Re: iptables; some IPs are getting through netmasks

[Pascal Hambourg <pascal@plouf.fr.eu.org>]

Mark Ford a écrit :
> Here is a shortened version of the output from iptables-save (full version simply has more "-A pests" lines).
> 
> # Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012
> *filter
> :INPUT ACCEPT [252417:278747603]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [255016:258290199]
> :pests - [0:0]
> -A INPUT -p tcp -j pests 
> -A pests -s 1.85.17.0/24 -p tcp -j DROP 
> -A pests -s 67.228.245.0/24 -p tcp -j DROP 
> COMMIT
> # Completed on Sun Dec 23 16:24:44 2012
> 
> Here is the complete header from the spam email...
> 
> Return-path: <invitation@mydailyflog.com>
> Envelope-to: mark@alwayspages.com
> Delivery-date: Sun, 23 Dec 2012 04:15:38 +0000
> Received: from mail10.mydailyflog.com ([67.228.245.121])
>     	by megavolt.circle.io with esmtp (Exim 4.72)
[...]
> As you can see from the top most Received: line, it gives the ip 67.228.245.121
> You can also see my MTA is Exim (no other MTA).

Indeed.

> My iptables is correct?

AFAICS, yes. You could remove the "-p tcp" to drop all IP protocols, but
SMTP uses TCP, so the rule should catch it.

> - if so, how come the email comes through?

I'm puzzled. Sorry, I must be missing something...