AD Groups with ORF RSS


Any idea if ORF will support AD groups for the blacklist/whitelist exception lists? It's a maintenance nightmare updating the exception list right now one by one.

by jean.davis 3 months ago

Hello jean.davis,

Although AD group based filtering is not supported currently, it might be in the future - it is not on our development roadmap as of writing this. Why do you have to exclude entire AD groups from filtering though? With the correct settings, your false-positive rate should be close to zero.

by Daniel Novak (Vamsoft) 3 months ago

@Daniel Novak (Vamsoft): Right now the main problem we have is when users leave they get disabled. When a user is disabled they still get email. The mailbox needs to stay connected for a few months usually.

ORF has a way to block disabled users under Active Directory validation but this also includes shared mailboxes because by default those accounts are disabled. Adding an AD group with shared mailboxes here to make an exception would make things easier. Checking if user is under a OU would really be awesome.

Other options is to restrict delivery to that mailbox. This is an extra step and the message on the bounce is not ideal.

by jean.davis 3 months ago
(in reply to this post)


@jean.davis: I think we could argue that blacklisting emails that are sent to shared mailboxes is not desirable in most cases, so I believe we could change the way Recipient Validation works when the "Blacklist emails sent to disabled accounts" option is enabled; i.e. ORF would not block emails sent to shared mailboxes.

Would the above-proposed solution resolve the issue you described?

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)


@Daniel Novak (Vamsoft): Your proposal is even better.

by jean.davis 3 months ago
(in reply to this post)


Hi Daniel,

I bet you're happy this issue was brought up earlier. ;)


by NorbertFe 3 months ago

@jean.davis: Alright then :) I will forward your change request to our development team. If it gets the green light, you can expect to see it in a minor release in the near future.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)


@Daniel Novak (Vamsoft): Hi Daniel,

isn't this already implemented? Quote from helpfile:
Enable this option if you want to exclude mail-enabled but disabled AD accounts from the list of valid recipients, with the exception of Exchange resource mailbox accounts (i.e. room and equipment mailboxes).

by NorbertFe 3 months ago
(in reply to this post)


@NorbertFe: Nope. Shared mailboxes are not excluded, resource mailboxes are.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)


OK, thought that i.e. included "shared mailboxes" to. ;) thanks for clarification

by NorbertFe 3 months ago

@Daniel Novak (Vamsoft): Thank you. Keep up the good work.

by jean.davis 3 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed