ASSP antiSpam and SPF

You'd know tell me how I could block emails sent through the gmail is using the ASSP antispam?

Is there some setting that I can report that the SPF for certain domains not pass, block e-mail?


Oct-03-11 15:48:25 m-31766-00067 70.38.25.118 <clara.beth.cosme@gmail.com> to: marketing@aiec.br [scoring] spf_result:neutral;
Oct-03-11 15:48:25 m-31766-00067 70.38.25.118 <clara.beth.cosme@gmail.com> to: marketing@aiec.br identity:clara.beth.cosme@gmail.com;
Oct-03-11 15:48:25 m-31766-00067 70.38.25.118 <clara.beth.cosme@gmail.com> to: marketing@aiec.br scope:mfrom;
Oct-03-11 15:48:25 m-31766-00067 70.38.25.118 <clara.beth.cosme@gmail.com> to: marketing@aiec.br spf_record:v=spf1 redirect=_spf.google.com;
Oct-03-11 15:48:25 m-31766-00067 70.38.25.118 <clara.beth.cosme@gmail.com> to: marketing@domain.com local_exp:gmail.com ... _spf.google.com: Domain does not state whether sender is authorized to use 'clara.beth.cosme@gmail.com' in 'mfrom' identity (mechanism '?all' matched);
eduardortAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PapertripCommented:
The problem there is that Google is using the ? mechanism, which gives a Neutral result to SPF checks.  If you are verifying DKIM as well, then that will suffice for keeping out spoofed @gmail.com mails.
eduardortAuthor Commented:
Hummm good ...

Dkim this really cool. The problem is that version 1.9 of the ASSP, does not support DKIM. Would be able to block it for the same SPF?
PapertripCommented:
You might be able to code some plugin script for ASSP (if they even allow it) to do what you want, but you should NOT do that as you would not be honoring the SPF record as it is published.  Don't do it!!!

On the ASSP page at sourceforge it says it does DKIM, maybe it's just available in 2.x:
Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA does not support it.

An anti-spam solution that doesn't verify DKIM is not worth using, period.
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

Sudeep SharmaTechnical DesignerCommented:
@eduardort

You would need to modify the ASSP configuration and add the domain to "strictSPFRe" section.

As per the configuration file:

"['strictSPFRe','Strict SPF Processing Regex*',80,\&textinput,'@aol.com|@gmail.com|@msn.com|@live.com|@ebay.com|@ebay.nl|@bbt.com|@paypal.com|@einsundeins.de|@microsoft.com','(.*)','ConfigCompileRe',
 'Softfail/Neutral/None will be failed for these sending addresses. Put anything here to identify the addresses. For example: \'@aol.com|@gmail.com|@msn.com|@live.com|@ebay.com|@ebay.nl|@bbt.com|@paypal.com|@einsundeins.de|@microsoft.com\''],'

Your configuration may differ from what is posted above. Just make sure to take the backup before you could modify anything.
PapertripCommented:




section 2.5.1, 2.5.2, and 2.5.5 of http://www.ietf.org/rfc/rfc4408.txt

2.5.1.  None

   A result of "None" means that no records were published by the domain
   or that no checkable sender domain could be determined from the given
   identity.  The checking software cannot ascertain whether or not the
   client host is authorized.

2.5.2.  Neutral

   The domain owner has explicitly stated that he cannot or does not
   want to assert whether or not the IP address is authorized.  A
   "Neutral" result MUST be treated exactly like the "None" result; the
   distinction exists only for informational purposes.  Treating
   "Neutral" more harshly than "None" would discourage domain owners
   from testing the use of SPF records (see Section 9.1).

2.5.5.  SoftFail

   A "SoftFail" result should be treated as somewhere between a "Fail"
   and a "Neutral".  The domain believes the host is not authorized but
   is not willing to make that strong of a statement.  Receiving
   software SHOULD NOT reject the message based solely on this result,
   but MAY subject the message to closer scrutiny than normal.

As I said it might be possible to do, and SSharma explains how, but you will not be RFC compliant if you do.  The correct approach to resolving this is to leave the SPF checks as they are and implement DKIM verification.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eduardortAuthor Commented:
Thx Papertrip, good words :)

And SSharma, I saw this configuration on ASSP, however I could not understand exactly what it does. Could you help me understand?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.