Re: iptables; some IPs are getting through netmasks

To: debian-user@lists.debian.org
Subject: Re: iptables; some IPs are getting through netmasks
From: Mark Ford <t447806929460@googlemail.com>
Date: Sun, 23 Dec 2012 08:41:28 -0800 (PST)
Message-id: <[🔎] 30b9a5e8-3ae8-44cc-a5e0-c317f73288b2@googlegroups.com>
In-reply-to: <kjW82-3si-7@gated-at.bofh.it>
References: <[🔎] 08061af2-891c-4a02-9e13-2f9309dddfcb@googlegroups.com> <[🔎] 50D7244F.2090508@plouf.fr.eu.org>

Here is a shortened version of the output from iptables-save (full version simply has more "-A pests" lines).

# Generated by iptables-save v1.4.8 on Sun Dec 23 16:24:43 2012
*filter
:INPUT ACCEPT [252417:278747603]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [255016:258290199]
:pests - [0:0]
-A INPUT -p tcp -j pests 
-A pests -s 1.85.17.0/24 -p tcp -j DROP 
-A pests -s 67.228.245.0/24 -p tcp -j DROP 
COMMIT
# Completed on Sun Dec 23 16:24:44 2012


Here is the complete header from the spam email...


Return-path: <invitation@mydailyflog.com>
Envelope-to: mark@alwayspages.com
Delivery-date: Sun, 23 Dec 2012 04:15:38 +0000
Received: from mail10.mydailyflog.com ([67.228.245.121])
    	by megavolt.circle.io with esmtp (Exim 4.72)
    	(envelope-from <invitation@mydailyflog.com>)
    	id 1TmcyQ-0001Io-AG
    	for mark@alwayspages.com; Sun, 23 Dec 2012 04:15:38 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mydailyflog.com;
     h=Date:To:From:Subject:Message-ID:Reply-to:Sender:MIME-Version:Content-Transfer-Encoding:Content-Type; i=invitation@mydailyflog.com;
     bh=sm8vFo7flfhF5iLT2xT+LdgmBhc=;
     b=a53sR3hO8GyyOhHAoJgQrwbXUJrSdk/MlVo1UFRqOZP7iCBXpxSGZmZbl7EVJLO5yej0G8/ZNjMq
     owwqd1YiIYIvmxzphJxGqPdJgUt/BkcehrdkKq5BKEBSkkx2G9irpAnk/ztuU9VcwJR3Paz+vP/h
     h7ydyq7yGSTUks1GfRk=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mydailyflog.com;
     b=bJbUJAhLY67rVwS6TUhCtxd1tMBAXqYwDcki1Vzz4A5R+6JSaQyD3/cRsI/MzK8AHYr6S0MPQ7+k
     caUP0jyxD86P3vpXBwzNa1AIK1KwMw4WCxALGvw+CiPBUwFhJMY22DDUktS28LDzP1QScDb6yuI/
     SS5re2DR29/KVUitstw=;
Received: from localhost (127.0.0.1) by mail10.mydailyflog.com (PowerMTA(TM) v3.5r4) id hqq2mk1fb9gd for <mark@alwayspages.com>; Sat, 22 Dec 2012 04:32:14 -0600 (envelope-from <invitation@mydailyflog.com>)
Date: Sat, 22 Dec 2012 04:32:14 -0600
To: mark@alwayspages.com
From: lily ahmad <invitation@mydailyflog.com>
Subject: Check out this photo on MyDailyFlog!
Message-ID: <3a7baa29f6450b2d1d1c2a19403dfa31@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.1]
Reply-to: lily ahmad <naajay@yahoo.com>
Sender: lily ahmad <invitation@mydailyflog.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"


As you can see from the top most Received: line, it gives the ip 67.228.245.121
You can also see my MTA is Exim (no other MTA).

My iptables is correct? - if so, how come the email comes through?  I have the same problem with other /24 netmasks, for example when trying to block mail from Yell.

Thanks

Reply to:

Follow-Ups:
- Re: iptables; some IPs are getting through netmasks
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables; some IPs are getting through netmasks
  - From: Jonathan Matthews <contact@jpluscplusm.com>
- Re: iptables; some IPs are getting through netmasks
  - From: Richard Hector <richard@walnut.gen.nz>

References:
- iptables; some IPs are getting through netmasks
  - From: Mark Ford <t447806929460@googlemail.com>
- Re: iptables; some IPs are getting through netmasks
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: Re: A lot of problems with debian sid on a Notebook
Next by Date: Re: [OFF TOPIC] Set up a webserver
Previous by thread: Re: iptables; some IPs are getting through netmasks
Next by thread: Re: iptables; some IPs are getting through netmasks
Index(es):
- Date
- Thread