Can you show us the headers of such an email, showing that the server which directly sent it to you is in that address range? -I will have to wait until I get the next one rather then trying to find it in my logged spam folder Try adding a LOG rule immediately after the above DROP rule: iptables -A INPUT -s 222.0.0.0/8 -j LOG -Will do for the next occurrence After you get some more spam, try "iptables -L INPUT -nvx" and see what the packet & byte counts are for the two rules. What are your other rules (output of "iptables -L -nvx")? -Lists all allowed and dropped rules. I can put it up here but it's long Thanks!!
