Re: iptables; some IPs are getting through netmasks

Sun, 23 Dec 2012 09:06:13 -0800 

Here is a shortened version of the output from iptables-save (full version 
simply has more "-A pests" lines).

# Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012
*filter
:INPUT ACCEPT [252417:278747603]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [255016:258290199]
:pests - [0:0]
-A INPUT -p tcp -j pests 
-A pests -s 1.85.17.0/24 -p tcp -j DROP 
-A pests -s 67.228.245.0/24 -p tcp -j DROP 
COMMIT
# Completed on Sun Dec 23 16:24:44 2012


Here is the complete header from the spam email...


Return-path: <invitat...@mydailyflog.com>
Envelope-to: m...@alwayspages.com
Delivery-date: Sun, 23 Dec 2012 04:15:38 +0000
Received: from mail10.mydailyflog.com ([67.228.245.121])
        by megavolt.circle.io with esmtp (Exim 4.72)
        (envelope-from <invitat...@mydailyflog.com>)
        id 1TmcyQ-0001Io-AG
        for m...@alwayspages.com; Sun, 23 Dec 2012 04:15:38 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mydailyflog.com;
     
h=Date:To:From:Subject:Message-ID:Reply-to:Sender:MIME-Version:Content-Transfer-Encoding:Content-Type;
 i=invitat...@mydailyflog.com;
     bh=sm8vFo7flfhF5iLT2xT+LdgmBhc=;
     
b=a53sR3hO8GyyOhHAoJgQrwbXUJrSdk/MlVo1UFRqOZP7iCBXpxSGZmZbl7EVJLO5yej0G8/ZNjMq
     
owwqd1YiIYIvmxzphJxGqPdJgUt/BkcehrdkKq5BKEBSkkx2G9irpAnk/ztuU9VcwJR3Paz+vP/h
     h7ydyq7yGSTUks1GfRk=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mydailyflog.com;
     
b=bJbUJAhLY67rVwS6TUhCtxd1tMBAXqYwDcki1Vzz4A5R+6JSaQyD3/cRsI/MzK8AHYr6S0MPQ7+k
     
caUP0jyxD86P3vpXBwzNa1AIK1KwMw4WCxALGvw+CiPBUwFhJMY22DDUktS28LDzP1QScDb6yuI/
     SS5re2DR29/KVUitstw=;
Received: from localhost (127.0.0.1) by mail10.mydailyflog.com (PowerMTA(TM) 
v3.5r4) id hqq2mk1fb9gd for <m...@alwayspages.com>; Sat, 22 Dec 2012 04:32:14 
-0600 (envelope-from <invitat...@mydailyflog.com>)
Date: Sat, 22 Dec 2012 04:32:14 -0600
To: m...@alwayspages.com
From: lily ahmad <invitat...@mydailyflog.com>
Subject: Check out this photo on MyDailyFlog!
Message-ID: <3a7baa29f6450b2d1d1c2a19403dfa31@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.1]
Reply-to: lily ahmad <naa...@yahoo.com>
Sender: lily ahmad <invitat...@mydailyflog.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"


As you can see from the top most Received: line, it gives the ip 67.228.245.121
You can also see my MTA is Exim (no other MTA).

My iptables is correct? - if so, how come the email comes through?  I have the 
same problem with other /24 netmasks, for example when trying to block mail 
from Yell.

Thanks


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/30b9a5e8-3ae8-44cc-a5e0-c317f7328...@googlegroups.com

Reply via email to