to: [email protected] Delivery-date: Sun, 23 Dec 2012 04:15:38 +0000 Received: from mail10.mydailyflog.com ([67.228.245.121]) by megavolt.circle.io with esmtp (Exim 4.72) (envelope-from <[email protected]>) id 1TmcyQ-0001Io-AG for [email protected]; Sun, 23 Dec 2012 04:15:38 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mydailyflog.com; h=Date:To:From:Subject:Message-ID:Reply-to:Sender:MIME-Version:Content-Transfer-Encoding:Content-Type; [email protected]; bh=sm8vFo7flfhF5iLT2xT+LdgmBhc=; b=a53sR3hO8GyyOhHAoJgQrwbXUJrSdk/MlVo1UFRqOZP7iCBXpxSGZmZbl7EVJLO5yej0G8/ZNjMq owwqd1YiIYIvmxzphJxGqPdJgUt/BkcehrdkKq5BKEBSkkx2G9irpAnk/ztuU9VcwJR3Paz+vP/h h7ydyq7yGSTUks1GfRk= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mydailyflog.com; b=bJbUJAhLY67rVwS6TUhCtxd1tMBAXqYwDcki1Vzz4A5R+6JSaQyD3/cRsI/MzK8AHYr6S0MPQ7+k caUP0jyxD86P3vpXBwzNa1AIK1KwMw4WCxALGvw+CiPBUwFhJMY22DDUktS28LDzP1QScDb6yuI/ SS5re2DR29/KVUitstw=; Received: from localhost (127.0.0.1) by mail10.mydailyflog.com (PowerMTA(TM) v3.5r4) id hqq2mk1fb9gd for <[email protected]>; Sat, 22 Dec 2012 04:32:14 -0600 (envelope-from <[email protected]>) Date: Sat, 22 Dec 2012 04:32:14 -0600 To: [email protected] From: lily ahmad <[email protected]> Subject: Check out this photo on MyDailyFlog! Message-ID: <[email protected]> X-Priority: 3 X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.1] Reply-to: lily ahmad <[email protected]> Sender: lily ahmad <[email protected]> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" As you can see from the top most Received: line, it gives the ip 67.228.245.121 You can also see my MTA is Exim (no other MTA). My iptables is correct? - if so, how come the email comes through? I have the same problem with other /24 netmasks, for example when trying to block mail from Yell. Thanks -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
