6.1 ORF Online Help
Select your ORF version:

Table of Contents

Help Glossary


This page summarizes the terms used in the ORF help.

  • Attachment MIME type

    Indicates the Internet media type of an email attachment. For example, executable files have "application/octet-stream" MIME type.

    The MIME type is harder to spoof than the file name (e.g., renaming an EXE file to DOC), so it provides more reliable information for file type detection.

  • Automatic Snapshot

    Snapshots store an ORF configuration state, so you can revert to previous configurations anytime. Automatic Snapshots (as the name implies) are created automatically whenever the configuration is saved.

    ORF keeps only the last 20 Automatic Snapshots, the rest is deleted automatically. Converting them to Baseline Snapshots allows keeping them indefinitely.

  • Baseline Snapshot

    Snapshots store an ORF configuration state, so you can revert to previous configurations anytime. Marking a snapshot as Baseline means they will never get deleted automatically and can be kept indefinitely.

  • Before Arrival filtering point

    The first stage of the SMTP email transmission monitored by ORF. Corresponds to the step when sender specifies the recipient (RCPT TO: command). This filtering point is executed for each recipient.

    Email contents are not yet transmitted at this point. Due to this, certain tests (e.g. Keyword Blacklist) and blacklist actions (e.g. tagging) are not available.

  • Blacklisting

    Blacklisting is flagging an email "unwanted". Emails can be blacklisted by a blacklist test, such as the Keyword Blacklist or the SPF Test.

    Blacklists generally have lower precedence than whitelists: once an email is whitelisted, it will not get blacklisted.

    ORF performs the action of your choice on a blacklisted email. For instance, a blacklisted email may get rejected or tagged.

  • Configuration Snapshot

    A configuration snapshot stores an ORF configuration state. It is created automatically when the configuration is saved.

    Snapshots enable reverting to previous configuration states anytime, which is useful if you want to experiment with alternative configurations or want to recover from an unexpected configuration change.

  • CSV

    The Comma-Separated Values (CSV) format is used to store tabular data in which numbers and text are stored in plain-text form. It is widely supported by spreadsheet applications (like Microsoft® Excel® or OpenOffice.org™ Calc) and database management systems.

    The CSV format is loosely specified and semicolons (;) are often used instead of commas as separator, so ORF offers both separator types.

  • Demo Mode

    In Demo Mode, ORF works exactly as it would normally do, but does not carry out any of the configured actions (i.e. it does not reject, tag or otherwise modify emails).

    This enables testing ORF without risking email loss. Performance data can be collected from ORF logs and reports.

  • DKIM

    DomainKeys Identified Mail prevents the contents of an email from being compromised by enabling domain owners to digitally sign their messages and to publish a DKIM public key record. Email recipients can verify the integrity of the email content by verifying the signature using the published public key record.

  • DKIM Domain

    A DKIM domain is an attribute for the DKIM signature, specified in the "d=" tag in the "DKIM-Signature" header field. It is the domain of the signing entity under which the public DKIM key record is published. The domain name is used to form the DNS query for the public key, which is used by DKIM verifiers to validate the DKIM signature.

  • DKIM Selector

    A DKIM selector is an attribute for the DKIM signature, specified in the "s=" tag in the "DKIM-Signature" header field. It is an arbitrary name under the "_domainkey" namespace, indicating the locatation of the signing domain's public key in DNS which is used by DKIM verifiers to validate the signature. For example: selector._domainkey.example.com

  • DMARC

    Domain-based Message Authentication, Reporting & Conformance prevents the forgery of the visible „From:” address by enabling domain owners to publish a DMARC policy that specifies how to validate the sending domain in the From: header field and what to do with emails that fail authentication checks.

  • Email Header

    The header is a part of the email and describes various properties of the message. These include the email subject, sender and recipient address information (the so-called "MIME" sender and recipient) and email delivery hop history (Received: headers).

    It is available at the On Arrival filtering point only.

  • Exchange Replay Directory

    ORF uses this directory of Exchange 2007 and newer versions for sending email notifications, statistics reports and resubmitting emails for whitelisted recipients.

    It is vital to have this path configured properly in ORF, otherwise some whitelisted emails may be lost.

  • External Agents

    External Agents are command-line software attached to ORF for filtering emails. ORF can pass the email to the agents and blacklist the email based on the agent exit code.

  • FQDN

    Short for Fully Qualified Domain Name, which is domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels, including the top-level domain and the root domain.

    For example, example.com and subdomain.example.com are FQDNs, but somedomain is not.

  • HELO/EHLO domain

    Every SMTP email transmission begins with the sender's introduction (SMTP HELO or EHLO command). During this introduction, the sender identifies itself with its hostname, e.g. "mailserver.example.org". This hostname is called the "HELO/EHLO domain" in ORF.

    Spammers and malware authors often pay little attention to getting the hostname right (e.g. they use malformed hostnames or spoof the recipient hostname), giving ORF a chance to detect certain patterns using the HELO Blacklist test.

  • Intermediate Hosts

    Intermediate hosts are email delivery hops between your network perimeter and the ORF server. These are typically secondary (backup) MXs, non-transparent firewalls and other security gateways.

    The Intermediate Host List of ORF enables "looking behind" these hosts in the email delivery history to find the original sender computer IP that connected to your network. This information is crucial for a large number of tests in ORF.

    Private intranet IP addresses are always treated as Intermediate Hosts in ORF.

  • LDAP

    The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying distributed directory information services (such as the Microsoft® Active Directory®) over the network.

  • Localization

    Localization (in ORF configuration synchronization) is overriding certain settings from the configuration publisher with the local settings of the subscriber server.

    ORF allows localizing features and file system paths as well.

  • Management Tools

    ORF installations with enabled Remote Access can be managed from remote client computers with the Management Tool package installed.

    The package includes the Administration Tool, the Log Viewer and the Reporting Tool.

  • On Arrival filtering point

    The second stage of the SMTP email transmission monitored by ORF: this is when the sender has just transmitted the email and waits for acknowledgement (end of the DATA or BDAT SMTP commands).

    Email contents are already available at this point, which enables full access to the ORF filtering and action arsenal.

  • Private Local Databases

    Private Local Databases are database files maintained by the internal database engine of ORF. These files have .abs extension.

    The contents of these database files cannot be viewed or modified, and the database cannot be shared between ORF instances (as opposed to External SQL databases).

  • PTR record

    Querying the PTR DNS record for an IP address returns the hostname associated with that IP. Most active IP addresses have PTR information, but due to poor configuration even a few legitimate email server IPs may lack PTR data.

  • Publisher

    An ORF instance that publishes its configuration for other ORF instances (Configuration Subscribers).

  • Regular Expressions

    Regular expressions or regexes provide concise and flexible means for matching strings of text. They are similar to wildcard expressions (e.g. *.exe) but support more complex operations, such as boolean operations (e.g. "or") and quantifiers (e.g. "match if character occurs X times").

  • SPF

    Sender Policy Framework prevents email forgery by enabling domain owners to publish SPF policies which specifies who is authorized to send emails in their (domain) name. Email recipients can check the email source against the published SPF policy of the claimed sender.

  • Subscriber

    An ORF instance which receives some or all of its configuration from a remote Configuration Publisher ORF instance.

  • Tarpit Delay

    Delays the SMTP responses sent to blacklisted hosts, slowing the email transfer. Useful if you are flooded with spam from a single source, but it can also backfire by keeping too many connections alive and keeping your server busy.

  • Whitelisting

    Whitelisting is flagging an email legitimate and excluding it from further testing. Emails can be whitelisted by a whitelist test, such as the Sender Whitelist or the DNS Whitelist Test.

    Whitelists have higher precedence than blacklists: once an email is whitelisted, it will not get blacklisted.

    Note that whitelisting is not required for an email to be allowed through ORF: if an email gets neither whitelisted, nor blacklisted, it receives the "Passed" status and it is allowed through ORF.

Copyright © Vamsoft Ltd. 2024. All rights reserved. Document ID glossary, version 1.