6.1 ORF Online Help
Select your ORF version:

Table of Contents

Tests


This help section explains the test settings available under FilteringTests in the Administration Tool.

General Information

A brief description of each test is displayed when the name of the test or the down arrow icon is clicked. ORF tests could be enabled or disabled on this page globally, and the filtering point assignments of enabled test can be also managed here: tests could run at the Before Arrival, the On Arrival or both filtering points. For more information, see the Filtering Points Concept section.

Selecting the right filtering point for your setup

The right filtering point for tests depends on your email delivery setup and intentions. There are many things to consider. Please see the Filtering Point Selection section for detailed information.

Managing Tests

Enabling or disabling tests

Click the ON / OFF button next to the name of the test to enable or disable it. When a test is disabled, ORF skips performing the given test.

Assigning a test to filtering points

Enable or disable the selected test at the Before Arrival, On Arrival or both filtering points by clicking the "Not assigned to this filtering point" pictogram and "Assigned to this filtering point" pictogram symbols (the latter means the test is enabled for the filtering point). Filtering point assignments can be edited only when the test is enabled. Some tests, such as the Keyword blacklist and Attachment filtering work at On Arrival only, so they cannot be assigned to the Before Arrival filtering point.

Configuring a test

Click Settings to jump to the configuration page of the test.

Whitelist Test Exceptions

See the Whitelist Test Exceptions topic.

Filtering Point Selection

Basically, there are two setup elements that affect the filtering point selection: perimeter servers and secondary MXs (also called "backup email servers"). These are called Intermediate Hosts in ORF.

Perimeter servers (a.k.a. front-ends)

The front-end is a host which receives the email before ORF would filter the email. The front-end is not necessarily a separate box, it may be e.g., an anti-virus proxy on the same server where ORF runs.

Secondary MXs

The secondary MX or backup email server is another server which receives emails for your domain when your server (the primary MX) is down. Spammers often send to the secondary MX directly to bypass spam filtering software, which typically runs on the primary MX only and trusts the secondary MX.

The following table summarizes the effective filtering selections for the various email delivery setups.

Case Setup Before Arrival On Arrival Both
A Direct Delivery (no front-end or secondary MX) Yes Yes Yes
B No front-end, but there is a secondary MX No Yes Yes
C Front-end No Yes No
  • Case A) You receive emails directly from the Internet, so you can take advantage of ORF's full filtering capabilities. To stop spam at the earliest stage of delivery, it is suggested to assign all blacklist tests possible to the Before Arrival filtering point. Of course, exclusively On Arrival tests (like the SURBL, Keyword and Attachment filtering tests) will still run at On Arrival.
  • Case B) Your secondary MX address has to be on the Intermediate Host List. Due to this, emails from your secondary MX will be whitelisted at the Before Arrival filtering point. This would result in a decreased filtering effectiveness, but you can work this around by assigning all tests to Both filtering points. This way, emails sent directly to your primary MX will be tested at Before Arrival whenever it is possible, but emails relayed from the secondary MX will be tested at On Arrival.
  • Case C) The front-end address has to be on the Intermediate Host List and due to this, all emails will be whitelisted at the Before Arrival filtering point. The only reasonable selection is the On Arrival filtering point in this case.

Accepting Blacklisted Emails

The above is a good starting point if you want to reject all blacklisted emails as soon as possible. However, if you want to accept and tag or redirect them (because you want to allow users to review blacklisted emails) assign all tests to On Arrival instead. See the On Arrival Action Settings section for more information.

Sample filtering point assignments I.

The below table shows an optimal filtering point selection for the following case:

  • Setup: no front-end or secondary MX
  • Intention: drop blacklisted emails
Test Before Arrival On Arrival Both
DNS Whitelist "Assigned to this filtering point" pictogram
Automatic Sender Whitelist "Assigned to this filtering point" pictogram
Reverse DNS "Assigned to this filtering point" pictogram
DNS blacklists "Assigned to this filtering point" pictogram
HELO domain blacklist "Assigned to this filtering point" pictogram
SPF test "Assigned to this filtering point" pictogram
IP blacklist "Assigned to this filtering point" pictogram
Sender blacklist "Assigned to this filtering point" pictogram
Recipient blacklist "Assigned to this filtering point" pictogram
Recipient validation "Assigned to this filtering point" pictogram
DHA protection test "Assigned to this filtering point" pictogram
Honeypot test "Assigned to this filtering point" pictogram

Sample filtering point assignments II.

The below table shows an optimal filtering point selection for the following case:

  • Setup: No front-end, but there is a secondary MX
  • Intention: drop blacklisted emails
Test Before Arrival On Arrival Both
DNS Whitelist "Assigned to this filtering point" pictogram
Automatic Sender Whitelist "Assigned to this filtering point" pictogram
Reverse DNS "Assigned to this filtering point" pictogram
DNS blacklists "Assigned to this filtering point" pictogram
HELO domain blacklist "Assigned to this filtering point" pictogram
SPF test "Assigned to this filtering point" pictogram
IP blacklist "Assigned to this filtering point" pictogram
Sender blacklist "Assigned to this filtering point" pictogram
Recipient blacklist "Assigned to this filtering point" pictogram
Recipient validation "Assigned to this filtering point" pictogram
DHA protection test "Assigned to this filtering point" pictogram
Honeypot test "Assigned to this filtering point" pictogram

Sample filtering point assignments III.

The below table shows an optimal filtering point selection for the following case:

  • Setup: Front-end (and maybe a secondary MX in addition to the front-end)
  • Intention: any
Test Before Arrival On Arrival Both
DNS Whitelist "Assigned to this filtering point" pictogram
Automatic Sender Whitelist "Assigned to this filtering point" pictogram
Reverse DNS "Assigned to this filtering point" pictogram
DNS blacklists "Assigned to this filtering point" pictogram
HELO domain blacklist "Assigned to this filtering point" pictogram
SPF test "Assigned to this filtering point" pictogram
IP blacklist "Assigned to this filtering point" pictogram
Sender blacklist "Assigned to this filtering point" pictogram
Recipient blacklist "Assigned to this filtering point" pictogram
Recipient validation "Assigned to this filtering point" pictogram
DHA protection test "Assigned to this filtering point" pictogram
Honeypot test "Assigned to this filtering point" pictogram

Notes

If you have a front-end and all tests are assigned to On Arrival, make sure Tarpit delay is disabled for that filtering point, otherwise you will "punish" your front-end only when delaying SMTP responses.

Copyright © Vamsoft Ltd. 2024. All rights reserved. Document ID adm-tests, version 1.