Spam despite the blockade - Whitelisted by the Recipient Whitelist - ORF Forums

Spam despite the blockade - Whitelisted by the Recipient Whitelist RSS Back to forum

1

Hello,
Please advice.
The messages come as in the log below.
Enter the rule:
Whitelisted by the Recipient Whitelist.

Info: The recipient address matched an expression in your Recipient Whitelist. Note whitelisting a recipient will exclude all emails sent to it from filtering.
If the whitelist entry caused an unwanted email to be allowed through, consider removing the expression from your configuration.

Question: How to block such senders. ?
Blocking the sender's domain, its IP and content type: Hi - did not help.


-Event Summary
Time 2017-07-05 10:20:47 GMT + 0200 Central-European summer time
Sender Email
Recipient Email
Related IP 116.105.219.177
Action (not available)
Email Subject Hi
Event Message
Whitelisted by the Recipient Whitelist.
Event Details
Filtering Point On Arrival
Event Class Whitelist
Severity Information
Server Myserwer.mydomain.local
Event Source MSEXCHANGE
HELO Domain (not available)
Message ID
Log Mode Verbose
ORF Version 5.4.1 REGISTERED

by tomasz.woźniak 7 years ago
2

@tomasz.woźniak: Hello Tomasz,

I suspect you have added your own domain to the Recipient Whitelist - which you should not do. In ORF, Whitelists generally take precedence over Blacklists (see Test Order and Priority: https://vamsoft.com/support/docs/orf-help/5.4.1/tests), thus you should *never* add your own domain to the Recipient Whitelist (nor to the Sender Whitelist for that matter), because that way you exlude all of the incoming emails sent to your users from filtering. To resolve this issue, start the 'ORF Administration Tool', navigate to the 'Whitelists > Recipient Whitelist' page and remove every single entry that could match your own domain. Use the 'Test' button to find the problematic entries.

Once you are done, save the ORF configuration (Ctrl + S) to apply the new settings.

by Daniel Novak (Vamsoft) 7 years ago
(in reply to this post)

3

I checked, I have no entries in the Recipient Whitelist window. The test is not active.

by tomasz.woźniak 7 years ago
4

Auto sender whitelist I have disabled.

by tomasz.woźniak 7 years ago
5

The 'Recipient Whitelist' test cannot be enabled or disabled - I believe you meant the Recipient Validation test, but that has nothing to do with this particular case. The event message says the email was "Whitelisted by the Recipient Whitelist".

Considering that the Recipient Whitelist is empty, there are only a few explanations to your situation:

A) ORF is not using the most recent settings (the one you see). The ORF configuration must be saved after each change in order to apply the new settings. If the configuration has not been saved for a while, it can happen that ORF is still using some old settings. Hit 'Ctrl + S' or click 'File > Save Configuration' to apply the most recent settings.

B) The whitelist entry that is causing the problem was added to the Recipient Whitelist via the Remote Control feature of the ORF Log Viewer (see: https://vamsoft.com/support/docs/orf-help/5.4.1/logv-remote). Items sent from the ORF Log Viewer will not show up on the target lists immediately, they are first queued in the 'Pending Remote Control Submissions' queue, but (!) will be used by the ORF service nonetheless. You can review, approve or reject these items in the Administration Tool, using the 'File > Pending Submissions...' menu.

C) In case you have multiple ORF servers, you might be connected to the wrong ORF instance and looking at the wrong server's settings.

Please let me know if this has helped.

by Daniel Novak (Vamsoft) 7 years ago
6

@Daniel Novak (Vamsoft): I have disabled: Whitelists -> Auto Sender Whitelist - is OFF - You can turn it on or off.
Ad A. - I save configuration
Ad B. - I know that. I have: No pending submissions.
Ad C. - I have only one server.
Thank you for the tips, I will continue to watch the logs.

by tomasz.woźniak 7 years ago
(in reply to this post)

7

@tomasz.woźniak: True, the 'Auto Sender Whitelist' can be turned on and off, but that does not affect the 'Recipient Whitelist'. That is a different test. According to the ORF event message that you posted, the email was whitelisted by the 'Recipient Whitelist'.

If saving the configuration does not resolve the issue, please, send us your ORF configuration file (orfent.ini), the ORF log file (e.g. orfee-2016-07-05.log) from the day of the incident, for analysis. The requested files can be found in the ORF program directory (default: \Program Files (x86)\ORF Fusion).

by Daniel Novak (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2