Spam despite the blockade - Whitelisted by the Recipient Whitelist - ORF Forums

@tomasz.woźniak: Hello Tomasz,

I suspect you have added your own domain to the Recipient Whitelist - which you should not do. In ORF, Whitelists generally take precedence over Blacklists (see Test Order and Priority: https://vamsoft.com/support/docs/orf-help/5.4.1/tests), thus you should *never* add your own domain to the Recipient Whitelist (nor to the Sender Whitelist for that matter), because that way you exlude all of the incoming emails sent to your users from filtering. To resolve this issue, start the 'ORF Administration Tool', navigate to the 'Whitelists > Recipient Whitelist' page and remove every single entry that could match your own domain. Use the 'Test' button to find the problematic entries.

Once you are done, save the ORF configuration (Ctrl + S) to apply the new settings.

The 'Recipient Whitelist' test cannot be enabled or disabled - I believe you meant the Recipient Validation test, but that has nothing to do with this particular case. The event message says the email was "Whitelisted by the Recipient Whitelist".

Considering that the Recipient Whitelist is empty, there are only a few explanations to your situation:

A) ORF is not using the most recent settings (the one you see). The ORF configuration must be saved after each change in order to apply the new settings. If the configuration has not been saved for a while, it can happen that ORF is still using some old settings. Hit 'Ctrl + S' or click 'File > Save Configuration' to apply the most recent settings.

B) The whitelist entry that is causing the problem was added to the Recipient Whitelist via the Remote Control feature of the ORF Log Viewer (see: https://vamsoft.com/support/docs/orf-help/5.4.1/logv-remote). Items sent from the ORF Log Viewer will not show up on the target lists immediately, they are first queued in the 'Pending Remote Control Submissions' queue, but (!) will be used by the ORF service nonetheless. You can review, approve or reject these items in the Administration Tool, using the 'File > Pending Submissions...' menu.

C) In case you have multiple ORF servers, you might be connected to the wrong ORF instance and looking at the wrong server's settings.

Please let me know if this has helped.

@tomasz.woźniak: True, the 'Auto Sender Whitelist' can be turned on and off, but that does not affect the 'Recipient Whitelist'. That is a different test. According to the ORF event message that you posted, the email was whitelisted by the 'Recipient Whitelist'.

If saving the configuration does not resolve the issue, please, send us your ORF configuration file (orfent.ini), the ORF log file (e.g. orfee-2016-07-05.log) from the day of the incident, for analysis. The requested files can be found in the ORF program directory (default: \Program Files (x86)\ORF Fusion).