ORF Issue History
Article was last updated on October 16, 2024. View products that this article applies to.This page describes the issues we had and that have been fixed in older ORF releases. The latest version is shipped with fixes for all the bugs below.
For known issues with the current ORF version, please see this KB article.
Built-in DNS Resolver timeout issue
Version: 6.9 - 6.9.1 Severity: High Occurrence: LowPublished
First published on September 11, 2024.
Description
The built-in resolver in ORF does not adhere to the configured timeout settings, leading to excessively prolonged email processing times when DNS communication is obstructed, such as by a firewall rule or network issue.
Workaround
Configure ORF to use an external DNS server:
- Start the ORF Administration Tool and connect to the local or remote instance
- Open the DNS Settings (System > Network Settings > DNS Settings)
- Select the Use external DNS servers option
- Add one ore more local DNS servers to the list (do not use public or ISP DNS resolvers)
- Click Ok
- Save the ORF configuration (Ctrl + S) to apply the new settings
Fix
The issue was fixed in ORF 6.9.2.
Recipient Whitelist filtering error
Version: 6.5 - 6.9.1 Severity: High Occurrence: LowPublished
First published on September 11, 2024.
Description
Using the Recipient Whitelist's "Exclude all addresses from filtering, except the list below" mode to whitelist all incoming emails - except those listed on the Recipient Whitelist - triggers an Access Violation error. As a result, emails are passing through unfiltered, except for those tests enabled under Whitelist Test Exceptions.
Workaround
There was no workaround for this bug.
Fix
The issue was fixed in ORF 6.9.2.
Some emails are not logged or filtered
Version: 6.9 Severity: High Occurrence: MediumPublished
First published on August 15, 2024.
Description
Emails are not logged or filtered under certain conditions:
- When the Sender email address field in the Email Notifications settings is left blank, and the incoming email has an unspecified envelope sender address (i.e., null sender)
- When the incoming email's envelope sender address matches the configured Sender email address parameter in the Email Notifications settings.
This issue occurrs even if Email Notifications is disabled.
Workaround
To resolve this issue, please follow the steps below:
- Start the ORF Administration Tool and connect to the local or remote instance
- Open the Email Notifications settings (System > Log Settings > Email Notifications - Configure)
- Mark the Enable sending email notifications checkbox
- Click the Settings tab
- Enter a Recipient email address in the appropriate field
- Enter an email address into the Sender Email Address field. Anything will work, but you should not use an existing user mailbox for this (until this bug is fixed)
- If you do not want to use this feature, select the Events tab and disable the feature
- Click Ok
- Save the ORF configuration (Ctrl + S) to apply the new settings
Fix
The issue was fixed in ORF 6.9.1.
FQDN incorrectly reversed for SURBL Test
Version: 6.4-6.8.3 Severity: Medium Occurrence: HighPublished
First published on July 22, 2024.
Description
Enabling IP reversion in the SURBL blacklist properties also affects domains extracted from URIs, even if the corresponding domain setting is disabled.
Workaround
- Start the ORF Administration Tool
- Navigate to the SURBL Test page
- Double-click the SURBL blacklist you want to edit
- Temporarily enable the "Check IP Address" checkbox
- Disable the "Reverse IP address for lookup" checkbox
- Disable the "Check IP Address" checkbox
- Click Ok
- Save the ORF Configuration (Ctrl + S)
Fix
The bug was fixed in ORF 6.9.
Password-protected archive filtering issue
Version: 6.3-6.8.3 Severity: Low Occurrence: LowPublished
First published on July 3, 2024.
Description
Certain types of password-protected archives are not being appropriately handled by the related filtering policy ("remove password-protected archives").
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.9.
Built-in DNS resolver TCP query resolution issue
Version: 6.0 - 6.8.3 Severity: Medium Occurrence: LowPublished
First published on January 15, 2024.
Description
The built-in DNS resolver fails to resolve certain queries over TCP protocol.
Impact
Workaround
Configure at least one External DNS resolver as an alternative.
Fix
The bug was fixed in ORF 6.9.
DMARC exemption issue: email address in display name
Version: 6.8.3 Severity: Low Occurrence: LowPublished
First published on November 10, 2023.
Description
The DMARC Test incorrectly checks exempted email addresses found in the display-name part of the From header address when the "verify all alleged author domains" option is enabled.
Workaround
Consider one of the following:
- Add the domain of the exempted email address to the DMARC Author Email Exceptions.
- Disable the related option: Administration Tool > Authentication > DMARC Test > Settings > "verify all alleged author domains"
Fix
The bug was fixed in ORF 6.9.
DKIM Test: missing error for cryptographic algorithm mismatch
Version: 6.0 - 6.8.3 Severity: Low Occurrence: LowPublished
First published on September 21, 2023.
Description
The DKIM Test fails to generate a permerror when the cryptographic algorithm specified in the DKIM signature does not match the one specified in the public key, as required by RFC standards.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.9.
DKIM SigError: Invalid body length
Version: 6.8.2 Severity: Medium Occurrence: LowPublished
First published on June 13, 2023.
Description
Regardless of the value specified in the "l=" tag of the DKIM-Signature header, ORF treats the "l=" tag as invalid and logs the following warning: SigError: invalid body length (l=***).
Workaround
Although the use of "l=" tag in DKIM signatures is uncommon, we recommend disabling the "Blacklist email on "neutral" and "permerror" setting in ORF to prevent any false positives (Authentication > DKIM Test > Settings). This setting is disabled by default.
Fix
The bug was fixed in ORF 6.8.3.
Log Viewer UI errors in multi-server mode
Version: 6.7 Severity: Minor Occurrence: MediumPublished
First published on September 22, 2022.
Description
The ORF 6.7 update broke some of the Log Viewer UI control elements in multi-server mode.
- Using the "Send/Quick Send", or the "Load/Refresh" dropdown elements on the Log Viewer toolbar in multi-server mode trigger access violation errors.
- After filtering logs in multi-server mode, the "Export" and "Send/Quick Send" controls become disabled.
Workaround
- Use the top menu (Tools > Send; Tools > Quick Send; File > Load/Refresh Log Files) to perform the same actions.
- You have to restart the Log Viewer to re-enable the "Export" and "Send/Quick Send" controls on the UI.
Fix
The bug was fixed in ORF 6.8.
DMARC false positives
Version: 6.7 Severity: Minor Occurrence: LowPublished
First published on September 13, 2022.
Description
When the "scrutinize misleading email addresses" option is enabled on the DMARC Test settings page, ORF will also use the domains found in the "display name" section of the From header field for the DMARC Test. Thus, if the "display name" string happens to contain an email address whose "local part" (i.e. the part before the "@" symbol) contains a valid domain, it will be included in the list of author domains to be verified by the DMARC Test. This can lead to false positives *if* the domain has a valid DMARC record but the sender of the email is not authorized to send messages on behalf of the domain.
Workaround
Add the problematic domain(s) to the DMARC exception lists, or disable the "scrutinize misleading email addresses" option in DMARC Test settings (ORF Administration Tool: Authentication > DMARC Test > Settings).
Fix
The bug was fixed in ORF 6.8.
Transport agent status error on Exchange 2010
Version: 6.6 Severity: Minor Occurrence: LowPublished
First published on November 30, 2021.
Description
After starting the ORF Administration Tool on Microsoft® Exchange 2010 servers, the Information\Status page reports that two of the three ORF Exchange Transport agents (Routing Agent, Inbound Signing Agent) are "Not Ready". Although the ORF service can be started, this error disables the Auto Sender Whitelist and may affect ARC Signing on certain systems.
Workaround
Clone the orftagent.dll in the ORF installation directory:
- Stop the ORF Service, and close the OF Administration Tool
- Start a command prompt with elevated rights
- Navigate to ORF installation directory ( default path: Program Files (x86)\ORF Fusion\ )
- Run the following commands in order:
- Start the ORF Administration Tool
- Check the status of the Transport Agents ( Information > Status > Refresh )
- Start the ORF Service
ren orftagent15.dll orftagent15.dll.bak copy orftagent.dll orftagent15.dll /Y orfmexhelper -install
Fix
The bug was fixed in ORF 6.6.1.
Unexpected SPF Test error
Version: 6.5 Severity: Minor Occurrence: LowPublished
First published on April 19, 2021.
Description
ORF logs the following error message when the sender of the email is on one of the SPF exception lists (Sender Email Exceptions or Sender IP Exceptions) and the SPF Test is allowed to run before the email content arrives (this is determined by ORF automatically, based on the settings): "Unexpected SPF Test error. EAccessViolation " [...] in module 'orfeesvc.exe'." The bug does not affect filtering itself but does pollute the log with the error message when it is triggered.
Workaround
Make ORF wait for the email headers before running the SPF Test:
- Start the ORF Administration Tool and connect to the local or remote instance
- Navigate to the Blacklists > SPF Test page
- Click the blue “Action: Reject” link next to the “ON” status indicator icon (below the toolbar).
- On the Reject settings page, mark the “Wait for headers” checkbox enabled
- Click OK
- Save the ORF configuration (Ctrl + S /or/ File > Save Configuration) to apply the new settings.
Note: The above change has no effect on spam detection or email delivery.
Fix
The bug was fixed in ORF 6.6.
Service outage preceded by access violation errors
Version: 6.3 Severity: High Occurrence: LowPublished
First published on December 11, 2020.
Description
Receipt of specifically malformed emails may cause a buffer overflow in the memory space of ORF, resulting in service outage.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.4.
Ed25519-type public key strings trigger DKIM Test errors
Version: 6.1 - 6.2.1 Severity: MediumPublished
First published on March 30, 2020.
Description
Due to a hashing bug in the DKIM signature verifier algorithm, the DKIM Test terminates abruptly when trying to parse ed25519-type key strings from public DKIM (TXT) key records.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.3.
Specific characters in the subject string prevent regex matches
Version: 5.0 - 6.2.1 Severity: MediumPublished
First published on March 30, 2020.
Description
Due to a limitation of the regex engine used by ORF, neither regular expressions nor simple text or wildcard expressions* can match the subject string if that contains a Unicode character with a code point value greater than U+FFFF (65535). Affected ORF tests: Attachment Filtering, Keyword Blacklist, Keyword Whitelist
Workaround
*As simple text and wildcard expressions are converted to regular expressions before use, there was no workaround for this bug.
Fix
The bug was fixed in ORF 6.3.
Feature localization may prevent configuration synchronization
Version: 6.2 Severity: MinorPublished
First published on March 13, 2020.
Description
Localizing the "Actions" or "Tests" settings on the subscriber server prevents successful configuration synchronization with the publisher.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed ORF 6.3.
Tests randomly terminate with EListError "List index out of bounds (nn)"
Version: 6.2 Severity: MinorPublished
First published on March 4, 2020.
Description
Due to a thread separation error, certain tests can terminate abruptly under heavy email load. Related error message: "Unexpected {testname} error. EListError "List index out of bounds (72)"."
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.2.1
SPF Test won't run on its own when the DMARC Test is enabled
Version: 6.2 Severity: MediumPublished
First published on March 4, 2020.
Description
Due to an optimization flaw, the SPF Test won't run by itself when the following conditions are satisfied at once:
- The DMARC Test is enabled,
- There are no filter expressions on the DKIM Whitelist
- There are no filter expressions on the Keyword Whitelist
- The SPF Test is configured to reject emails that fail the SPF verification
Workaround
- Start the ORF Administration Tool
- Navigate to the Filtering / Actions page
- Click the Edit "..." button next to the SPF Test
- On the Reject page, mark the "Wait for headers" checkbox enabled
- Click Ok
- Save the configuration to apply the changes (Ctrl + S)
Fix
The bug was fixed in ORF 6.2.1
Malformed email addresses trigger DMARC Test errors
Version: 6.0 - 6.2 Severity: MinorPublished
First published on February 26, 2020.
Description
Specifically formatted email addresses in the From header field trigger occasional DMARC Test errors.Affected format: "mailbox@<domain.tld>"
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.2.1
DMARC "Pass" messages logged with the wrong event class
Version: 6.2 Severity: MinorPublished
First published on February 24, 2020.
Description
A bug in the logging module causes incorrect classification of successful DMARC verification events ("Pass" instead of "System Message").
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.2.1
User-specified file paths may reset to default
Version: 6.2 Severity: MinorPublished
First published on February 24, 2020.
Description
File paths inaccessible due to permission or network connectivity issues reset to default upon launching the Administration Tool. The configuration must be saved for the file paths to be overwritten.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.2.1
DKIM Signature Verifier - RFC-6376 Standards Violation
Version: 6.0-6.1.1 Severity: MediumPublished
First published on December 06, 2019.
Description
Signature verification is unnecessarily terminated with a warning when the version tag (v=) is not the first tag in the "DKIM-Signature" header field. According to RFC-6376 (section 3.5), the position of the signature version tag is not restricted to a specific location in the signature header field.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.2.
DMARC Identifier Alignment Check Problem
Version: 6.0-6.1 Severity: MediumPublished
First published on October 20, 2019.
Description
Uppercase characters in the domain part of the "From:" header address cause verification failure during the DMARC identifier alignment check.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.1.1
Access Violation Error on Malformed Emails
Version: 5.2-6.0.1 Severity: MinorPublished
First published on July 30, 2019.
Description
Non-standard MIME boundary usage in emails may trigger access violation errors due to a bug in the ORF MIME parser.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.1.
OnArrival Error: Invalid Pointer Operation
Version: 6.0 - 6.0.1 Severity: MinorPublished
First published on July 24, 2019.
Description
ORF logs the error message "Invalid Pointer Operation" when one of the recipients of a multi-recipient email is on the Recipient Whitelist while the sender is on the Auto Sender Whitelist.
Workaround
There was workaround for this bug.
Fix
The bug was fixed in ORF 6.1.
DKIM Signature Timestamp Error
Version: 6.0 Severity: MediumPublished
First published on July 1, 2019.
Description
DKIM signature verification may fail with a timestamp error ("Timestamp cannot be in the future") on servers located to the west of the UTC±00:00 timezone.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.0.1.
ORF Transport Agent On Arrival Error
Version: 6.0 Severity: MediumPublished
First published on June 24, 2019.
Description
In rare cases, certain emails may trigger a "NullReferenceException" error during the parsing of the email data received from Exchange. The error affects Exchange installations only but does not cause mail delivery issues.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.0.1.
False License Activation Error Message
Version: 6.0 Severity: MinorPublished
First published on June 24, 2019.
Description
The License Manager may display the wrong error message ("Invalid Key") on connection failure.
Workaround
- Click the Proxy Settings button in the License Manager window, verify your proxy settings and try again.
- Choose Manual Activation.
Fix
The bug was fixed in ORF 6.0.1.
DKIM Header Parser - Quoted String Issue
Version: 6.0 Severity: MinorPublished
First published on May 21, 2019.
Description
The DKIM header parser interprets quotation marks in the "h=" tag of the signature as text boundary instead of literal characters.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.0.1.
Limited Tarpit Delay Functionality
Version: 6.0 Severity: MinorPublished
First published on April 29, 2019.
Description
The Tarpit Delay feature does not work if configured as a default filtering action.
Workaround
Configure Tarpit Delay as a custom action for the required test(s).
Fix
The bug was fixed in ORF 6.0.1.
Configuration Change Warning Not Displayed
Version: 5.0 - 5.5.1 Severity: MinorPublished
First published on November 28, 2018.
Description
When clicking the ’Connect...’ button on a test configuration page in subscriber mode, the ORF Administration Tool will connect to the publisher server right away without checking or asking whether any local configuration changes should be saved.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.0.
Wrong Attachment Filtering Action on Memory Error
Version: 5.5 - 5.5.1 Severity: MinorPublished
First published on October 22, 2018.
Description
When the attachment evaluation process is interrupted by a memory error, the filtering action that is associated with the first filter expression on the attachment blacklist gets executed no matter the test result.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 6.0.
Increased Memory Usage & Oversized PowerLog Reference File
Version: 5.5 - 5.5.1 Severity: MediumPublished
First published on October 22, 2018.
Description
Due to a bug in the PowerLog Reference module, the plogrefs.dat file that is used by ORF to reduce the size of PowerLogs (.opg files) can itself become oversized with time in case there are IP expressions on the IP Whitelist or IP Blacklist. Instead of creating a single reference entry (ID) for each IP expression on the lists, a new reference entry is added to the plogrefs.dat file on each IP Whitelist and IP Blacklist hit. This causes increased memory usage as the ORF service has to keep the content of the ever-growing reference file in memory which may lead to out-of-memory errors and crashes in extreme cases (once the plogrefs.dat file grows beyond ~100MBs)
Note, however, that unless your ORF server filters more than 10-20K emails a day and has several IP expressions on the IP Blacklist and IP Whitelist, chances are slim that you will encounter any issues any time soon, or at all.
Workaround
Disable the ORF PowerLogs (ORF will still create text logs):
- Start the ORF Administration Tool
- Navigate to the System / Log page
- Click the Configure button under ORF PoweLogs
- Remove the checkmark from the 'Enable ORF PowerLogs' checkbox
- Click Ok
- Save your configuration to apply the changes (Ctrl + S)
In case the plogrefs.dat file is larger than ~50MBs consider deleting it from the ORF program directory to reset its size (The ORF Service will recreate the file automatically). Note: The ORF Reporting Tool uses the the plogrefs.dat file together with the preprocessed PowerLogs (.ppr files) to generate reports, so we do not actually recommend deleting it unless you do not mind losing some of the data or you absolutely have to. The next version of ORF will repair the reference file automatically while making sure that the least amount of data is lost.
Fix
The bug was fixed in ORF 6.0.
Archive Scan Timeout Not Respected
Version: 5.5 Severity: MediumPublished
First published on June 29, 2018.
Description
Although the maximum time that ORF may spend scanning the contents of a compressed attachment is limited to 3 seconds by default, an error handling bug in the archive decompressor can delay ORF from executing the configured archive scan timeout action by a few seconds up to, in extreme cases, several minutes depending on the size of the contents and complexity of the checked archive.
Workaround
Disable the 'Force check attachments' option on the Attachemnt Filtering / Settings / Archives tab, to minimize the risk of oversized files causing delays when they fail the decompression attempt with an error.
Fix
The bug was fixed in ORF 5.5.1
Right-Click Export Not Working For Certain Lists
Version: 5.5 Severity: MinorPublished
First published on June 18, 2018.
Description
Some of the user-defined lists cannot be exported when selecting 'Export list...' from the right-click context menu. The affected lists are shown below:
- HELO Domain Blacklist
- Sender Host Name Blacklist
- User-Defined URL Domain Blacklist
- SPF Neutral Domains
Workaround
Export lists via the File > Export menu.
Fix
The bug was fixed in ORF 5.5.1
User Interface Lag in the Log Viewer and Reporting Tool
Version: 5.5 Severity: MinorPublished
First published on May 28, 2018.
Description
On certain systems the user interface of the Log Viewer and the Reporting Tool may hang or become periodically unresponsive for a short time (typically 1-2 seconds).
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 5.5.1
Remote management becomes unavailable after service restart
Version: 5.4.1 Severity: MediumPublished
First published on March 20, 2018.
Description
The ORF installation becomes unreachable for remote management tools when the ORF service is restarted while a remotely connected Administration Tool is trying to fetch the status of the ORF Transport Agents (right after the tool connects, or when the Refresh button is clicked on the Information / Status page).
Workaround
Start the Administration Tool on the ORF server, connect to the local ORF instance and reinitialize the ORF configuration (Ctrl + S), or restart the ORF service to restore the access.
Fix
The bug was fixed in ORF 5.5
Filtering Actions - HELO Blacklist STMP respone cannot be edited
Version: 5.4 Severity: MinorPublished
First published on December 29, 2016.
Description
Changes made to the HELO Blacklist SMTP respone in the Before Arrival Actions dialog do not persist.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 5.4.1
IP Whitelist - Inconsistent Related IP Logging
Version: 5.4 Severity: MinorPublished
First published on February 12, 2016.
Description
Due to a bug in the IP Whitelist implementation, ORF may log the IP address of the last relaying host instead of the source IP of the inbound email. Consequently, the ORF Log Viewer's Related IP column may show the wrong IP address for IP Whitelist events. The bug only affects the On Arrival filtering point and the ORF text logs, but it has no effect on the filtering process itself.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed in ORF 5.4.1.
External Agents - Exit Code Action State Ignored
Version: 5.4 Severity: MediumPublished
First published on January 21, 2016.
Description
Command-line executables linked to ORF as External Agents return their test results as exit codes after evaluating the incoming email. Different actions may be assigned to these exit codes, however due to a bug, the state of the exit code actions (enabled or disabled) is ignored by ORF. As a result, the configured exit code actions are always interpreted as enabled and cannot be disabled.
Workaround - Option 1
Delete unused or disabled exit codes.
- Start the ORF Administration Tool
- Navigate to the Blacklists / External Agents page
- Select the External Agent and click Modify
- Select the Exit Codes tab and select the disabled exit code
- Click Delete and click Yes in the confirmation dialog
- Click OK and save your configuration to apply the changes (Ctrl + S)
Workaround - Option 2
Use an "unexpected" exit code in place of the disabled - but valid - exit code to prevent the exit code from triggering the actions associated with it. Use this option if you want to preserve the settings of the disabled exit code.
- Start the ORF Administration Tool
- Navigate to the Blacklists / External Agents page
- Select the External Agent and click Modify
- Select the Exit Codes tab and select the disabled exit code
- Click Modify and replace the valid exit code with an unexpected one
- Consider saving the original exit code by adding it to the comments
- Click OK and save your configuration to apply the changes (Ctrl + S)
Fix
The bug was fixed in ORF 5.4.1.
SPF Policy Tester - RFC-7208 Standards Violation
Version: 5.4 Severity: MinorPublished
First published on September 28, 2015.
Description
The overall DNS lookup limit (max. 10) for SPF terms ("include", "a", "mx", "ptr", "exists" and "redirect") is currently not tracked as a single global limit for all evaluations, but just for a single instance of a recursive evaluation. Because of this, the total number of DNS queries triggered by the SPF terms might exceed the limit specified in RFC-7208 (Section 4.6.4), unless the limit is reached in a recursive evaluation. The bug has no adverse effect on the outcome of the SPF test.
Workaround
There is no workaround for this bug.
Fix
The bug was fixed in ORF 5.4.1.
Incorrect Severity Level Assigned to "ESpfTempError"
Version: 5.4 Severity: MinorPublished
First published on September 21, 2015.
Description
When a time-out occurs during the retrieval of an SPF record, ORF logs the event "Unexpected SPF Test error. ESpfTempError" with Error instead of Warning severity. Even though the bug does not affect the outcome of the SPF evaluation, you might receive unwanted email notifications if you have ORF configured to notify you about Error type events.
Workaround
Disable email notifications for Error type events:
- Start the ORF Administration Tool
- Navigate to the System / Log page
- Click Configure under Email Notifications
- Uncheck the 'Send email about events with "Error" severity' checkbox
- Click Ok
- Save your configuration to apply the changes (Ctrl + S)
Fix
The bug was fixed in ORF 5.4.1.
Recipient Addresses Are Not Available in the Event View of the Log Viewer
Version: 5.1 Severity: MinorPublished
First published on July 22, 2013.
Description
When a log entry is viewed in the Event View of the Log Viewer, the recipient address(es) are never shown.
Workaround
The recipient addresses are displayed correctly in the default (list) view of the Log Viewer.
Fix
The bug was fixed in ORF 5.2.
URL Blacklist Lookup Result Ignored Under Specific Circumstances
Version: 2.0 - 4.4 Severity: MediumPublished
First published on March 2, 2010.
Description
The last lookup result IP address in the SURBL definition is ignored. Definitions marked with the "Blacklist if DNS record exists (regardless record data)" are not affected.
Workaround
Add a "dummy" lookup result IP address for each affected definition:
- Start the Administration Tool
- Expand Configuration / Filtering - On Arrival / URL Blacklist in the left navigation tree
- Double-click the affected definition
- Click the Lookup results tab
- Click New, enter e.g. 0.0.0.0, click OK
- Uncheck the newly added 0.0.0.0 "dummy" response, click OK
- Press Ctrl + U in the Administration Tool to apply the changes
Fix
The bug was fixed in ORF 5 on September 8, 2012.
Log Viewer: Time Filter Applied on Coordinated Universal Time (UTC)
Version: 4.0 - 4.3 Severity: MinorPublished
First published on October 8, 2009.
Description
If you create a time log filter as "in the last X (hours or days)", the Log Viewer will show the log entries from the specified time range in UTC instead of the local time zone. (e.g. if you are in UTC+2, it is 17:00 and you want to view the log entries from the last hour, you will get the results from the past three hours instead (from 14:00 to present).
Workaround
Subtract the difference between your local time zone and UTC from the value you'd set for the filter rule. Examples to get the logs from the last hour:
PST (UTC-8): set 9 hours (1-(-8))
PDT (UTC-7): set 8 hours (1-(-7))
CST (UTC-6): set 7 hours (1-(-6))
CDT, EST (UTC-5): set 6 hours (1-(-5))
EDT (UTC-4): set 5 hours (1-(-4))
WEST, CET (UTC+1): set 0 hours (1-1)
CEST, EET (UTC+2): set -1 hours (1-2)
EEST, MT (UTC+3): set -2 hours (1-3)
MST (UTC+4): set -3 hours (1-4)
And so on.
Fix
The bug was fixed by version 4.4 on February 15, 2010.
Greylist Import Options Are Unaccessible from the Main Menu
Version: 4.3 Severity: MinorPublished
First published on July 27, 2009.
Description
When trying to access the import options of Greylisting from the main menu (to import items to the manual exception lists), the Administration Tool will display the ORF "About..." window instead of the Greylisting import options.
Workaround
Navigate to the exception settings of Greylisting using the left navigation pane (Configuration / Filtering - Before Arrival / Greylisting), invoke the exceptions list you want to import items to by clicking its button, right click in the list and select the Import list... option.
Fix
The bug was fixed by version 4.4 on February 15, 2010.
Log Viewer Sends Items Incorrectly
Version: 4.3 Severity: MediumPublished
First published on July 14, 2009.
Description
When using the remote control feature of the ORF Log Viewer to send addresses to any of the whitelists/blacklists of ORF with the "Entire domain and subdomains" option, the regular expression sent by the Log Viewer is incorrect (e.g. .*@([^.]+\.)*sender@domain\.com$ instead of .*@([^.]+\.)*domain\.com$ )
Workaround
After accepting the incorrect regular expression in the Administration Tool, correct it manually by removing the mailbox part from the regular expression and the second @ character: .*@([^.]+\.)*mailboxpart@domain\.com$ (the parts which should be removed are underlined).
Fix
The bug was fixed by version 4.4 on February 15, 2010.
Broken Tool Links in the Administration Tool
Version: 4.3 Severity: MinorPublished
First published on July 1, 2009.
Description
You may get the following error message when you try to
launch the ORF Log Viewer or Reporting Tool from the
ORF Administration Tool (page: Information / Statistics):
"Could not launch the
Workaround
Right-click on the shortcut and select Properties. Enter the same path in the "Start in" edit box as in the "Target" box, e.g. C:\Program Files\ORF Enterprise Edition .
Fix
The bug was fixed by version 4.4 on February 15, 2010.
Test Mode Does Not Work at On Arrival
Version: 4.0 and newer Severity: MinorPublished
First published on February 7, 2008.
Description
The Test mode of ORF did not work for any of the tests assigned to the On Arrival filtering point: instead of only logging the test results, ORF executed the configured On Arrival action. The Before Arrival filtering point was not affected.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed by version 4.1 on March 27, 2008.
ORF Does Not Filter Mails with Blank HELO
Version: 4.0 and newer Severity: MinorPublished
First published on November 9, 2007.
Description
ORF logged the "Message from the SMTP Module: The SMTP client caused SMTP conversation problems, skipping check. The SMTP Service/Exchange will reject the malformed delivery attempt." message when the email arrived with a blank HELO/EHLO and let the mail in. The SMTP Service/Exchange did not actually reject these emails.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed by version 4.1 on March 27, 2008.
Connection Is Not Tarpitted at Before Arrival under Specific Conditions
Version: 4.0 and newer Severity: MinorPublished
First published on October 11, 2007.
Description
Tarpit Delay was not triggered (irrespectively of the mode it was switched to) at the Before Arrival filtering point in case the Recipient Validation Test was excluded from the whitelists' scope (Whitelist Test Exceptions).
Workaround
Assign the Tarpit Delay Test to On Arrival or disable the Recipient Validation Test on the Whitelist Test Exception page (Configuration / Tests / Tests / Whitelist Test Exceptions)
Fix
The bug was fixed by version 4.1 on March 27, 2008.
Memory Leak in the ORF SMTP Module
Version: 4.0.3 Severity: MediumPublished
First published on August 28, 2007.
Description
The ORF SMTP Module was leaking a specific amount of memory on every email that reached the On Arrival filtering point. The potential impacts of the leak were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.
Workaround
There was no workaround for this bug.
Fix
The bug was fixed by version 4.0.4 on September 10, 2007.
Before Arrival Delivery Problems Under Specific Circumstances
Version: 4.0 and newer Severity: HighPublished
First published on August 16, 2007.
Description
Valid recipients did not get the email when all of the following conditions were satisfied at once:
- The email had multiple recipients
- At least one recipient was rejected at Before Arrival
Workaround
Disable all Before Arrival tests and assign all test to On Arrival.
Fix
The bug was fixed by version 4.0.3 on August 16, 2007.
Log Viewer Time Filter Problems
Version: 4.0 and newer Severity: MinorPublished
First published on August 10, 2007.
Description
The "Time" filter could not be set higher than 12:59:59 (after(...date/time), before(...date/time), between(...date/time) modes). Events that occurred after 12:59:59 could not be filtered by the "Time" filter.
Workaround
No workaround.
Fix
The bug was fixed by version 4.0.3 on August 16, 2007.
Log Viewer IP Address Filter May Return an Error
Version: 4.0 and newer Severity: MinorPublished
First published on August 9, 2007.
Description
Under Windows 2003 Server, the Log Viewer returned a "List index out of bounds" error when an IP filter with either CIDR notation (e.g. 1.2.3.0/24) or text range notation (e.g. 1.2.3.4-1.2.3.255) was applied to the "Related IP address" field.
Workaround
Use IP filters with wildcard notation (e.g. 1.2.3.*) or subnet notation (e.g. 1.2.3.4/255.255.255.0) instead.
Fix
The bug was fixed by version 4.0.3 on August 16, 2007.
Delivery Problems Under Specific Conditions
Version: 3.0 and newer Severity: HighPublished
First published on August 7, 2007.
Description
Valid recipients did not get the email when all of the following conditions were satisfied at once:
- Active Directory Test was enabled at the On Arrival filtering point
- The email had multiple recipients at the On Arrival filtering point (valid and invalid ones)
- The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)
Workaround
Assign the Active Directory Test to the Before Arrival filtering point only. If it is not possible, disable the Active Directory Test entirely.
Fix
The bug was fixed by version 4.0.2 and a patch was released for ORF 3.0/3.0.1 on August 8, 2007.
Log Viewer: Saved Email Subject Filtering Expression Changes Randomly
Version: 4.0, 4.0.1 Severity: MinorPublished
First published on August 7, 2007.
Description
Previously saved email subject filtering expression in the Log Viewer could have changed unexpectedly when modified.
Workaround
The only workaround is deleting the previously saved expression and adding a new, separate one (instead of changing the existing expression).
Fix
The bug was fixed by version 4.0.2 on August 8, 2007.
Saved Log Viewer Filter Cannot Be Deleted Under Specific Conditions
Version: 4.0, 4.0.1 Severity: MinorPublished
First published on July 26, 2007.
Description
Previously saved filter in the Log Viewer could not be deleted if the view was switched to "All" mode.
Workaround
Switch the Log Viewer view to "Filter" mode first (View | Filter in the main menu), press OK. Select the "Filter" mode again and delete the filter (View | Filter | Filter tab).
Fix
The bug was fixed by version 4.0.2 on August 8, 2007.
Incorrect SMTP Module Status Displayed
Version: 4.0 Severity: MinorPublished
First published on July 12, 2007.
Description
A bug in the ORF SMTP Module caused the SMTP Module status displayed for one or more of the SMTP Virtual Server as "not loaded/inactive" when multiple SMTP Virtual Servers were present, even when the SMTP Module was loaded and active.
Workaround
No workaround.
Fix
Bug was fixed by version 4.0.1.
IP List CSV Export is Broken
Version: 4.0 Severity: MinorPublished
First published on July 12, 2007.
Description
The ORF Administration Tool IP list (IP Blacklist, IP Whitelist) CSV format exports were broken in version 4.0 and thus could not be imported. Exporting/importing in TXT format and importing from earlier version CSV exports worked, however.
Workaround
Use .TXT format exports.
Fix
Bug was fixed by version 4.0.1.
Email Loss When Whitelisting Under Specific Circumstances
Version: 4.0 Severity: HighPublished
First published on July 18, 2007.
Description
Whitelisted recipients did not get the email when all of the following conditions were satisfied at once:
- The email had multiple recipients at the On Arrival filtering point
- Some, but not all of the email recipients were whitelisted
- The email was not blacklisted
Workaround
Switch the Auto Sender Whitelist to "Global" mode and remove items from the Recipient Whitelist, if any.
Fix
Bug was fixed by version 4.0.1.
Some External Agents Do Not Run Under Specific Conditions
Version: 4.0 Severity: MediumPublished
First published on July 12, 2007.
Description
When External Agents whitelist test exceptions were enabled and there were enabled External Agents with both Anti-Virus and Spam Filter role, agents with Spam Filter role were not ran by ORF.
Workaround
Disable whitelist test exceptions for External Agents.
Fix
Bug was fixed by version 4.0.1.
External Agent Exit Code Enabled State Cannot Be Changed
Version: 2.1, 3.0, 3.0.1 Severity: MinorPublished
First published on November 23, 2006.
Description
A bug in ORF prevented persisting the changes made to the enabled state of the External Agent exit codes.
Workaround
Check or uncheck the exit code, change the comment field, save your settings and restart ORF Service.
Fix
The bug was fixed by the ORF Enterprise Edition 4.0 release.
PowerLog Files May Get Deleted
Version: 3.0, 3.0.1 Severity: MinorPublished
First published on October 18, 2006.
Description
A bug in ORF caused the ORF PowerLog file under preprocessing to be deleted on the following conditions:
- Preprocessing got cancelled (ORF Service was stopped or restarted)
- The "Delete PowerLogs after preprocessing" option was enabled
Workaround
Disable the "Delete PowerLogs after preprocessing" option.
Fix
The bug was fixed by the ORF Enterprise Edition 4.0 release.
Legitimate Emails Tarpitted on Specific Conditions
Version: 3.0, 3.0.1 Severity: MinorPublished
First published on August 17, 2006.
Description
ORF used the tarpit delay any non-whitelisted email on the following conditions:
- Tarpit Test was enabled
- Tarpit Test was configured to delay response on any blacklist hit
- Keyword Filtering and/or the URL Domain Blacklist Test were enabled
Workaround
Switch the Tarpit Delay test to "Delay response on AD or recipient blacklist hit only" mode or disable the test entirely.
Fix
The bug was fixed by the ORF Enterprise Edition 4.0 release.
AD Test may reject emails when the AD is not available
Version: 3.0 Severity: HighPublished
First published on July 18, 2006.
Description
When the Active Directory Test is in Synchronization Mode, ORF fails to recognize that the address list is unavailable after a failed synchronization and rejects non-whitelisted emails until the next successful synchronization.
Workaround
Switch the Active Directory Test to Live Query mode, which is not affected by this bug.
Start the ORF Administration Tool, select Tests / Active Directory, click the Settings button
and select Live Query Mode. Click OK to accept the changes and select Configuration | Save and Update Configuration
from the menu to apply the changes.
Fix
Bugfix has been released on July 18, 2006.
Available as a patch and as the ORF 3.0.1 release (download from the Client Portal).
IP Whitelist ignored in Short log mode
Version: 1.5 and newer Severity: MediumPublished
First published on May 25, 2005.
Description
A bug in ORF causes the IP whitelist to be ignored at the Before Arrival filtering point when the ORF log is in the "Short Log Messages" mode. The bug occurs in this log mode only, users running ORF in the default "Verbose Log Messages" mode are not affected.
Workaround
Switch ORF to the "Verbose Log Messages" mode (ORF Administration Tool, page Configuration / Log and Events).
Fix
Bugfix has been released on May 25, 2005.
It is available as a patch and as the ORF 2.0.2
release (download from the Client Portal).
Database corruption
Version: 2.0, 2.0.1 Severity: MinorPublished
First published on May 19, 2005.
Description
The database engine used by ORF contains bugs which may result in corruption
of the Automatic Sender Whitelist and/or the Greylisting databases.
The symptoms of the database corruption are occasional database error
messages logged by ORF and, in rare cases, 100% processor use for a long
period on a large number of outgoing emails (e.g. newsletters).
Workaround
Fix the database using the Manage Database / Repair option.
Fix
Bugfix has been released on May 25, 2005.
It is available as a patch and as the ORF 2.0.2
release (download from the Client Portal).
Memory Leak in the ORF SMTP Module
Version: All 1.x, 2.0 Severity: HighPublished
First published on April 11, 2005.
Description
The ORF SMTP Module does not release an allocated memory block when it
rejects an email or recipient.
As a result, the memory use of the inetinfo.exe process grows, which may
cause IIS to crash after some weeks of extensive use.
The memory leak bug primarily affects servers under high email load.
Workaround
There is no workaround for this bug other than restarting IIS (iisreset) when it consumes too much memory.
Fix
Bugfixes are available from April 12, 2005.
For 2.0 users: the bug is fixed by version 2.0.1.
For 1.x users: the bugfix is available for download in the Client Portal.
Memory Leak in the ORF SMTP Module
Version: 1.5 Severity: HighDescription
The ORF SMTP Module fails to release an allocated memory block when checking
emails at the On Arrival filtering point, which results in a 20-byte memory
leak per every email.
As a result, the memory use of the inetinfo.exe process grows, which may
cause IIS to crash after some days of extensive use and/or Out of Memory
errors in ORF.
The bug primarily affects servers under high email load.
Workaround
To avoid the crash of IIS, it is recommended to restart the IIS Administration Service when the inetinfo.exe consumes too much memory.
Fix
The bugfix is available in version 1.5.1.
Cannot Start syslogd when the ORF Service is up
Version: 1.2, 1.2.1 Severity: MinorDescription
You cannot start the syslog deamon on the syslog UDP port while ORF is running, if you have ORF syslogd logging enabled. This is caused by an unclosed socket which allocates the syslog UDP port, so the syslog daemon cannot start listening to syslog messages. This issue occurs only when both ORF and the syslog deamon is running on the same computer.
Fix
The bugfix is available in version 1.3.
Sending Statistics Cannot be Disabled
Version: 1.2 Severity: MinorDescription
Due to a software bug you cannot disable the statistics report sender feature. Reports are sent regardless your settings.
Fix
The bugfix is available in version 1.2.1.
Sender Email Address is Not Logged Under Specific Conditions
Version: 1.1.1 Severity: MinorDescription
ORF does not log the sender email address when a recipient blacklist hit occurs and the log is configured to produce short log messages.
Fix
The bugfix is available in version 1.2.
Cumulative Statistics Not Saved on System Reboot/Shutdown
Version: 1.1.1 Severity: MinorDescription
ORF failed to save the cumulative statistics to the statistics storage
file (orfestat.dat) on system reboot or shutdown. Consequently,
statistics generated since last ORF Enterprise Service startup
were lost.
The bug was caused by incorrect handling of shutdown events in
the ORF Service. Stop events were handled as expected.
Fix
The bugfix is available in version 1.2.
Reverse DNS Test Fails When the MX is Missing but A/CNAME Exists
Version: 1.1 Severity: HighDescription
The Reverse DNS Test with "MX or A/CNAME" test mode did not test A/CNAME records due to a software bug. This bug caused the software to work as the reverse DNS test is running with "MX" (strict check) mode and to provide wrong information to the remote SMTP server on the reason for the blocking the email.
Fix
The bugfix is available in version 1.1.1.
Incorrect Reverse DNS Statistics
Version: 1.1 Severity: MinorDescription
Reverse DNS statistics were displayed incorrectly. The "Tests" value was equal to the "Blocks" value.
Fix
The bugfix is available in version 1.1.1.
ORF Does Not Log Sender Blacklist Hits
Version: 1.0 Severity: MinorDescription
Mail blocked due to being listed on the sender blacklist were not logged by ORF.
Fix
The bugfix is available in version 1.1.
RDNS Test May Fail with Specially Formatted Addresses
Version: 1.0 Severity: MinorDescription
The Reverse DNS Test did not handle some specially formatted sender addresses correctly, such as: "mailbox@[1.2.3.4]", "[email protected]". This syntax is allowed by RFC standards, but used rarely on the Internet. ORF did not recognize that the sender domain is actually an IPv4 address and blacklisted the mail (because it failed on RDNS test).
Fix
The bugfix is available in version 1.1.
Some Controls May Not Appear with Large Fonts Setting
Version: 1.0 Severity: MinorDescription
If the sytem display was set to use Large Fonts mode, some controls in the ORF Administration Tool were not visible on the screen.
Fix
The bugfix is available in version 1.1.
Applies To
The article above is not specific to any ORF versions.