Re: iptables; some IPs are getting through netmasks
On 23 December 2012 16:41, Mark Ford <t447806929460@googlemail.com> wrote:
> Here is a shortened version of the output from iptables-save (full version simply has more "-A pests" lines).
>
> # Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012
> *filter
> :INPUT ACCEPT [252417:278747603]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [255016:258290199]
> :pests - [0:0]
> -A INPUT -p tcp -j pests
> -A pests -s 1.85.17.0/24 -p tcp -j DROP
> -A pests -s 67.228.245.0/24 -p tcp -j DROP
> COMMIT
> # Completed on Sun Dec 23 16:24:44 2012
>
>
> Here is the complete header from the spam email...
[snipped]
I would trust what you find in /var/log/{mail,exim} more readily than
Received: lines in a spam mail, no matter how correctly you think
you're reading them. I'd check there instead.
As an aside, I wouldn't block /24s like this myself. Use something in
protocol (i.e. configured in Exim), perhaps, and be /really/ careful
about blocking entire /24s. The collateral damage could be more than
you intended.
Cheers,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
Reply to: