ORF 5.0 Released - ORF Forums

@Bryon: we are about to release the final test build for the members of our closed feature test program. The release date of the final version depends on the number and severity of bugs found during this last test round (and during the open beta followed by it). Your participation in the upcoming beta test phase will be appreciated :)

@Bryon: No ETA on the beta yet: we will make a public announcement when the new version will be available for testing. Thank you for your patience.

Please note that current versions already log which test triggered the blacklisting/whitelisting, and if you add a comment to your manual expressions, you can also identify the exact entry. The new version will improve this only for "commentless" expressions.

Also, I feel I should point out that adding thousands of entries to the manual black- and whitelists is strongly discouraged. Automated test are proved to be able to stop more than 99% of spam according to independent tests with zero false positives without adding a single manual entry (see http://www.vamsoft.com/press-release-2011-11-25.asp), so we suggest relying on these as much as possible.

Adding thousands of entries to the manual lists require a lot of work and you will get little results (not to mention that managing such huge lists is close to impossible and will cause the Administration Tool to load for ages on each startup).

Adding spammer addresses to the Sender Blacklist won't do any good, as they rarely use the same address twice and often spoof legitimate senders. Blacklisting their IPs are a bit better approach, but in most cases the sender IP is already listed on an online DNS blacklist by the time you add it to your own local blacklist, so it is rather pointless. For whitelisting, relying on the Auto Sender Whitelist database is much better to eliminate (otherwise rare) false positives, as it requires no manual interaction.

If lots of spam emails are delivered to the inboxes of your users, and that is why you feel the need to constantly add entries to the manual lists, your configuration is simply not optimal. I recommend reading our best practices guide at http://www.vamsoft.com/downloads/getmostguide.pdf regarding the recommended DNS and URL blacklist to use, and our blog post at http://blog.vamsoft.com/2010/05/20/configuration-used-for-the-vbspam-test/

@Bryon: We have actually evaluated the idea of logging the matched string for ORF 5, but it turned out to be impractical for historical reasons. ORF uses "anchored regexs", meaning that the entire data has to match and hence the logged string would be the whole searched string, e.g. the entire email body. This would be of little help, but would increase the log size significantly. Switching to non-anchored regexs could fix this problem, but would introduce another with the necessary updates to existing expressions. Also, this would require a fully Unicode log implementation and widespread changes in ORF (logs are currently partially Unicode-compliant).

After weighting the impact, we decided to address the issue from different directions and some of the things we came up with made their way into ORF 5:

* ORF 5 adds a default comment to newly recorded expressions
* Testing is available for practically any lists
* The "(Unicode comment cannot be logged)" issue is no more.

We had many more (and better :) ideas with various prerequisites, these may get implemented in future versions.

As for your DNS Blacklist selection, using Spamhaus ZEN, Spamcop, SORBS and CBL is usually enough, as long as you have a good SURBL selection (SURBL Combined and Spamhaus DBL). If you get lot of phishing, you may want to try ClamAV with third-party phising signatures, though their quality varies. Learn more at http://www.vamsoft.com/clamav-guide-part1.asp.

@Bryon: It's been a while since we tested ClamSup, but if remember correctly, you can configure signature sources simply by editing clamsup.ini.

@Uwe S. Fuerst: First of all we are very happy that you have never needed technical support with ORF. Our statistics actually show that 99% of our clients never needed any kind of technical support for their product.

Secondly, we are aware that the release of ORF 5 has been prolonged far longer than it would be expected. We have not only been working on an easier-to-use ORF, we have also been restructuring our services and website to provide a more comprehensive experience. We expect these changes to translate directly into significant cost savings for our clients. We believe that ORF 5 will make the wait worthwhile.

Also, as Byron put it: With the release, we will be loosening the renewal policy to allow late renewals within one year of expiry so in essence you can choose to wait for ORF 5 and see it in action.

@Alfred Salmen: ORF 5 has not yet been released for the public: the topic title was given by one of our users who started this thread (maybe we should rename it to avoid future misunderstandings).

ORF 5 is currently tested by the members of our closed Feature Test Program. The current test release will be followed by a public beta test within a few weeks, we will make a public announcement when the beta is available for download.

In the meantime, I recommend visiting our blog for a sneak peek: http://blog.vamsoft.com/tag/orf5preview

@Alfred Salmen: On the contrary, more people are working on ORF than ever. The first beta is expected within 3 to 5 weeks. We have released the last planned test version this Monday to a private group of testers - it still has bugs, but nothing of major significance, so it appears to be ready for a wider audience.

@Aleksandr Natochij: I assume you already checked the beta out (http://vamsoft.com/fusion-beta/): the release of the final version depends on the number and severity of bugs found during the beta test, so we do not have an exact date yet, but we intend to release it around late May / early June. The beta will function till July 1, 2012, so the final version will be shipped before that.