ORF DHA and Exchange 2007 RSS

1

Is there a know issue with Exchange 2007 and ORF DHA tests? We have a client (a local college) that get hung up on ORF HDA checks.

I have added the domain to the DHA exceptions list for now but wondered if there was a configuration issue with the colleges exchange server that might be causing this?

Version: 4.3 REGISTERED
Log Mode: Verbose
Server: claven.dougallmedia.com
Source: SMTPSVC-1
Time: 5/3/2011 2:43:25 PM
Class: Blacklist
Severity: Information
Actions: Reject
Filtering Point: On Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 192.197.60.190
Message ID:
Email Subject: 00157.11 - Radio Awareness Spots for Quotation
Sender:
Recipient(s):
*
Message:
Blacklisted by the DHA Protection Test.

by Barry George 7 years ago
2

@Barry George: There are no known issues with Exchange 2007 and the DHA Protection Test. This test works in quite simple way: if a single IP address attempts to send emails to recipients failing the Recipient Validation or the Recipient Blacklist test "X" times in "Y" seconds, the DHA Protection test will keep blacklisting the IP for a "Z" time.

If you check the logs, you should see preceeding attempts from 192.197.60.190 that failed either of the above tests. This can even be a single attempt if that has many non-existent/blacklisted recipients. The default DHA settings are 'Ban the sending IP for 24 hours if at least 3 invalid delivery attempts are made within 3 hours", so it is 3 hours worth of logs to be checked. If senders are frequently failing on the DHA Protection Test, please consider increasing the number of invalid delivery attempts required or decrease the attempt window of 3 hours.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)

3

Thanks Peter I will adjust the attemp parameters upwards. We do get a few DHA blocks from time to time. Could be slow connection issues at our end since the ORF stand alone box is running virtually and we do see some slow responce from the Linux kernal sometimes.

Cheers
Barry

by Barry George 7 years ago
4

@Barry George: I think slow connections do not contribute to this. If you find that the usual DHA hits are legitimate (I mean, they do catch DHA and not legitimate emails) and this issue occurs only with this specific sender, you can add the sender domain to the DHA Sender Exceptions. A typical issue would be newsletters, etc. arriving to staff that long left the company - only a few of these can trigger the DHA Protection. In this case, the best solution is to use the Recipient Exceptions and add these no longer active staff addresses.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed