[CentOS] Firewall question

Thu Jun 26 13:18:47 UTC 2014
Jerry Geis <geisj at pagestation.com>

I have a firewall rule to drop packets from certain addresses: (email spam)
my /etc/sysconfig/iptables begins as:

# Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:148]
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -s 223.255.229.0/24 -j DROP
-A INPUT -s 218.96.0.0/24 -j DROP
-A INPUT -s 216.227.128.0/24 -j DROP
-A INPUT -s 216.156.135.0/24 -j DROP
-A INPUT -s 213.251.189.0/24 -j DROP
-A INPUT -s 213.239.219.0/24 -j DROP
-A INPUT -s 213.205.32.0/24 -j DROP
-A INPUT -s 213.136.70.0/24 -j DROP
-A INPUT -s 212.178.110.0/24 -j DROP
-A INPUT -s 212.83.141.0/24 -j DROP
-A INPUT -s 212.83.136.0/24 -j DROP
-A INPUT -s 212.83.134.0/24 -j DROP
-A INPUT -s 210.107.197.0/24 -j DROP
-A INPUT -s 209.239.123.0/24 -j DROP
-A INPUT -s 209.133.56.0/24 -j DROP
-A INPUT -s 209.126.73.0/24 -j DROP
-A INPUT -s 209.126.72.0/24 -j DROP
-A INPUT -s 209.126.71.0/24 -j DROP
-A INPUT -s 209.126.70.0/24 -j DROP
-A INPUT -s 198.101.11.0/24 -j DROP

then /var/log/maillog gices this entry.

from=<griffon at dree.eu>, size=9037, class=0, nrcpts=1, msgid=<
3542.159.259897.271846 at dree.eu> , proto=ESMTP, daemon=MTA,
relay=[198.101.11.141]


How is that coming through???

Why is the firewall not dropping the packets?
I have restarted iptables so the rules are active .

And just to make sure:
iptables -L -n | grep 198.101
DROP       all  --  198.101.11.0/24      0.0.0.0/0

Thoughts?

Thanks.

Jerry