ORF 5.0 Released - ORF Forums

ORF 5.0 Released RSS Back to forum


I'd sure like to see that topic with a download link - how is the 5.0 version coming? Anything i can do to help move it along? The features promise to be amazing, seriously drooling in anticipation.

by Bryon 7 years ago

@Bryon: we are about to release the final test build for the members of our closed feature test program. The release date of the final version depends on the number and severity of bugs found during this last test round (and during the open beta followed by it). Your participation in the upcoming beta test phase will be appreciated :)

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)



Any update on the release date? I'd be more than happy to beta test in your upcoming phase. We're not huge, but can have about 50k email attempts per day hit it.

The feature we're most interested in using is the one that tells you exactly what test triggered an action, that would really help. That and maybe searching the whitelists/blacklists since ours are thousands of lines long.

by Bryon 7 years ago

@Bryon: No ETA on the beta yet: we will make a public announcement when the new version will be available for testing. Thank you for your patience.

Please note that current versions already log which test triggered the blacklisting/whitelisting, and if you add a comment to your manual expressions, you can also identify the exact entry. The new version will improve this only for "commentless" expressions.

Also, I feel I should point out that adding thousands of entries to the manual black- and whitelists is strongly discouraged. Automated test are proved to be able to stop more than 99% of spam according to independent tests with zero false positives without adding a single manual entry (see http://www.vamsoft.com/press-release-2011-11-25.asp), so we suggest relying on these as much as possible.

Adding thousands of entries to the manual lists require a lot of work and you will get little results (not to mention that managing such huge lists is close to impossible and will cause the Administration Tool to load for ages on each startup).

Adding spammer addresses to the Sender Blacklist won't do any good, as they rarely use the same address twice and often spoof legitimate senders. Blacklisting their IPs are a bit better approach, but in most cases the sender IP is already listed on an online DNS blacklist by the time you add it to your own local blacklist, so it is rather pointless. For whitelisting, relying on the Auto Sender Whitelist database is much better to eliminate (otherwise rare) false positives, as it requires no manual interaction.

If lots of spam emails are delivered to the inboxes of your users, and that is why you feel the need to constantly add entries to the manual lists, your configuration is simply not optimal. I recommend reading our best practices guide at http://www.vamsoft.com/downloads/getmostguide.pdf regarding the recommended DNS and URL blacklist to use, and our blog post at http://blog.vamsoft.com/2010/05/20/configuration-used-for-the-vbspam-test/

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)


Hi Krisztian, and thanks for the detailed reply.

I understand how the comments block works, and have been using that extensively.

I was hoping that ORF 5 would say something new other than just
"...by the sender blacklist."

Maybe it would say something like
"...by the sender blacklist (comment 'whatever was there in comments' | matched pattern '*@spammer.com')

We're using the dns blacklists of CBL, SORBS Combined, Spamhaus ZEN, and uceprotect... but maybe that's not optimal (we get a ton of spam from hacked aol/yahoo accounts)

I'll go read the guides you linked to, thanks again for those.

by Bryon 7 years ago

@Bryon: We have actually evaluated the idea of logging the matched string for ORF 5, but it turned out to be impractical for historical reasons. ORF uses "anchored regexs", meaning that the entire data has to match and hence the logged string would be the whole searched string, e.g. the entire email body. This would be of little help, but would increase the log size significantly. Switching to non-anchored regexs could fix this problem, but would introduce another with the necessary updates to existing expressions. Also, this would require a fully Unicode log implementation and widespread changes in ORF (logs are currently partially Unicode-compliant).

After weighting the impact, we decided to address the issue from different directions and some of the things we came up with made their way into ORF 5:

* ORF 5 adds a default comment to newly recorded expressions
* Testing is available for practically any lists
* The "(Unicode comment cannot be logged)" issue is no more.

We had many more (and better :) ideas with various prerequisites, these may get implemented in future versions.

As for your DNS Blacklist selection, using Spamhaus ZEN, Spamcop, SORBS and CBL is usually enough, as long as you have a good SURBL selection (SURBL Combined and Spamhaus DBL). If you get lot of phishing, you may want to try ClamAV with third-party phising signatures, though their quality varies. Learn more at http://www.vamsoft.com/clamav-guide-part1.asp.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)



Thanks again for such detail, you guys never cease to amaze

I have just now implemented ClamAV with the ClamSup add-on, and I am interested in using some of the 3rd party databases from here: http://www.sanesecurity.com/clamav/databases.htm

Are these on by default, or how can i config it to use whichever databases look good for our setup?

The closest I can find is their support forum (http://sanesecurity.org.uk/forum/) which appears to be offline.

Some of those databases look really, really good - just need to know how to use them

by Bryon 7 years ago

@Bryon: It's been a while since we tested ClamSup, but if remember correctly, you can configure signature sources simply by editing clamsup.ini.

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)



today I've got the email reminder that our SMA is due to expire in 30 days, so I told my CEO that we've to invest to keep the service alive. He asked me in return, what's in for us, and honestly, I didn't dare to tell him that "ORF 5 is coming", since that's what I've been telling him over a year now - actually, that's been the major reason for us to renew our SMA last year.

So, my simple question is:
What other arguments do I have to convince my CEO to pay for another year? We're running ORF 4.4 and I haven't had the need to ask for any service or support, since it's just running sound and clear, so let me use my CEO's words: what's in for us?


by Uwe S. Fuerst 7 years ago

Look around these forums for things about ORF 5, i remember seeing a post where someone from vamsoft said they'd honor the upgrade to 5.0 even if the SMA expired, since it was delayed so much.

i'll see if i can find that post too

note: i don't work for vamsoft, just some guy

by Bryon 7 years ago

@Uwe S. Fuerst: First of all we are very happy that you have never needed technical support with ORF. Our statistics actually show that 99% of our clients never needed any kind of technical support for their product.

Secondly, we are aware that the release of ORF 5 has been prolonged far longer than it would be expected. We have not only been working on an easier-to-use ORF, we have also been restructuring our services and website to provide a more comprehensive experience. We expect these changes to translate directly into significant cost savings for our clients. We believe that ORF 5 will make the wait worthwhile.

Also, as Byron put it: With the release, we will be loosening the renewal policy to allow late renewals within one year of expiry so in essence you can choose to wait for ORF 5 and see it in action.

by Andras Sudy 7 years ago
(in reply to this post)


But I never saw the renewal fee as something really big. Usually every client I told about had no problem paying ~75€ per year for a spamfilter with that catching rate.

by Norbert Fehlauer 7 years ago

@Krisztian Fekete (Vamsoft): ORF 5.0 Released ? we are on 4.4 for the longest time and started thinking that active dev. for ORF has stopped...

by Alfred Salmen 7 years ago
(in reply to this post)


http://blog.vamsoft.com/ would've told you different.

by Norbert Fehlauer 7 years ago

@Alfred Salmen: ORF 5 has not yet been released for the public: the topic title was given by one of our users who started this thread (maybe we should rename it to avoid future misunderstandings).

ORF 5 is currently tested by the members of our closed Feature Test Program. The current test release will be followed by a public beta test within a few weeks, we will make a public announcement when the beta is available for download.

In the meantime, I recommend visiting our blog for a sneak peek: http://blog.vamsoft.com/tag/orf5preview

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)


@Alfred Salmen: On the contrary, more people are working on ORF than ever. The first beta is expected within 3 to 5 weeks. We have released the last planned test version this Monday to a private group of testers - it still has bugs, but nothing of major significance, so it appears to be ready for a wider audience.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)


I'd rather you take your time and release a stable product than release something that is buggy and causes headaches.

by David Follis 7 years ago

Hello, Krisztian!
We are all waiting for ORF 5. What is release date? ^_^

by Aleksandr Natochij 7 years ago

@Aleksandr Natochij: I assume you already checked the beta out (http://vamsoft.com/fusion-beta/): the release of the final version depends on the number and severity of bugs found during the beta test, so we do not have an exact date yet, but we intend to release it around late May / early June. The beta will function till July 1, 2012, so the final version will be shipped before that.

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)


@Krisztian Fekete (Vamsoft): Thanks for the quick response.

by Aleksandr Natochij 7 years ago
(in reply to this post)


For what it's worth, we've been using the public beta for about a week and haven't had any problems at all. The installation process couldn't be any easier

It's odd getting used to the new layout but other than that, we really like it

by Bryon 7 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2