On Arrival – dropping emails question RSS


We will go live with ORF tomorrow and I have a general question. I do plan on using Test Mode for a few days.

I understand why the Before Arrival action default is “Reject”. This will cause a legitimate sending server to generate the “NDR” or bounce. That’s the desired action.

My question is about the default setting that ORF 5.3 has for On Arrival. It is “Drop email and return a protocol error”. Isn’t the email already accepted at this point? If so won’t the sending server be unable to send a the bounce back to the sender?

If I misunderstand this concept then (1) a legit server will generate the DSN, which it’s supposed to and (2) and a spammer’s server will more than likely ignore the failure, correct? If so then that is great feature!

by Derwood 4 years ago

I forgot to mention the ORF server is our only MX record on the DMZ. It's on an Exchange 2010 Edge Server with no intermediate IP's. It will accept external emails and forward them into the Exchange 2010 server. All outbound emails will go through it as well for the ASWL.

by Derwood 4 years ago

@Derwood: Q: My question is about the default setting that ORF 5.3 has for On Arrival. It is “Drop email and return a protocol error”. Isn't the email already accepted at this point?

A: No, it is not. On Arrival filtering occurs when the sender server finished sending the email content over (end of DATA/BDAT stage during the SMTP transport) and awaits acknowledgement from your server (i.e., the SMTP connection is still alive between the sender and recipient servers). If an email is blacklisted at this stage, ORF will instruct your underlying SMTP/Exchange server to return an 5.7.1 SMTP response code, indicating the email is not accepted, so the NDR will be generated by the sender server in this case as well.

As long as the sender server is still connected when the rejection happens, the NDR will always be generated by the sender server from the SMTP response code returned.

An NDR email may be generated and sent to the sender address by the recipient server only if the SMTP connection to the sender server have already been closed (the email was accepted). A typical scenario is when the email is sent to a secondary MX first (which accepts the email), then relays it to the primary one (where the email is filtered): the only way the primary MX can notify the sender about the delivery failure is sending an NDR, but this is a strongly discouraged practice (see http://vamsoft.com/support/docs/articles/how-to-stop-backscatter and http://en.wikipedia.org/wiki/Backscatter_(email)#Connection-stage_rejection).

by Krisztián Fekete (Vamsoft) 4 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): Ah thanks. This is a nice feature. The last time I ran ORF was in 2011 and I don't think that was possible - rejection after arrival during the SMTP conversation. Very cool!

by Derwood 4 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed