Rounded Top
Password Hint If you have not signed in recently, your password may be your Customer ID. Check your email archives for your Customer ID or reset your password.

Knowledge Base

Historic Change Log

Article was last updated on January 9, 2017. View products that this article applies to.

This article contains the complete list of changes since the 1.0 release of ORF.

Changes in version ORF 5.4.1

Release date: January 9, 2017

  • NEW: Microsoft® Exchange 2016 compatibility
    Although ORF 5.4 worked fine with Exchange 2016, the platform was detected by ORF as Exchange 2013. Version 5.4.1 has been updated to detect Exchange 2016 as a separate Exchange version.
  • NEW: Microsoft® Windows Server 2016 compatibility
    ORF is now officially supported on Windows Server 2016.
  • CHANGE: Removed dead surbl.org zones
    A few surbl.org zones went offline since the last version. The default definition set included with ORF now reflects this change.
  • BUGFIX: External Agent exit code actions always enabled
    Fixed bug with ORF ignoring the enabled/disabled state of External Agent exit codes actions.
  • BUGFIX: Inconsistent IP Whitelist logging
    Due to a bug in the IP Whitelist implementation, ORF did not always select the right IP address to be logged as "Related IP" address when a hit occurred. The bug affected only ORF Text Logs and the On Arrival filtering point.
  • BUGFIX: SPF evaluation limit counters do not propagate out from recursion
    The overall DNS lookup limit (max. 10) for SPF terms ("include", "a", "mx", "ptr", "exists" and "redirect") was not tracked as a single global limit for all evaluations, but just for a single instance of a recursive evaluation. Because of this, the total number of DNS queries triggered by the SPF terms might have exceed the limit specified in RFC-7208 (Section 4.6.4), unless the limit was reached in a recursive evaluation.
  • BUGFIX: Incorrect severity level assigned to ESpfTempError exception
    Timeout occuring during the retrieval of an SPF record resulted in ORF logging an ESpfTempError exception with Error severity, instead of a more informative message with the proper Warning severity.

Changes in version ORF 5.4

Release date: September 7, 2015

  • NEW: Built-in recursive DNS resolver
    The new DNS resolver can obtain DNS data without the help of a dedicated DNS resolver server. This greatly simplifies the DNS setup in ORF and eliminates common DNS configuration problems that lead to a diminished spam filtering performance.
  • IMPROVED: Updated DNSBL definition set and recommendations
    The new set is compiled based on comprehensive true positive, false positive and overlap analysis to maximize the spam catch rate without risking the loss of legitimate emails.
  • IMPROVED: RFC7208-compliant updated SPF client
    ORF implemented SPF long before it became standardized. The final RFC4408 standard and the most recent RFC7208 version contain few significant changes, but they are more lenient in handling common SPF errors, so this update allows evaluating more policies than before.
  • IMPROVED: Exchange 2013 CU9 Health Probe detection update
    Microsoft® Exchange 2013 regularly sends health probe emails as a part of its Managed Availability feature. ORF has a built-in mechanism for detecting and ignoring these emails to avoid clogging up the logs. The CU9 package for Microsoft® Exchange 2013 introduced a feature that broke this detection in ORF and this update restores the detection.
  • CHANGE: Microsoft® Windows 2000 support retired
    The new version no longer supports Microsoft® Windows 2000.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.3

Release date: May 12, 2014

  • NEW: Microsoft® Exchange 2013 Edge Transport Server support
    ORF is now fully compatible with the Edge Transport Server role introduced in Microsoft® Exchange 2013 SP1. Please read our related Knowledge Base article for more information about deploying ORF on different Exchange 2013 roles.
  • NEW: Automatic detection of the Transport Agents defect of Microsoft® Exchange 2013 SP1
    Microsoft® Exchange 2013 SP1 was shipped with a critical flaw (see Microsoft Knowledge Base Article 2938053). The ORF Setup now detects the defect and refuses to install on an unpatched  SP1 installation, and the ORF Service will now log errors if it finds the underlying Exchange installation unpatched.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.2

Release date: March 3, 2014

  • NEW: Configuration Snapshots
    ORF now automatically takes snapshots of the ORF configuration state on every configuration save and this enables reverting to earlier configurations.
  • NEW: Attachment Quarantine
    The Attachment Quarantine allows saving blacklisted email attachments to the file system for later retrieval by the administrator. Automatic retention control is available.
  • NEW: Log Message Explanations from Email Notifications
    Event message explanations are now available from ORF email notifications (in previous versions, these were available from the ORF Log Viewer only).
  • IMPROVED: Updated Second-level Domain List (SLD)
    The built-in Second-level Domain List (SLD) of ORF has been updated.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.1

Release date: June 4, 2013

  • NEW: Microsoft® Exchange 2013 Support
    ORF now can be used with Microsoft® Exchange 2013 on both the Client Access server and the Mailbox server roles.
  • NEW: Session timeout prevention in the ORF Log Viewer and ORF Reporting Tool
    In ORF 5, if the Log Viewer or the Reporting Tool was connected to a remote ORF instance and left unattended for more than 24 hours, the session has timed out, as the login ticket has expired. Now they keep the session alive.
  • NEW: Fixed items are now shown on the Intermediate Host List
    Intranet IP address ranges are treated as Intermediate Hosts by default to avoid blacklisting internal and outgoing emails. In previous ORF versions, these ranges were not visible in the Administration Tool, which was confusing for new ORF users. Now these ranges are visible as non-editable items.
  • NEW: Reverse DNS lookup in the ORF Log Viewer
    Now the Log Viewer supports looking up the PTR record (Reverse DNS lookup) of any logged IP address (Event View).
  • NEW: IDNA support in the URL harvester engine
    The URL harvester component is responsible for detecting, decoding, prioritizing and sorting URL payloads in spam, such as web links and email address domains. The domain names harvested from URLs are checked against online blacklists (SURBLs) to see if they are associated with spam. The URL Harvester now supports Internationalized Domain Names (IDNA), so ORF is now able to to discover and lookup domain names written in alphabets and scripts like Cyrillic, Japanese or Hebrew.
  • IMPROVED: Updated Second-level Domain List (SLD)
    The built-in Second-level Domain List (SLD) of ORF has been updated.
  • NEW: Browser-style navigation in the Administration Tool
    New keyboard shortcuts have been implemented in the Administration Tool, so now it is possible to navigate through pages back and forward by pressing the the Alt + Left Arrow / Alt + Right Arrow keys or Backspace / Shift + Backspace, as in any browser. This also supports the back and forward buttons you may have on your keyboard.
  • IMPROVED: Log Viewer now copies data in Unicode format
    The Copy Cell feature of the ORF Log Viewer now copies data in Unicode format instead of ANSI.
  • IMPROVED: Now all ORF binaries are signed digitally
    To prevent forgery or tampering, sotware publishers often sign their binaries digitally with Authenticode. Some of the binaries of ORF (namely the ones written in .NET) were not signed in previous ORF versions to avoid possible problems. Now these problems have been worked around.
  • IMPROVED: Setup now checks if Internet Explorer 6 or later is installed
    Though the minimum system requirements indicate that Internet Explorer 6 or newer version is required by ORF, this requirement was not enforced technically, so ORF could be installed on servers with earlier Internet Explorer versions, but could not function properly. Now the setup checks the IE version and ORF refuses to install if the version requirement is not met.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5

Release date: September 8, 2012

  • NEW: System requirements raised to Windows 2000 SP3
    See minimum system requirements for details.
  • NEW: Licensing Changes
    ORF was split into two products, ORF Fusion and ORF Fusion for SBS. Visit our website for detailed information.
  • NEW: Remote Administration
    This feature allows editing the configuration of remote ORF installations (Administration Tool), viewing remote logs (Log Viewer), and creating reports from remote servers (Reporting Tool) from a client
  • NEW: Configuration Synchronization
    ORF now can be configured to synchronize specific setting between instances in multi-server setups.
  • NEW: Improved Help
    The Help is now available both offline and online, each topic with feedback support.
  • NEW: URL blacklist update: Spamhaus DBL
    The default URL blacklist definition set (surbls.xml) has been extended with Spamhaus DBL.
  • NEW: Option to Disable IP Lookups for URL Blacklists
    Querying IP addresses against URL Blacklists now can be disabled (required by Spamhaus DBL).
  • NEW: Auto Sender Whitelist can be configured to keep items forever
  • NEW: "Whitelist authenticated clients" is now a separate test (available Before and On Arrival)
  • NEW: Various General Improvements
    • The ORF Service can now log Unicode expression comments
    • Renewed, rich formatted HTML email notifications
    • Time-restricted license (trial, beta, alpha) expiry email notifications
    • Ability to extend trial period
    • Updated Out Of Office subject samples in the Auto Sender Whitelist exceptions
    • The Whitelist Emails From Vamsoft Ltd. option now fetches Vamsoft email server list from DNS instead of using a hardcoded list
    • Log message improvements
  • NEW: General User Interface Improvements
    • New toolbars added
    • New start screens with news and update information
    • New dashboards
    • Renewed status bars with more information
    • More resizable dialogs (typically list editors)
    • New About Box with more information
    • Copy To Clipboard functionality in the Modules dialog
  • NEW: Renewed Remote Control feature
    • new UI
    • forwarding to the publisher server (if items are sent to a subscriber server)
    • sending client FQDN is now shown
    • hinting if the target list is getting overloaded
  • NEW: Administration Tool improvements
    • Renewed page navigation
    • System Overview page with status summary and 24-hours statistics
    • Now you can test email/IP addresses/text against lists
    • Configuration Wizard to help setting up ORF
    • One-click list sorting (header click instead of the Sort button; column and direction remembered)
    • View and change test assignment settings from the test pages
    • Creating email and domain expressions is now simplified by an expression creator
    • New Tests page with test descriptions
    • Now all sections have pages
    • New Welcome Screen after installation
    • Connection and search testing is now available for the Active Directory Recipient Validation source
    • Database connection tests initiated in the ORF Admin Tool are now performed by the ORF Service (when available) to rule out issues caused by integrated SQL authentication and the different security context.
    • When importing DNSBL/SURBL definitions, the previous enabled state of DNSBLs and SURBLs are preserved
    • Illustration to aid determining the Intermediate Host List contents
  • NEW: Log Viewer improvements
    • Renewed Event View
    • Online knowledge base lookups with rateable/commentable articles
    • Send to List from the Event View
    • Right-click filtering
    • Visually renewed filter builder
    • HTML + plain text event clipboard copy
    • Quick Filters: Now allows editing right from the filter list
    • Reset to Factory Defaults in the Column Selector dialog
  • NEW: Reporting Tool improvements
    • Renewed user interface and report design
  • BUGFIX:
    All known bugs fixed.
  • REMOVED:
    The "Header Check Depth" setting was removed from the UI

Changes in version ORF 4.4

Release date: February 15, 2010.

  • NEW: Microsoft® Exchange 2010 Support
    ORF now can be used with Exchange 2010 without a patch.
  • NEW: IIS 6 SMTP Service Support on Windows Server 2008
    The IIS 6 SMTP Service is now supported on Windows Server 2008.
  • NEW: IIS 6 SMTP Service Support on Windows Server 2008 R2
    The IIS 6 SMTP Service is now supported on Windows Server 2008 R2.
  • NEW: DNS blacklist update: Spamhaus CSS
    The Spamhaus ZEN DNSBL definition in the default set (blacklists.xml) has been extended with Spamhaus CSS.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 4.3

Release date: June 15, 2009.

  • NEW: DHA Protection Test
    A new test in ORF that can help to detect and stop Directory Harvest Attacks (DHAs).
  • NEW: Honeypot Test
    Allows setting up honeypot (spamtrap) addresses and ban senders that attempt to send to these addresses.
  • NEW: Restartless Configuration Changes
    ORF can now reinitialize with the new configuration without restarting the ORF Service, so you can enjoy uninterrupted email filtering.
  • IMPROVED: Remote Control
    The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved. It no longer requires a running ORF Administration Tool, more target lists are supported and multiple items can be sent at once.
  • NEW: Whitelist Test Exception for the SPF Test
    The SPF Test was added to the Whitelist Test Exceptions (disabled by default) so now you can validate the authenticity of the sender email address before the Auto Sender Whitelist or Sender Whitelist would run. This prevents forged emails from getting whitelisted.
  • IMPROVED: Live Statistics
    The live statistics of ORF was redesigned to include a stopwatch functionality and got a few new counters.
  • NEW: Blacklisting on SPF Neutral
    For specific (user-configurable) domains, blacklisting on SPF Neutral result is now available.
  • NEW: Option to Skip Greylisting on SPF Pass
    Allows skipping the Greylisting test if the SPF Test says the sender is explicitly authorized to send in the name of a domain (enabled by default).
  • NEW: DNS blacklist updates
    The default DNS blacklist definition set (blacklists.xml) has been updated.
  • Further minor improvements and minor bugfixes.

Changes in version ORF 4.2

Release date: July 8, 2008.

  • NEW: "Real" Reverse DNS Test
    This new subtest of the Reverse DNS Test checks if the sending IP has reverse name (DNS PTR record). Blacklisting the resolved host names is also supported.
  • NEW: Keyword Whitelist
    A new On Arrival-only test for whitelisting emails with specific keywords or patterns in the email body, subject or header.
  • NEW: Charset Blacklist
    Another On Arrival-only test, for blacklisting emails written in specific languages/scripts.
  • NEW: Compatible with Microsoft® Exchange 2007 on Windows Server 2008
    Version 4.2 now supports the Windows Server 2008 platform, when running with Microsoft® Exchange 2007. Note that the IIS SMTP-only mode is not supported on this platform, Exchange 2007 is required.
  • NEW: SPF Exceptions
    Allows excluding specific senders from the SPF test by the sender email address or the source IP address.
  • NEW: Auto Sender Whitelist Sender Exceptions
    This feature can be used to quickly un-whitelist accidentally whitelisted senders, without editing the Auto Sender Whitelist database.
  • NEW: ORF Text Log Retention Control
    Allows automatic deletion of the ORF Text Log files after a user-defined number of days. This feature is disabled by default.
  • NEW: Optional HELO/EHLO Logging
    When this option is enabled, the SMTP HELO/EHLO argument domain is added to the ORF logs as a separate column, helping the creation of HELO Blacklist expressions. This feature is disabled by default.
  • NEW: Minor improvements
    • Integrated Configuration Export/Import Guide: Instructions on exporting and importing the entire ORF configuration are now available from the ORF Administration Tool menu.
    • The ORF Administration Tool now remembers the last open page.
    • The ORF Log Viewer can start the ORF Administration Tool when sending to blacklists/whitelists.
    • The Uninstaller now asks if data and configuration files should be left on the system.
    • Minor bugfixes.

Changes in version ORF 4.1

Release date: March 27, 2008.

  • NEW: Microsoft® Exchange 2007 Support
    ORF 4.1 now can be installed on Exchange 2007 Servers (Edge Transport or Hub Transport roles).
  • NEW: Email Header Filtering
    The Keyword Filtering feature was extended with the ability to filter for keywords in the email header.
  • BUGFIX: ORF Does Not Filter Mails with Blank HELO
    ORF logged a warning message and did not filter emails that arrived with a blank HELO/EHLO domain argument.
  • BUGFIX: Connection Is Not Tarpitted At Before Arrival Under Specific Conditions
    Tarpit Delay was not triggered (irrespectively of the mode it was switched to) at the Before Arrival filtering point in case the Recipient Validation Test was excluded from the whitelists' scope (Whitelist Test Exceptions).

Changes in version ORF 4.0.4

Release date: September 11, 2007.

  • NEW: Recipient Validation Test
    This new test takes over the role of the Active Directory test and allows you to validate recipients using the Active Directory and two new sources: SQL databases and text files.
  • IMPROVED: ORF Log Viewer Log File Handling
    The Log Viewer now supports viewing user-selected log files in addition to the automatic log file loading.
  • BUGFIX: Memory Leak in the ORF SMTP Module
    The ORF SMTP Module was leaking a specific amount of memory on every email that reached the On Arrival filtering point. The potential impacts of the leak were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.
  • REMOVED: Active Directory test "Synchronization Mode"

Changes in version ORF 4.0.3

Release date: August 16, 2007.

  • BUGFIX: Before Arrival Delivery Problems Under Specific Circumstances
    Valid recipients did not get the email when all of the following conditions were satisfied at once:
    • The email had multiple recipients
    • At least one recipient was rejected at Before Arrival
  • BUGFIX: Log Viewer Time Filter Problems
    The "Time" filter could not be set higher than 12:59:59 (after(...date/time), before(...date/time), between(...date/time) modes). Events that occurred after 12:59:59 could not be filtered by the "Time" filter.
  • BUGFIX: Log Viewer IP Address Filter May Return an Error
    Under Windows 2003 Server, the Log Viewer returned a "List index out of bounds" error when an IP filter with either CIDR notation (e.g., 1.2.3.0/24) or text range notation (e.g., 1.2.3.4-1.2.3.255) was applied to the "Related IP address" field.

Changes in version ORF 4.0.2

Release date: August 8, 2007.

  • BUGFIX: Delivery Problems Under Specific Conditions
    Valid recipients did not get the email when all of the following conditions were satisfied at once:
    • Active Directory Test was enabled at the On Arrival filtering point
    • The email had multiple recipients (valid and invalid ones)
    • The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)
  • BUGFIX: Log Viewer: Saved Email Subject Filtering Expression Changes Randomly
    Previously saved Log Viewer email subject filtering expressions could have changed unexpectedly when modified.
  • BUGFIX: Saved Log Viewer Filter Cannot Be Deleted Under Specific Conditions
    Previously saved filter in the Log Viewer could not be deleted if the view was switched to "All" mode.

Changes in version ORF 4.0.1

Release date: July 18, 2007.

  • BUGFIX: Incorrect SMTP Module Status Displayed
    A bug in the ORF SMTP Module caused the SMTP Module status displayed for one or more of the SMTP Virtual Server as "not loaded/inactive" when multiple SMTP Virtual Servers were present, even when the SMTP Module was loaded and active.
  • BUGFIX: IP List CSV Export is Broken
    The ORF Administration Tool IP list (IP Blacklist, IP Whitelist) CSV format exports were broken in version 4.0 and thus could not be imported. Exporting/importing in TXT format and importing from earlier version CSV exports worked, however.
  • BUGFIX: Email Loss When Whitelisting Under Specific Circumstances
    Whitelisted recipients did not get the email when all of the following conditions were satisfied at once:
    • The email had multiple recipients at the On Arrival filtering point
    • Some, but not all of the email recipients were whitelisted
    • The email was not blacklisted
  • BUGFIX: Some External Agents Do Not Run Under Specific Conditions
    When External Agents whitelist test exceptions were enabled and there were enabled External Agents with both Anti-Virus and Spam Filter role, agents with Spam Filter role were not ran by ORF.

Changes in version ORF 4.0

Release date: July 10, 2007.

  • NEW: Combined Actions
    The new version can tag and redirect the email at the same time at the On Arrival filtering point.
  • NEW: Whitelist Test Exceptions
    This feature allows some blacklist tests to take precedence over whitelists (Attachment Filtering, External Agents, Active Directory Integration and the Recipient Blacklist), which provides better email security.
  • NEW: External Databases
    Allows using Microsoft® SQL Server® databases for storing the Auto Sender Whitelist and Greylisting data.
  • NEW: Email Subject Logging
    The subject of the incoming email is now logged at the On Arrival filtering point.
  • NEW: 64-bit Windows Support
    ORF 4.0 can be used on 64-bit Windows Server editions.
  • NEW: Auto Sender Whitelist Automatic Response Detection
    This new feature prevents automatic responses (e.g., Out of Office autoresponses) from polluting your Auto Sender Whitelist.
  • NEW: Greylisting /24 Support
    Now Greylisting can be configured to accept delivery re-attempts from the same /24 network block. This reduces the email delay from senders with a pool of outgoing email servers.
  • NEW: Automatic Update Check
    This feature periodically checks for a new ORF version and tells you if there is any available.
  • IMPROVED: Log Filtering and Search
    The filtering feature of the ORF Log Viewer was completely redesigned to allow creating more flexible filters. The Search functionality is no longer column-specific (free text search).
  • IMPROVED: More flexible IP Address Definitions
    In the new version, IP network definitions can be entered in various formats, including text range and CIDR notation.
  • IMPROVED: PowerLog Preprocessing Speed
    ORF 4.0 preprocesses the PowerLog files about 75 times faster than the previous 3.0 version.
  • BUGFIX: PowerLog Files May Get Deleted
    A bug in ORF caused the ORF PowerLog file under preprocessing to be deleted on the specific conditions (affected versions: 3.0 and 3.0.1).
  • BUGFIX: Legitimate Emails Tarpitted on Specific Conditions
    ORF applied the tarpit delay on any non-whitelisted email on specific conditions (affected versions: 3.0 and 3.0.1).
  • BUGFIX: External Agent Exit Code Enabled State Cannot Be Changed
    A bug in ORF prevented persisting the changes made to the enabled state of the External Agent exit codes (affected versions: 2.1, 3.0 and 3.0.1).

Changes in version ORF 3.0.2

Release date: August 8, 2007

  • BUGFIX: Delivery Problems Under Specific Conditions
    Valid recipients did not get the email when all of the following conditions were satisfied at once:
    • Active Directory Test was enabled at the On Arrival filtering point
    • The email had multiple recipients (valid and invalid ones)
    • The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)

This bugfix was released for 3.0 and 3.0.1 versions only.

Changes in version ORF 3.0.1

Release date: July 18, 2006.

  • BUGFIX: AD Test may reject emails when the AD is not available
    When the Active Directory Test was in Synchronization Mode, version 3.0 failed to recognize that the address list was unavailable after a failed synchronization and rejected non-whitelisted emails.

Changes in version ORF 3.0

Release date: July 11, 2006.

  • NEW: Reporting
    This version introduces ORF Reporting Tool, which allows generating printable graphical reports about ORF's filtering activity. The Reporting Tool relies on a new log device called ORF PowerLogs.
  • NEW: Minor changes and improvements
    • More consistent spam filtering engine behavior on errors.
    • Attachment MIME type is now logged when an email/attachment is blacklisted by the Attachment Filtering.
    • External Agent parameter double quotes are now tripled as opposed to doubling them, like in previous versions.
    • Statistics are now sent to Vamsoft in a fixed 24-hours period.

Changes in version ORF 2.1

Release date: September 5, 2005.

  • NEW: SPF support
    The new version supports using the Sender Policy Framework (SPF), which is an email authentication protocol for recognizing email address forgery. As most of the spam arrives with forged sender address, SPF can do a great job in reducing spam.
  • NEW: External Agents
    Allows attaching various external software, such as anti-virus or anti-spam products to ORF. Depending on the agents used, it can boost ORF's spam filtering performance significantly or act as another layer of defense against viruses. You can download agent definitions for a few software from our website or define your own.
  • NEW: HELO Domain Blacklist
    A new feature which helps to detect poorly written spammer software and malicious content based on the HELO/EHLO domain.
  • NEW: Minor improvements
    • URL Domain Blacklist: Version 2.1 allows defining domain exceptions which are not checked by the URL Domain Blacklist.
    • Tarpit Delay: ORF delays maximum 10 connections concurrently to avoid eating up IIS resources.

Changes in version ORF 2.0.2

Release date: May 26, 2005.

  • BUGFIX: Database problems
    This version is shipped with an updated version of the database engine used by ORF. The update fixes the problems which may lead to corruption of the Greylisting or the Automatic Sender Whitelist databases. The symptoms of the database corruption were occasional database error messages logged by ORF and, in rare cases, 100% processor use for a long period (more than a minute) on a large number of outgoing emails (e.g., newsletters).
  • BUGFIX: IP Whitelist ignored in Short log mode
    A bug in ORF caused the IP Whitelist to be ignored at the Before Arrival filtering point when the ORF log was in "Short Log Messages" mode.
  • IMPROVED: Automatic Sender Whitelist performance
    We improved the performance of the Automatic Sender Whitelist performance, the new version processes outgoing email significantly faster and uses less resources than the previous version.

Changes in version ORF 2.0.1

Release date: April 12, 2005.

  • BUGFIX: Memory leak in the ORF SMTP Module
    A bug in the ORF SMTP Module resulted in a small memory leak on each rejected email. The potential impacts of the bug were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.

Changes in version ORF 2.0

Release date: March 29, 2005.

  • NEW: Support for SURBLs (URL Blacklist Support)
    SURBLs are very similar to DNS blacklist, except that they list domain names instead of spam IP sources. ORF 2.0 can collect links to "spamvertized" sites from the scanned email and check the linked domains in the SURBLs.
  • NEW: Greylisting
    Anti-spam feature based on temporary rejection of emails from unknown senders. While greylisting provides outstanding spam stop rate, it causes about 15 minutes delay of emails from unknown senders as well. Moreover, it works at the Before Arrival filtering point only.
  • NEW: Automatic Sender Whitelist
    A self-learning whitelist which monitors your outgoing emails and builds a sender email address whitelist from the recipients of the outgoing emails. In other words, the recipients of the emails that you send become whitelisted senders.
  • NEW: Tarpit Delay
    Delays your server's response to blacklisted mails. Can be used to slow down/stop Directory Harvest Attacks or to fight back to spammers.
  • NEW: Several minor improvements
    • Completely rewritten DNS cache with persistent cache data store
    • DNS TCP fallback option
    • Updated DNS client in ORF
    • Improved email wildcard mask support, now both the * and the ? wildcards are supported
    • Attachment filter wildcard support (* and ? wildcards are now supported)
    • Configurable SMTP response for the On Arrival email drop action
    • Configurable SMTP response for the attachment filter drop action
    • ORF Log Viewer: "Remote Control"—add addresses to the ORF sender and IP lists by one click
    • ORF Log Viewer: "Quick Filters"—easier filter selection
    • ORF Log Viewer: "Preview Panel"—easier viewing of long log column data
    • ORF Log Viewer: Customizable color-coding of event records based on the event severity
    • ORF Log Viewer: Filters are now listed in alphabetical order
    • ORF Admin Tool: Sorting improvements, now you can sort virtually every list of ORF by any column
    • ORF Admin Tool: SMA expiration reminder
    • ORF Admin Tool: DNS Test to check the health of your DNS servers
  • REMOVED: The "Reject mail temporarily on DNS failure" feature has been removed.

Changes in version 1.5.2

Release date: December 1, 2004.

  • UPDATE: License agreement
    The license agreement has been changed, the installer and the documentation was updated accordingly. This version does not add any new features compared to ORF 1.5.1.

Changes in version 1.5.1

Release date: July 16, 2004.

  • NEW: Active Directory integration "Live Mode"
    The new AD integration mode allows validating the recipient "live", without extracting all addresses from the Active Directory (synchronization). The Live Mode is more resource-friendly and faster than the previous Synchronization mode when working with large directories. The performance of the Synchronization mode (pre-1.5.1 AD integration) was also improved.
  • BUGFIX: Memory leak in the ORF SMTP Module
    A bug in the ORF 1.5 SMTP Module resulted in a 20-byte memory leak per email at the On Arrival filtering point. This has caused out of memory errors in ORF and IIS crashes. This bug has been fixed by version 1.5.1.

Changes in version 1.5

Release date: June 11, 2004.

  • NEW: Dual filtering points model
    Previous ORF versions filtered the emails before email arrival. Now with 1.5 you can filter emails on arrival, which allows delivery path analysis, keyword and attachment filtering, etc.
  • NEW: Attachment and keyword filtering
    Using the attachment filter you can drop emails with malicious attachments or replace the attachments with a customisable warning text. Both the keyword and the attachment filtering support using Perl-compatible regular expressions, which makes the filtering extremely flexible. Both features are Unicode-aware.
  • NEW: Reviewing emails caught by the filter
    Emails blacklisted at the On Arrival filtering point can be dropped, redirected or tagged (header or subject).
  • NEW: ORF Log Viewer
    ORF is now shipped with a built-in log viewer which allows easy browsing, searching and filtering the logs.
  • NEW: DNS blacklist updates
    The default DNS blacklist definition set (blacklists.xml) has been updated.

Changes in version 1.4

Release date: September 19, 2003.

  • NEW: Invalidated RDNS record list
    The new list allows you to invalidate specific IP addresses returned by the RDNS A record test. This feature has been built into ORF to keep the RDNS test usable after .com/.net gTLD manager Verisign added a global A record wildcard to the .com/.net zones. The wildcard IP address is added to the list by default. The DNS A record which resolves to any of the IP addresses listed on this list will be treated as non-existent record in the Reverse DNS test.

Changes in version 1.3

Release date: August 21, 2003.

  • NEW: Exception list for the Active Directory integration
    Using the new exception list, you can exclude specific email addresses or domains from the Active Directory-based recipient filtering. This comes handy if you provide filtered mail services for domains that are not listed in your directory.
  • NEW: AD integration user authentication support
    User authentication may be required for the AD integration if ORF is running on a computer which is not a member of the domain. ORF now supports specifying a user name and password for LDAP authentication.
  • NEW: Whitelisting authenticated sessions now can be disabled
  • NEW: Authenticated user name in the log
    For easier tracking of authenticated sessions, version 1.3 logs the authenticated user name with the whitelist event message.
  • NEW: Customizable RDNS SMTP response
  • NEW: Minor improvements
  • BUGFIX: Cannot start syslogd when ORF Service is up
    You could not start the syslog daemon on the syslog UDP port while ORF was running, if you had ORF syslogd logging enabled. This was caused by an unclosed socket has which allocated the syslog UDP port so the syslog daemon was unable to start listening to syslog messages. This issue occurred only when both ORF and the syslog daemon was running on the same computer.
  • NEW: DNS blacklist updates
    • Removed: DORKSZTL and DORKS (dead blacklists)
    • Removed: MONKEYFORMMAIL (no hits, seemingly dead)
    • Removed: BLITZEDHTTP, BLITZEDWINGATE, BLITZEDSOCKS (these zones are no longer up)
    • Added: CBL, LBL, REYNOLDST1, UCEB
    • Update: Four new zones added to FIVETEN, BLITZED also updated
    • Update: MONKEYPROXIES has been renamed to MONKEYUPL (zone remains the same)

Changes in version 1.2.1

Release date: July 18, 2003.

  • BUGFIX: Sending statistics cannot be disabled
    Due to a software bug you could not disable the statistics report sender feature, statistics were sent regardless your settings. This bug has been fixed in version 1.2.1.

Changes in version 1.2

Release date: July 8, 2003.

  • NEW: Seamless update
    Until version 1.2, you had to manually stop and restart Exchange services during an ORF update. The new Update Setup shipped with ORF version 1.2 can automatically stop and restart the Exchange services and transfer your previous ORF settings to the updated version.
  • NEW: Active Directory integration
    Unlike other mail servers, Exchange 2000 does not reject mails coming to mailboxes that does not exist. Exchange 2000 accepts the mail for delivery and bounces the email later if the recipient mailbox is unavailable. Spam is often sent with non-existing sender email address, which results in tons of NDR's filling up the mail queue. Using the ORF's new Active Directory integration you can reject all mails that are addressed to mailboxes that are no longer (or never been) valid and accept mails only to mailboxes that exists in the Active Directory.
  • NEW: Built-in Bonded Sender™ Program DNS whitelist support
    IronPort Systems Inc's Bonded Sender™ Program provides a public DNS whitelist, which is now supported by ORF 1.2. More information about this program is available at http://www.bondedsender.com.
  • NEW: Better ORF community support
    Do you find it confusing to select the best DNS blacklists? Now ORF can automatically send your ORF statistics anonymously to our server in email. The server collects these statistics and displays DNS blacklist popularity and statistics on our website.
  • NEW: Commentable list items
    The new version supports commenting IP/sender/recipient whitelist and blacklist items which makes managing and exchanging these lists easier.
  • NEW: Regular expressions
    Using regular expressions you can create complex email address masks. ORF 1.2 supports the Perl-compatible regular expressions (PCRE, for more information, please see http://www.pcre.org). This feature is available for the sender whitelist, sender blacklist, recipient whitelist and recipient blacklists.
  • NEW: Windows Event Log and BSD syslog support
    Version 1.2 extends logging capabilities with Windows Event Log and BSD syslog support.
  • NEW: Automatic whitelisting of authenticated SMTP connections
    Authenticated SMTP connections are now recognized and automatically whitelisted by the new version.
  • BUGFIX:
    Cumulative statistics not saved on system reboot/shutdown
  • BUGFIX:
    Sender email address is not logged under specific conditions

Changes in version 1.1.1

Release date: January 14, 2003.

  • BUGFIX: Reverse DNS test fails when MX missing and A/CNAME exists
    The reverse DNS test with "MX or A/CNAME" test mode did not test A/CNAME records due to a software bug. This bug caused the software to work as the reverse DNS test running with "MX" (stict check) mode and to provide wrong information for the remote SMTP server about the block reason.
  • BUGFIX: Incorrect reverse DNS statistics
    Reverse DNS statistics were displayed incorrectly. The "Tests" value was equal to the "Blocks" value.
  • ADDED: Log level recorded in the log
    This feature makes writing log parsers easier.

Changes in version 1.1

Release date: January 10, 2003.

  • NEW: Support for multiple DNS servers
    In version 1.1, you can define multiple (fail-over) DNS servers with priority order.
  • NEW: Cumulative statistics
    Using the new cumulative statistics feature you can view the statistics of ORF since the installation. You can also take a snapshot of the current run-time statistics and export the snapshot to various file formats (including CSV, which can be imported by Microsoft® Excel®). The statistics are resettable.
  • NEW: Reverse DNS test with MX or A/CNAME records
    The 1.0 version reverse DNS test was very strict. Version 1.1 offers you a less strict check. This helps in reducing the number of legitime mails blocked.
  • NEW: Address list export/import
    Exporting and importing address lists (IP, sender, recipient whitelists and blacklists) is now available. Multiple text formats supported, including CSV which can be imported by Microsoft® Excel®
  • NEW: Blocking broken sender domains
    ORFEE 1.1 can block mails with broken sender domain information (senderdomain is not a fully qualified domain name - FQDN).
  • NEW: Temporary rejection of mails on DNS errors
    You can configure ORF to reject the mail temporarily when it cannot be tested due to DNS errors. Using this option you can avoid accepting mails when the filtering is not available due to unreachable DNS data.
  • NEW: Several minor improvements
    • All address lists (IP, sender and recipient whitelists and blacklists) are sortable to ascending or descending order by one click
    • You can set the order of list items using drag&drop (where applicable)
    • Sending a test notification mail from the Events page is now available
    • Default values automatically assigned to various SMTP responses
    • You can configure ORF to add the local server name to the log as a separate column
    • {HOUR} field added to the available log file name fields
    • You can control line wrapping in the notification mails
    • Now the sender address is available in the log when a mail is blocked on the recipient blacklist
    • CTRL-SPACE displays the directory browser dialog in path edit boxes
  • BUGFIX: RDNS test may fail with specially formatted addresses
    The reverse DNS test did not handle some specially formatted sender addresses correctly. Affected format: "mailbox@[1.2.3.4]", "mailbox@1.2.3.4". This syntax is allowed by RFC standards, but used rarely on the Internet. ORF did not recognize that the sender domain is actually an IPv4 address and blocked the mail (because it failed on RDNS test).
  • BUGFIX: Sender blacklist hits are not logged
    Mails blocked on the sender blacklist were not logged by ORF Enterprise.
  • BUGFIX: Some controls may not appear with Large Fonts settings
    If you run your display in Large Fonts mode, you may experienced that some controls in the ORF Administration Tool were not visible on the screen.

Applies To

The article above is not specific to any ORF versions.