ASSP antiSpam and SPF

You'd know tell me how I could block emails sent through the gmail is using the ASSP antispam?

Is there some setting that I can report that the SPF for certain domains not pass, block e-mail?

Oct-03-11 15:48:25 m-31766-00067 <> to: [scoring] spf_result:neutral;
Oct-03-11 15:48:25 m-31766-00067 <> to:;
Oct-03-11 15:48:25 m-31766-00067 <> to: scope:mfrom;
Oct-03-11 15:48:25 m-31766-00067 <> to: spf_record:v=spf1;
Oct-03-11 15:48:25 m-31766-00067 <> to: ... Domain does not state whether sender is authorized to use '' in 'mfrom' identity (mechanism '?all' matched);
Who is Participating?

section 2.5.1, 2.5.2, and 2.5.5 of

2.5.1.  None

   A result of "None" means that no records were published by the domain
   or that no checkable sender domain could be determined from the given
   identity.  The checking software cannot ascertain whether or not the
   client host is authorized.

2.5.2.  Neutral

   The domain owner has explicitly stated that he cannot or does not
   want to assert whether or not the IP address is authorized.  A
   "Neutral" result MUST be treated exactly like the "None" result; the
   distinction exists only for informational purposes.  Treating
   "Neutral" more harshly than "None" would discourage domain owners
   from testing the use of SPF records (see Section 9.1).

2.5.5.  SoftFail

   A "SoftFail" result should be treated as somewhere between a "Fail"
   and a "Neutral".  The domain believes the host is not authorized but
   is not willing to make that strong of a statement.  Receiving
   software SHOULD NOT reject the message based solely on this result,
   but MAY subject the message to closer scrutiny than normal.

As I said it might be possible to do, and SSharma explains how, but you will not be RFC compliant if you do.  The correct approach to resolving this is to leave the SPF checks as they are and implement DKIM verification.
The problem there is that Google is using the ? mechanism, which gives a Neutral result to SPF checks.  If you are verifying DKIM as well, then that will suffice for keeping out spoofed mails.
eduardortAuthor Commented:
Hummm good ...

Dkim this really cool. The problem is that version 1.9 of the ASSP, does not support DKIM. Would be able to block it for the same SPF?
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

You might be able to code some plugin script for ASSP (if they even allow it) to do what you want, but you should NOT do that as you would not be honoring the SPF record as it is published.  Don't do it!!!

On the ASSP page at sourceforge it says it does DKIM, maybe it's just available in 2.x:
Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA does not support it.

An anti-spam solution that doesn't verify DKIM is not worth using, period.
Sudeep SharmaTechnical DesignerCommented:

You would need to modify the ASSP configuration and add the domain to "strictSPFRe" section.

As per the configuration file:

"['strictSPFRe','Strict SPF Processing Regex*',80,\&textinput,'|||||||||','(.*)','ConfigCompileRe',
 'Softfail/Neutral/None will be failed for these sending addresses. Put anything here to identify the addresses. For example: \'|||||||||\''],'

Your configuration may differ from what is posted above. Just make sure to take the backup before you could modify anything.
eduardortAuthor Commented:
Thx Papertrip, good words :)

And SSharma, I saw this configuration on ASSP, however I could not understand exactly what it does. Could you help me understand?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.