Allow logging of anti-spam feature results without blocking
Currently, if I choose an anti-spam feature like 'Strict RDNS', I immediately block any sender that has not configured FCrDNS. I would like to be able to see 'RDNS invalid' in the log without that causing a block. Most spams probably would be blocked by something else, but it would be much easier to find false-positives and either inform the offending domain or make an exception for it.
I'll itemize some of the other features where modelling is useful:
1) SPF. Evaluate without enforcement for hard fail, soft fail, matched, missing. When enforced, the user should have control over how UTM responds to these four conditions, including manual exceptions.
2) DKIM: Evaluate for: DKIM enforceable and verified, DKIM enforceable and not verified, DKIM test mode and verified, DKIM test mode and not verified, DKIM not present. When enforced, flexibility for handling these 5 conditions, including manual exceptions.
3) DMARC: Evaluate for DMARC policy present (active or test) as well as for simulated DKIM (SPF verified or DKIM verified.) Then allow actions and exceptions based on DMARC policy success/fail or simulated DKIM success fail. "My simulated DKIM is a special case of requests elsewhere to create policy rules based on multiple factors joined by AND.
4) Block by Country, IP, or reverse DNS: If I start blocking on these attributes, which emails will be blocked that are currently allowed.
Wherever feasible, a retrospective analysis capability which provides immediate answers would be preferable to a forward-only design which requires enabling the feature and then waiting for data to be collected.