Re: iptables; some IPs are getting through netmasks
Mark Ford a écrit :
> Here is a shortened version of the output from iptables-save (full version simply has more "-A pests" lines).
>
> # Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012
> *filter
> :INPUT ACCEPT [252417:278747603]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [255016:258290199]
> :pests - [0:0]
> -A INPUT -p tcp -j pests
> -A pests -s 1.85.17.0/24 -p tcp -j DROP
> -A pests -s 67.228.245.0/24 -p tcp -j DROP
> COMMIT
> # Completed on Sun Dec 23 16:24:44 2012
>
> Here is the complete header from the spam email...
>
> Return-path: <invitation@mydailyflog.com>
> Envelope-to: mark@alwayspages.com
> Delivery-date: Sun, 23 Dec 2012 04:15:38 +0000
> Received: from mail10.mydailyflog.com ([67.228.245.121])
> by megavolt.circle.io with esmtp (Exim 4.72)
[...]
> As you can see from the top most Received: line, it gives the ip 67.228.245.121
> You can also see my MTA is Exim (no other MTA).
Indeed.
> My iptables is correct?
AFAICS, yes. You could remove the "-p tcp" to drop all IP protocols, but
SMTP uses TCP, so the rule should catch it.
> - if so, how come the email comes through?
I'm puzzled. Sorry, I must be missing something...
Reply to: