Persistent spam RSS Back to forum
@netman:
Please send us the following information and files to :
* Your current configuration file called orfent.ini (located in Program Files (x86)\ORF Fusion by default)
* Your recent log files from the past few days (e.g., orfee-2013-12-12.log, orfee-2013-12-11.log, etc. located in Program Files (x86)\ORF Fusion by default). Please send raw .log files, Log Viewer CSV exports are not suitable.
* A few spam samples which made it through filtering, which consist of the original emails in EML or MSG format (EML preferred) and the original MIME header in a separate TXT file. (Forwarded emails are not suitable). The MIME header can be retrieved by opening the email in Outlook and selecting View | Options... (or Message options) from the menu. If you use another email client and do not know how to retrieve the email headers, please visit http://www.spamcop.net/fom-serve/cache/19.html for instructions.
* the email address of the recipient
We will look into this.
I have just sent an e-mail with part of the requested information. I am working to get some sample e-mails and will send them ASAP.
Additional e-mail just sent with today's daily log file to date plus one sample e-mail and MIME header in text file.
Additional e-mail sent with 3 more samples from today, along with MIME headers and latest raw log file from today.
@Krisztián Fekete (Vamsoft):
My reply bounced back:
#5.2.1 smtp;550 5.2.1 Mailbox unavailable. Sorry, we do not accept emails from Hungary. #SMTP#
Please whitelist our IPs (195.228.135.154, 213.46.255.2) and I will retry.
I continue to get very similar spam and creating manual ip blacklists and some regex expressions for keywords has been the only thing I've found to be remotely successful. As the original poster mentioned these are daily type spam emails and almost always get past ORF's filtering.
If you find something that works to cut down or eliminate this type of spam, please let me know.
Thanks
Josh
@Josh:
Josh:
The support staff helped me out. After I sent in my documentation, they noticed that I was running an older version of ORF, Version 4.4. There is a bug in that version (and earlier versions) that affects the URL Blacklist lookup. The solutions were to upgrade to Version 5 or implement a workaround. I implemented the workaround and it has helped. See the following link:
http://vamsoft.com/support/docs/knowledge-base/orf-issue-history
It is the first issue in the link.
Hope this helps.
Ron
@netman:
Ron,
Thanks for the reply. I'm running the latest version 5.1 so I may just be lucky and getting first dibs on new spam urls.
Josh
@Josh:
Josh:
You may want to engage the support staff on this. They had me send in some examples and the MIME headers, which led them to my solution. Perhaps with some examples they can help you out.
Ron
I have one user that gets several spam e-mails each day. They come with random subjects, random sender e-mail addresses, and different IP addresses (but in a range). I am struggling to see how to configure ORF to block these e-mails without doing something every day in a react mode, which never seems to work.
I can provide a log extract of the last 24 hours for the affected e-mail address (can provide more if that would be helpful) ... and anything else you need. Please let me know how to proceed.