on 4.4 - do I need to update definitions? - ORF Forums

on 4.4 - do I need to update definitions? RSS Back to forum

1

getting more and more spam through, although I am on the current version, should I be downloading updates for the definitions from somewhere on the site?

by gary massengale 7 years ago
2

@gary massengale: we have not published DNS blacklist definition updates since 4.4 was released, but the URL blacklist definitions have been updated (we added Spamhaus DBL):

1. Download the definition file called surbls-100302.xml from http://www.vamsoft.com/dl.aspx?surbls-100302.xml
2. Start the ORF Administration Tool
3. Expand Configuration / Filtering - On Arrival / URL Blacklists on the left navigation tree
4. Right-click anywhere in the list and select Import Definitions
5. Select the surbls-100302.xml file that you downloaded
6. Make sure the Delete current definitions not listed here (full overwrite) checkbox is checked and click OK
7. Tick the checkboxes of the blacklists you want to use. We recommend the following ones in the following order (you can re-order them using the Move Up / Move Down buttons in the lower right corner):

* Spamhaus DBL
* SURBL: Combined

in this order. You can leave the rest of the SURBL zones unchecked, the Combined list contains all of them. Note that Spamhaus strictly forbids querying IP addresses against DBL, so you should disable IP lookups for this test if you want to use it. See "Disable IP Lookups" near the bottom of the page at http://www.vamsoft.com/spamhaus-dbl.asp

8. Make sure the URL Blacklist test is enabled (Administration Tool: Configuration / Tests / Tests page)
9. Finally, save your configuration to apply the changes by pressing Ctrl + S in the Administration Tool.

If you upgraded from an earlier version to ORF 4.4 and have not imported the DNS Blacklist definitions shipped with ORF after the upgrade, I recommend to do so now:

1. Download the following file: http://www.vamsoft.com/dl.aspx?blacklists-091005.xml (or use the blacklists.xml file shipped with ORF 4.4, located in the ORF directory)
2. Start the ORF Administration Tool
3. Expand Configuration / Tests / DNS Blacklists on the left navigation tree
4. Right-click anywhere in the list and select Import Blacklist Definitions
5. Select the blacklists-091005.xml file that you downloaded (or the blacklists.xml file)
6. Make sure the Delete current definitions not listed here (full overwrite) checkbox is checked and click OK
7. Tick the checkboxes of the blacklists you want to use. We recommend the following ones in the following order (you can re-order them using the Move Up / Move Down buttons in the lower right corner):

* CBL Composite Blocking List
* Spamhaus ZEN
* Spamcop
* SORBS Combined with the 127.0.0.6 and 127.0.0.10 actions disabled (Select SORBS / Modify / SMTP Actions tab / Uncheck 127.0.0.6 and 127.0.0.10 / Click OK)
* Not Just Another Bogus List (NJABL Combined List)

8. Make sure the DNS Blacklist test is enabled (Administration Tool: Configuration / Tests / Tests page)
9. Finally, save your configuration to apply the changes by pressing Ctrl + S in the Administration Tool.

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

3

I'm using version 4.4 and trying to follow the instructions for updating definitions, but I'm having trouble with this section:

"Note that Spamhaus strictly forbids querying IP addresses against DBL, so you should disable IP lookups for this test if you want to use it. See "Disable IP Lookups" near the bottom of the page at http://www.vamsoft.com/spamhaus-dbl.asp"

The link does not have any information on disabling IP lookups ... searching the online help only indicates that this feature has been added to Version 5.

What is the expression I should add to the Spamhaus DBL Exception to disable IP lookups in version 4.4?

by michaelt84 6 years ago
4

@michaelt84: Thanks for reporting this, I will update the documentation accordingly. To disable IP lookups for the URL Blacklist test in ORF 4.4, please follow the steps below:

1. Start the ORF Administration Tool.
2. Expand Configuration / Filtering - On Arrival / URL Blacklists on the left navigation pane.
3. Click the Exceptions button.
4. Click New.
5. Copy and paste the following expression to the Domain expression field:

^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$

6. Set the expression type to Regular expression.
7. Add a comment so you can identify the expression later (e.g., "disable IP lookups on SURBLs").
8. Click OK, then OK again.
9. Press Ctrl + S to apply the changes.

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2