Why does ORF does not work with one than more RBL RSS

1

Open ORF Administration Tool, Configuration, Testing, Tests, DNS Blacklists.
In my ORF what I see mostly Blockhause is doing the heavy lifting. However, I see that lots of time email that gets passthrough is listed in SORBS and Barracuda as spam , yet ORF pass this instead of catch since I have SORBS and Barracuda set for 3 and 4th option in there.
What can I do to fix this so it works as designed? Please advise and help.

by RadekK 1 year ago
2

@RadekK: Hello RadekK,

By design, ORF checks the incoming emails against 'all' of the DNSBLs that are selected on the DNS Blacklists page. The fact that the source IP of the spam is currently listed on the Barracuda and SORBS DNS blacklists does not necessarily mean that it had been on those lists already when ORF inspected the email. It is likely that the spammer's IP was picked up by the DNSBLs after you had received the unwanted emails. That said, if you have just enabled the aforementioned DNSBLs, you should save the ORF configuration (Ctrl + S) to apply the new settings - otherwise, ORF will not use your latest DNSBL selection.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

3

Thank you Daniel for your quick response.
I have 4 provides chosen in my DNS Blacklist page. This setting has been saved. I am using the latest file from your website which is dated 2015.
My understanding would be that ORF going through the list of the DNSLBs in my case 4 of them and checks if the specific IP is not blacklisted there. Are those lists getting updated/refreshed anytime? If so what is the refresh period or is this live so any updates are being delivered right away?
Thank you again for your assistance.
Radek

by RadekK 1 year ago
4

Hello RadekK,

I believe there is a slight misunderstanding here. We are not the maintainers of the DNS Blacklists, we just give you the definition file that you can import into ORF, so you do not have to add each DNSBL by hand to the configuration. When the DNS Blacklist test is enabled and an email arrives, ORF sends a DNS query to the each selected DNSBL provider and decides what to do with the email (blacklist it or allow it to pass) based on the response it receives from said providers. I am not entirely sure how often the DNSBLs are updated - it differs from provider to provider- but I would say, typically every 1-30 minutes 24/7.

If you want to learn more about the providers' policies, I suggest you visit their websites for details. You may find the website address of each DNSBL provider on the 'Blacklist Web' tab in the 'DNS Blacklist Properties' dialog (just double-click the DNSBL you are interested in on the DNS Blacklist page of the ORF Administration Tool to invoke the dialog).

by Daniel Novak (Vamsoft) 1 year ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed