Change Log

This section contains the complete version history of ORF.

Changes in version ORF 6.2.1

• BUGFIX: SPF filtering problems under specific conditions
  An optimization flaw prevented the SPF Test from running in "standalone" mode and as part of the Greylisting test under certain configuration settings.
• BUGFIX: User-specified file paths reset to default
  File paths inaccessible due to permission or network connectivity issues were reset to default upon launching the Administration Tool.
• BUGFIX: Tests randomly terminate with EListError "List index out of bounds (nn)"
  Due to a thread separation error, certain tests could terminate abruptly under heavy email load.
• BUGFIX: Malformed email addresses trigger DMARC Test errors
  The DMARC Test did not handle some specifically formatted email addresses correctly which resulted in occasional errors.
• BUGIFX: DMARC "Pass" messages logged with the wrong event class
  A bug in the logging module resulted in the incorrect classification of successful DMARC verification events.
• BUGFIX: Feature localization may prevent configuration synchronization
  Localizing the "Actions" or "Tests" settings on the subscriber server prevented successful configuration synchronization with the publisher.

Changes in version ORF 6.2

• NEW: Custom Action - Test Mode
  A new custom action for troubleshooting, testing and fine-tuning individual blacklist tests.
• NEW: Result-based actions for the SPF and DKIM tests
  You can now specify different blacklist actions for most SPF and DKIM authentication results.
• NEW: Search filter expressions in logs
  This new feature allows you to find log entries that match the filter expressions you defined in the ORF Administration Tool.
• CHANGE: Automated filtering points selection
  The appropriate filtering points are now automatically selected for each test based on your ORF configuration. The filtering point control columns (Before Arrival & On Arrival) were removed from the UI.
• CHANGE: Active Directory-based recipient validation
  Emails sent to shared mailboxes are no longer rejected when ORF is configured to blacklist emails sent to disabled AD accounts.
• CHANGE: Configuration file paths
  The service-related configuration files were moved to "%ProgramData%\ORF Fusion\".
• IMPROVED: SMTP Responses
  The SMTP response list had been extended and the default responses have been updated.
• BUGFIX: DKIM Signature Verifier - RFC-6376 standards violation
  Signature verification was unnecessarily terminated with a warning when the version tag (v=) was not the first tag in the "DKIM-Signature" header field.

Changes in version ORF 6.1.1

• BUGFIX: DMARC identifier alignment check problem
  Uppercase characters in the domain part of the "From:" header address caused verification failure during the DMARC identifier alignment check.
• BUGFIX: Minor user interface issues
  Fixed a number of UI related issued affecting the ORF management tools.

Changes in version ORF 6.1

• NEW: DKIM Whitelist
  Whitelist emails from specific senders based on the validity of the DKIM signature.
• NEW: Enforced Signatures
  Create a list of senders and signers whose emails must pass DKIM validation in order to pass filtering.
• IMPROVED: RFC8463-compliant updated DKIM verifier
  ORF now validates Ed25519-SHA256 DKIM signatures as well.
• NEW: Detailed DKIM logs
  When enabled, the signature verification details will be added to the DKIM log messages.
• NEW: DMARC sub-test logging
  When this option is enabled, the results of the SPF and DKIM checks will appear in the logs.
• BUGFIX: Invalid pointer operation
  ORF logged an error message when one of the recipients of a multi-recipient email was on the Recipient Whitelist while the sender was on the Auto Sender Whitelist.
• BUGFIX: Access violation error on malformed emails
  Non-standard MIME boundary usage in emails could trigger access violation errors due to a bug in the ORF MIME parser.

Changes in version ORF 6.0.1

• BUGFIX: ORF transport agent On Arrival error
  In rare cases, certain emails might trigger a "NullReferenceException" error during the parsing of the email data received from Microsoft Exchange.
• BUGFIX: DKIM signature parsing failure
  Quotation marks in the "h=" tag of the DKIM signature were interpreted as text boundary instead of literal characters.
• BUGFIX: DKIM signature timestamp error
  DKIM signature verification might fail with a timestamp error on servers located to the west of the UTC±00:00 timezone.
• BUGFIX: Limited tarpit delay functionality
  The Tarpit Delay feature did not work when configured as a default filtering action.
• BUGFIX: False license activation error message
  The License Manager displayed the wrong error message on connection failure.

Changes in version ORF 6.0

• NEW: Microsoft® Exchange 2019 compatibility
  Exchange 2019 is now fully supported by ORF.
• NEW: Microsoft® Windows Server 2019 compatibility
  ORF is now officially supported on Windows Server 2019.
• NEW: Licensing changes
  ORF Fusion is now available through subscription only. Perpetual licenses and maintenance plans are no longer available. For more information please consult our related KB.
• NEW: License Manager
  ORF Fusion now requires a license key for activation. A License Manager has been added to the ORF Administration Tool (Help / License Manager) for managing your licenses.
• NEW: DKIM Test
  The new version supports using the DomainKeys Identified Mail (DKIM) email authentication framework for verifying the integrity of incoming emails as well as the identity of responsible senders via cryptographic signatures.
• NEW: DMARC Test
  Domain-based Message Authentication, Reporting & Conformance (DMARC), possibly the most advanced email validation system designed to combat phishing and email spoofing, is now here to help you detect and mitigate fraudulent messages.
• NEW: Per-Test Actions
  Separate filtering actions can now be specified for almost every blacklist test.
• NEW: Attachment Filter Exceptions
  Allows excluding specific senders from Attachment Filtering by the sender email address or the source IP address.
• NEW: DKIM Test added to Whitelist Test Exceptions
  Provides an opportunity to verify the authenticity of the incoming email before the Auto Sender Whitelist or Sender Whitelist could exempt the message from filtering (disabled by default).
• NEW: General user interface improvements
  
  • Status indicator added to tests in the side-menu
  • Toggle option added to the toolbars
  • Status bar elements are now interactive
  • Some of the icons received a second state
• NEW: Log Viewer log file handling improvements
  
  • Drag-and-drop support added
  • You can now select multiple log files and load them at once
  • Loading specific log files is now possible in multi-server mode as well
• IMPROVED: Attachment Blacklist logging
  Filter expressions are now appended to log messages automatically when no user-defined comment text is configured.
• CHANGE: Microsoft® Windows Server 2003 support retired
  The new version no longer supports Microsoft® Windows Sever 2003.
• CHANGE: Microsoft® Exchange Server 2000-2003 support retired
  The new version no longer supports Exchange Server 2000 and Exchange Server 2003.
• CHANGE: Fusion for SBS edition retired
  The Fusion for SBS edition of ORF has been retired due to lack of demand. There is only one ORF edition now, ORF Fusion, which supports Windows Server Essentials (formerly Windows Small Business Server or SBS) installations as well. Free upgrades to ORF Fusion are given to Fusion for SBS users with active Software Maintenance Agreements.
• CHANGE: License agreement updated
  The license agreement has been changed, the installer and the documentation was updated accordingly.
• BUGFIX: Increased memory usage & oversized PowerLog reference file
  A bug in the ORF PowerLog Reference module resulted in a new reference entry being added to the plogrefs.dat file on each IP Whitelist and IP Blacklist hit. The potential impacts of the bug were out of memory errors and service crashes affecting servers with very high email load.
• BUGFIX: Wrong attachment filtering action on memory error
  Fixed an error handling bug that could cause legitimate emails and attachments to be blacklisted or quarantined.
• BUGFIX: Configuration change warning not displayed
  The ORF Administration Tool did not check whether the local configuration of the subscriber server should be saved before connecting to a publisher server if the connection was initiated from a settings page that was in subscriber mode.

Changes in version ORF 5.5.1

• BUGFIX: Archive scan timeout not respected
  Fixed an error handling bug that could delay ORF from executing the configured archive scan timeout action.
• BUGFIX: Right-click export not working for certain lists
  Some of the user-defined lists could not be exported using the export option of the right-click context menu.
• BUGFIX: User Interface Lag in the Log Viewer and Reporting Tool
  Fixed a bug that could cause the Log Viewer and Reporting Tool to hang or become unresponsive for short periods of time.

Changes in version ORF 5.5

• NEW: Multi-server support in the Log Viewer
  The Log Viewer can now connect to multiple ORF instances at the same time, so you may browse and filter logs from all your ORF servers simultaneously.
• NEW: Filtering inside compressed attachments
  The Attachment Filter can now perform recursive checks in compressed (Zip) files. Password protected archives are treated according to user-defined policy.
• NEW: Attachment filtering based on file size
  You may now set a per-expression file size limit for each attachment filter expression.
• NEW: Option to blacklist emails sent to disabled accounts
  A new Recipient Validation option has been added to allow the blacklisting of emails sent to email addresses associated with disabled Active Directory accounts.
• NEW: List item control
  All blacklist and whitelist entries can now be enabled or disabled selectively.
• IMPROVED: Attachment Quarantine
  Removed attachments are now saved with a .quarantine extension to prevent the accidental execution of malicious files.
• IMPROVED: Email header tagging
  The name of the blacklist test that triggers the filtering action can now be included into the header tag.
• IMPROVED: Remote management
  When the ORF service shuts down or is restarted, any remotely connected Administration Tool will now disconnect automatically.
• BUGFIX:
  All known bugs fixed.

Changes in version ORF 5.4.1

• NEW: Microsoft® Exchange 2016 compatibility
  Although ORF 5.4 worked fine with Exchange 2016, the platform was detected by ORF as Exchange 2013. Version 5.4.1 has been updated to detect Exchange 2016 as a separate Exchange version.
• NEW: Microsoft® Windows Server 2016 compatibility
  ORF is now officially supported on Windows Server 2016.
• CHANGE: Removed dead surbl.org zones
  A few surbl.org zones went offline since the last version. The default definition set included with ORF now reflects this change.
• BUGFIX: External Agent exit code actions always enabled
  Fixed bug with ORF ignoring the enabled/disabled state of External Agent exit codes actions.
• BUGFIX: Inconsistent IP Whitelist logging
  Due to a bug in the IP Whitelist implementation, ORF did not always select the right IP address to be logged as "Related IP" address when a hit occurred. The bug affected only ORF Text Logs and the On Arrival filtering point.
• BUGFIX: SPF evaluation limit counters do not propagate out from recursion
  The overall DNS lookup limit (max. 10) for SPF terms ("include", "a", "mx", "ptr", "exists" and "redirect") was not tracked as a single global limit for all evaluations, but just for a single instance of a recursive evaluation. Because of this, the total number of DNS queries triggered by the SPF terms might have exceed the limit specified in RFC-7208 (Section 4.6.4), unless the limit was reached in a recursive evaluation.
• BUGFIX: Incorrect severity level assigned to ESpfTempError exception
  Timeout occuring during the retrieval of an SPF record resulted in ORF logging an ESpfTempError exception with Error severity, instead of a more informative message with the proper Warning severity.
• BUGFIX: Before Arrival SMTP actions for the HELO Blacklist cannot be edited
  Changes made to the SMTP action of the HELO Blacklist were not persisted in the configuration.

Changes in version ORF 5.4

• NEW: Built-in recursive DNS resolver
  The new DNS resolver can obtain DNS data without the help of a dedicated DNS resolver server. This greatly simplifies the DNS setup in ORF and eliminates common DNS configuration problems that lead to a diminished spam filtering performance.
• IMPROVED: Updated DNSBL definition set and recommendations
  The new set is compiled based on comprehensive true positive, false positive and overlap analysis to maximize the spam catch rate without risking the loss of legitimate emails.
• IMPROVED: RFC7208-compliant updated SPF client
  ORF implemented SPF long before it became standardized. The final RFC4408 standard and the most recent RFC7208 version contain few significant changes, but they are more lenient in handling common SPF errors, so this update allows evaluating more policies than before.
• IMPROVED: Exchange 2013 CU9 Health Probe detection update
  Microsoft® Exchange 2013 regularly sends health probe emails as a part of its Managed Availability feature. ORF has a built-in mechanism for detecting and ignoring these emails to avoid clogging up the logs. The CU9 package for Microsoft® Exchange 2013 introduced a feature that broke this detection in ORF and this update restores the detection.
• CHANGE: Microsoft® Windows 2000 support retired
  The new version no longer supports Microsoft® Windows 2000.
• BUGFIX:
  All known bugs fixed.

Changes in version ORF 5.3

• NEW: Microsoft® Exchange 2013 Edge Transport Server support
  ORF is now fully compatible with the Edge Transport Server role introduced in Microsoft® Exchange 2013 SP1. Please read our related Knowledge Base article for more information about deploying ORF on different Exchange 2013 roles.
• NEW: Automatic detection of the Transport Agents defect of Microsoft® Exchange 2013 SP1
  Microsoft® Exchange 2013 SP1 was shipped with a critical flaw (see Microsoft Knowledge Base Article 2938053). The ORF Setup now detects the defect and refuses to install on an unpatched SP1 installation, and the ORF Service will now log errors if it finds the underlying Exchange installation unpatched.

Changes in version ORF 5.2

• NEW: Configuration Snapshots
  ORF now automatically takes snapshots of the ORF configuration state on every configuration save and this enables reverting to earlier configurations.
• NEW: Attachment Quarantine
  The Attachment Quarantine allows saving blacklisted email attachments to the file system for later retrieval by the administrator. Automatic retention control is available.
• NEW: Log Message Explanations from Email Notifications
  Event message explanations are now available from ORF email notifications (in previous versions, these were available from the ORF Log Viewer only).
• IMPROVED: Updated Second-level Domain List (SLD)
  The built-in Second-level Domain List (SLD) of ORF has been updated (January 2014).
• BUGFIX:
  All known bugs fixed.

Changes in version ORF 5.1

• NEW: Microsoft® Exchange 2013 Support
  ORF now can be used with Microsoft® Exchange 2013 on both the Client Access server and the Mailbox server roles. Please read our related Knowledge Base article for more information.
• NEW: Session timeout prevention in the ORF Log Viewer and ORF Reporting Tool
  In ORF 5, if the Log Viewer or the Reporting Tool was connected to a remote ORF instance and left unattended for more than 24 hours, the session has timed out, as the login ticket has expired. Now they keep the session alive.
• NEW: Fixed items are now shown on the Intermediate Host List
  Intranet IP address ranges are treated as Intermediate Hosts by default to avoid blacklisting internal and outgoing emails. In previous ORF versions, these ranges were not visible in the Administration Tool, which was confusing for new ORF users. Now these ranges are visible as non-editable items.
• NEW: Reverse DNS lookup in the ORF Log Viewer
  Now the Log Viewer supports looking up the PTR record (Reverse DNS lookup) of any logged IP address (Event View).
• NEW: IDNA support in the URL harvester engine
  The URL harvester component is responsible for detecting, decoding, prioritizing and sorting URL payloads in spam, such as web links and email address domains. The domain names harvested from URLs are checked against online blacklists (SURBLs) to see if they are associated with spam. The URL Harvester now supports Internationalized Domain Names (IDNA), so ORF is now able to discover and lookup domain names written in alphabets and scripts like Cyrillic, Japanese or Hebrew.
• IMPROVED: Updated Second-level Domain List (SLD)
  The built-in Second-level Domain List (SLD) of ORF has been updated.
• NEW: Browser-style navigation in the Administration Tool
  New keyboard shortcuts have been implemented in the Administration Tool, so now it is possible to navigate through pages back and forward by pressing the Alt + Left Arrow / Alt + Right Arrow keys or Backspace / Shift + Backspace, as in any browser. This also supports the back and forward buttons you may have on your keyboard.
• IMPROVED: Log Viewer now copies data in Unicode format
  The Copy Cell feature of the ORF Log Viewer now copies data in Unicode format instead of ANSI.
• IMPROVED: Now all ORF binaries are signed digitally
  To prevent forgery or tampering, sotware publishers often sign their binaries digitally with Authenticode. Some of the binaries of ORF (namely the ones written in .NET) were not signed in previous ORF versions to avoid possible problems. Now these problems have been worked around.
• IMPROVED: Setup now checks if Internet Explorer 6 or later is installed
  Though the minimum system requirements indicate that Internet Explorer 6 or newer version is required by ORF, this requirement was not enforced technically, so ORF could be installed on servers with earlier Internet Explorer versions, but could not function properly. Now the setup checks the IE version and ORF refuses to install if the version requirement is not met.
• BUGFIX:
  All known bugs fixed.

Changes in version ORF 5

• NEW: System requirements raised to Windows 2000 SP3
  See minimum system requirements for details.
• NEW: Licensing Changes
  ORF was split into two products, ORF Fusion and ORF Fusion for SBS. Visit our website for detailed information.
• NEW: Remote Administration
  This feature allows editing the configuration of remote ORF installations (Administration Tool), viewing remote logs (Log Viewer), and creating reports from remote servers (Reporting Tool) from a client
• NEW: Configuration Synchronization
  ORF now can be configured to synchronize specific setting between instances in multi-server setups.
• NEW: Improved Help
  The Help is now available both offline and online, each topic with feedback support.
• NEW: URL blacklist update: Spamhaus DBL
  The default URL blacklist definition set (surbls.xml) has been extended with Spamhaus DBL.
• NEW: Option to Disable IP Lookups for URL Blacklists
  Querying IP addresses against URL Blacklists now can be disabled (required by Spamhaus DBL).
• NEW: Auto Sender Whitelist can be configured to keep items forever
  
• NEW: "Whitelist authenticated clients" is now a separate test (available Before and On Arrival)
  
• NEW: Various General Improvements
  
  • The ORF Service can now log Unicode expression comments
  • Renewed, rich formatted HTML email notifications
  • Time-restricted license (trial, beta, alpha) expiry email notifications
  • Ability to extend trial period
  • Updated Out Of Office subject samples in the Auto Sender Whitelist exceptions
  • The Whitelist Emails From Vamsoft Ltd. option now fetches Vamsoft email server list from DNS instead of using a hardcoded list
  • Log message improvements
• NEW: General User Interface Improvements
  
  • New toolbars added
  • New start screens with news and update information
  • New dashboards
  • Renewed status bars with more information
  • More resizable dialogs (typically list editors)
  • New About Box with more information
  • Copy To Clipboard functionality in the Modules dialog
• NEW: Renewed Remote Control feature
  
  • new UI
  • forwarding to the publisher server (if items are sent to a subscriber server)
  • sending client FQDN is now shown
  • hinting if the target list is getting overloaded
• NEW: Administration Tool improvements
  
  • Renewed page navigation
  • System Overview page with status summary and 24-hour statistics
  • Now you can test email/IP addresses/text against lists
  • Configuration Wizard to help setting up ORF
  • One-click list sorting (header click instead of the Sort button; column and direction remembered)
  • View and change test assignment settings from the test pages
  • Creating email and domain expressions is now simplified by an expression creator
  • New Tests page with test descriptions
  • Now all sections have pages
  • New Welcome Screen after installation
  • Connection and search testing is now available for the Active Directory Recipient Validation source
  • Database connection tests initiated in the ORF Admin Tool are now performed by the ORF Service (when available) to rule out issues caused by integrated SQL authentication and the different security context.
  • When importing DNSBL/SURBL definitions, the previous enabled state of DNSBLs and SURBLs are preserved
  • Illustration to aid determining the Intermediate Host List contents
• NEW: Log Viewer improvements
  
  • Renewed Event View
  • Online knowledge base lookups with rateable/commentable articles
  • Send to List from the Event View
  • Right-click filtering
  • Visually renewed filter builder
  • HTML + plain text event clipboard copy
  • Quick Filters: Now allows editing right from the filter list
  • Reset to Factory Defaults in the Column Selector dialog
• NEW: Reporting Tool improvements
  
  • Renewed user interface and report design
• BUGFIX:
  All known bugs fixed.
• REMOVED:
  The "Header Check Depth" setting was removed from the UI

Changes in version ORF 4.4

• NEW: Microsoft® Exchange 2010 Support
  ORF now can be used with Exchange 2010 without a patch.
• NEW: IIS 6 SMTP Service Support on Windows Server 2008
  The IIS 6 SMTP Service is now supported on Windows Server 2008.
• NEW: IIS 6 SMTP Service Support on Windows Server 2008 R2
  The IIS 6 SMTP Service is now supported on Windows Server 2008 R2.
• NEW: DNS blacklist update: Spamhaus CSS
  The Spamhaus ZEN DNSBL definition in the default set (blacklists.xml) has been extended with Spamhaus CSS.
• BUGFIX:
  All known bugs fixed.

Changes in version ORF 4.3

• NEW: DHA Protection Test
  A new test in ORF that can help to detect and stop Directory Harvest Attacks (DHAs).
• NEW: Honeypot Test
  Allows setting up honeypot (spamtrap) addresses and ban senders that attempt to send to these addresses.
• NEW: Restartless Configuration Changes
  ORF can now reinitialize with the new configuration without restarting the ORF Service, so you can enjoy uninterrupted email filtering.
• IMPROVED: Remote Control
  The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved. It no longer requires a running ORF Administration Tool, more target lists are supported and multiple items can be sent at once.
• NEW: Whitelist Test Exception for the SPF Test
  The SPF Test was added to the Whitelist Test Exceptions (disabled by default) so now you can validate the authenticity of the sender email address before the Auto Sender Whitelist or Sender Whitelist would run. This prevents forged emails from getting whitelisted.
• IMPROVED: Live Statistics
  The live statistics of ORF was redesigned to include a stopwatch functionality and got a few new counters.
• NEW: Blacklisting on SPF Neutral
  For specific (user-configurable) domains, blacklisting on SPF Neutral result is now available.
• NEW: Option to Skip Greylisting on SPF Pass
  Allows skipping the Greylisting test if the SPF Test says the sender is explicitly authorized to send in the name of a domain (enabled by default).
• NEW: DNS blacklist updates
  The default DNS blacklist definition set (blacklists.xml) has been updated.
• Further minor improvements and minor bugfixes.

Changes in version ORF 4.2

• NEW: "Real" Reverse DNS Test
  This new subtest of the Reverse DNS Test checks if the sending IP has reverse name (DNS PTR record). Blacklisting the resolved host names is also supported.
• NEW: Keyword Whitelist
  A new On Arrival-only test for whitelisting emails with specific keywords or patterns in the email body, subject or header.
• NEW: Charset Blacklist
  Another On Arrival-only test, for blacklisting emails written in specific languages/scripts.
• NEW: Compatible with Microsoft® Exchange 2007 on Windows Server 2008
  Version 4.2 now supports the Windows Server 2008 platform, when running with Microsoft® Exchange 2007. Note that the IIS SMTP-only mode is not supported on this platform, Exchange 2007 is required.
• NEW: SPF Exceptions
  Allows excluding specific senders from the SPF test by the sender email address or the source IP address.
• NEW: Auto Sender Whitelist Sender Exceptions
  This feature can be used to quickly un-whitelist accidentally whitelisted senders, without editing the Auto Sender Whitelist database.
• NEW: ORF Text Log Retention Control
  Allows automatic deletion of the ORF Text Log files after a user-defined number of days. This feature is disabled by default.
• NEW: Optional HELO/EHLO Logging
  When this option is enabled, the SMTP HELO/EHLO argument domain is added to the ORF logs as a separate column, helping the creation of HELO Blacklist expressions. This feature is disabled by default.
• NEW: Minor improvements
  
  • Integrated Configuration Export/Import Guide: Instructions on exporting and importing the entire ORF configuration are now available from the ORF Administration Tool menu.
  • The ORF Administration Tool now remembers the last open page.
  • The ORF Log Viewer can start the ORF Administration Tool when sending to blacklists/whitelists.
  • The Uninstaller now asks if data and configuration files should be left on the system.
  • Minor bugfixes.

Changes in version ORF 4.1

• NEW: Microsoft® Exchange 2007 Support
  ORF 4.1 now can be installed on Exchange 2007 Servers (Edge Transport or Hub Transport roles).
• NEW: Email Header Filtering
  The Keyword Filtering feature was extended with the ability to filter for keywords in the email header.
• BUGFIX: ORF Does Not Filter Mails with Blank HELO
  ORF logged a warning message and did not filter emails that arrived with a blank HELO/EHLO domain argument.
• BUGFIX: Connection Is Not Tarpitted At Before Arrival Under Specific Conditions
  Tarpit Delay was not triggered (irrespectively of the mode it was switched to) at the Before Arrival filtering point in case the Recipient Validation Test was excluded from the whitelists' scope (Whitelist Test Exceptions).

Changes in version ORF 4.0.4

• NEW: Recipient Validation Test
  This new test takes over the role of the Active Directory test and allows you to validate recipients using the Active Directory and two new sources: SQL databases and text files.
• IMPROVED: ORF Log Viewer Log File Handling
  The Log Viewer now supports viewing user-selected log files in addition to the automatic log file loading.
• BUGFIX: Memory Leak in the ORF SMTP Module
  The ORF SMTP Module was leaking a specific amount of memory on every email that reached the On Arrival filtering point. The potential impacts of the leak were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.
• REMOVED: Active Directory test "Synchronization Mode"
  

Changes in version ORF 4.0.3

• BUGFIX: Before Arrival Delivery Problems Under Specific Circumstances
  Valid recipients did not get the email when all of the following conditions were satisfied at once:
  • The email had multiple recipients
  • At least one recipient was rejected at Before Arrival
• BUGFIX: Log Viewer Time Filter Problems
  The "Time" filter could not be set higher than 12:59:59 (after(...date/time), before(...date/time), between(...date/time) modes). Events that occurred after 12:59:59 could not be filtered by the "Time" filter.
• BUGFIX: Log Viewer IP Address Filter May Return an Error
  Under Windows 2003 Server, the Log Viewer returned a "List index out of bounds" error when an IP filter with either CIDR notation (e.g., 1.2.3.0/24) or text range notation (e.g., 1.2.3.4-1.2.3.255) was applied to the "Related IP address" field.

Changes in version ORF 4.0.2

• BUGFIX: Delivery Problems Under Specific Conditions
  Valid recipients did not get the email when all of the following conditions were satisfied at once:
  • Active Directory Test was enabled at the On Arrival filtering point
  • The email had multiple recipients (valid and invalid ones)
  • The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)
• BUGFIX: Log Viewer: Saved Email Subject Filtering Expression Changes Randomly
  Previously saved Log Viewer email subject filtering expressions could have changed unexpectedly when modified.
• BUGFIX: Saved Log Viewer Filter Cannot Be Deleted Under Specific Conditions
  Previously saved filter in the Log Viewer could not be deleted if the view was switched to "All" mode.

Changes in version ORF 4.0.1

• BUGFIX: Incorrect SMTP Module Status Displayed
  A bug in the ORF SMTP Module caused the SMTP Module status displayed for one or more of the SMTP Virtual Server as "not loaded/inactive" when multiple SMTP Virtual Servers were present, even when the SMTP Module was loaded and active.
• BUGFIX: IP List CSV Export is Broken
  The ORF Administration Tool IP list (IP Blacklist, IP Whitelist) CSV format exports were broken in version 4.0 and thus could not be imported. Exporting/importing in TXT format and importing from earlier version CSV exports worked, however.
• BUGFIX: Email Loss When Whitelisting Under Specific Circumstances
  Whitelisted recipients did not get the email when all of the following conditions were satisfied at once:
  • The email had multiple recipients at the On Arrival filtering point
  • Some, but not all of the email recipients were whitelisted
  • The email was not blacklisted
• BUGFIX: Some External Agents Do Not Run Under Specific Conditions
  When External Agents whitelist test exceptions were enabled and there were enabled External Agents with both Anti-Virus and Spam Filter role, agents with Spam Filter role were not ran by ORF.

Changes in version ORF 4.0

• NEW: Combined Actions
  The new version can tag and redirect the email at the same time at the On Arrival filtering point.
• NEW: Whitelist Test Exceptions
  This feature allows some blacklist tests to take precedence over whitelists (Attachment Filtering, External Agents, Active Directory Integration and the Recipient Blacklist), which provides better email security.
• NEW: External Databases
  Allows using Microsoft® SQL Server® databases for storing the Auto Sender Whitelist and Greylisting data.
• NEW: Email Subject Logging
  The subject of the incoming email is now logged at the On Arrival filtering point.
• NEW: 64-bit Windows Support
  ORF 4.0 can be used on 64-bit Windows Server editions.
• NEW: Auto Sender Whitelist Automatic Response Detection
  This new feature prevents automatic responses (e.g., Out of Office autoresponses) from polluting your Auto Sender Whitelist.
• NEW: Greylisting /24 Support
  Now Greylisting can be configured to accept delivery re-attempts from the same /24 network block. This reduces the email delay from senders with a pool of outgoing email servers.
• NEW: Automatic Update Check
  This feature periodically checks for a new ORF version and tells you if there is any available.
• IMPROVED: Log Filtering and Search
  The filtering feature of the ORF Log Viewer was completely redesigned to allow creating more flexible filters. The Search functionality is no longer column-specific (free text search).
• IMPROVED: More flexible IP Address Definitions
  In the new version, IP network definitions can be entered in various formats, including text range and CIDR notation.
• IMPROVED: PowerLog Preprocessing Speed
  ORF 4.0 preprocesses the PowerLog files about 75 times faster than the previous 3.0 version.
• BUGFIX: PowerLog Files May Get Deleted
  A bug in ORF caused the ORF PowerLog file under preprocessing to be deleted on the specific conditions (affected versions: 3.0 and 3.0.1).
• BUGFIX: Legitimate Emails Tarpitted on Specific Conditions
  ORF applied the tarpit delay on any non-whitelisted email on specific conditions (affected versions: 3.0 and 3.0.1).
• BUGFIX: External Agent Exit Code Enabled State Cannot Be Changed
  A bug in ORF prevented persisting the changes made to the enabled state of the External Agent exit codes (affected versions: 2.1, 3.0 and 3.0.1).

Changes in version ORF 3.0.1

• BUGFIX: AD Test may reject emails when the AD is not available
  When the Active Directory Test was in Synchronization Mode, version 3.0 failed to recognize that the address list was unavailable after a failed synchronization and rejected non-whitelisted emails.

Changes in version ORF 3.0

• NEW: Reporting
  This version introduces ORF Reporting Tool, which allows generating printable graphical reports about ORF's filtering activity. The Reporting Tool relies on a new log device called ORF PowerLogs.
• NEW: Minor changes and improvements
  
  • More consistent spam filtering engine behavior on errors.
  • Attachment MIME type is now logged when an email/attachment is blacklisted by the Attachment Filtering.
  • External Agent parameter double quotes are now tripled as opposed to doubling them, like in previous versions.
  • Statistics are now sent to Vamsoft in a fixed 24 hours period.

Changes in version ORF 2.1

• NEW: SPF support
  The new version supports using the Sender Policy Framework (SPF), which is an email authentication protocol for recognizing email address forgery. As most of the spam arrives with forged sender address, SPF can do a great job in reducing spam.
• NEW: External Agents
  Allows attaching various external software, such as anti-virus or anti-spam products to ORF. Depending on the agents used, it can boost ORF's spam filtering performance significantly or act as another layer of defense against viruses. You can download agent definitions for a few software from our website or define your own.
• NEW: HELO Domain Blacklist
  A new feature which helps to detect poorly written spammer software and malicious content based on the HELO/EHLO domain.
• NEW: Minor improvements
  
  • URL Domain Blacklist: Version 2.1 allows defining domain exceptions which are not checked by the URL Domain Blacklist.
  • Tarpit Delay: ORF delays maximum 10 connections concurrently to avoid eating up IIS resources.

Changes in version ORF 2.0.2

• BUGFIX: Database problems
  This version is shipped with an updated version of the database engine used by ORF. The update fixes the problems which may lead to corruption of the Greylisting or the Automatic Sender Whitelist databases. The symptoms of the database corruption were occasional database error messages logged by ORF and, in rare cases, 100% processor use for a long period (more than a minute) on a large number of outgoing emails (e.g., newsletters).
• BUGFIX: IP Whitelist ignored in Short log mode
  A bug in ORF caused the IP Whitelist to be ignored at the Before Arrival filtering point when the ORF log was in "Short Log Messages" mode.
• IMPROVED: Automatic Sender Whitelist performance
  We improved the performance of the Automatic Sender Whitelist performance, the new version processes outgoing email significantly faster and uses less resources than the previous version.

Changes in version ORF 2.0.1

• BUGFIX: Memory leak in the ORF SMTP Module
  A bug in the ORF SMTP Module resulted in a small memory leak on each rejected email. The potential impacts of the bug were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.

Changes in version ORF 2.0

• NEW: Support for SURBLs (URL Blacklist Support)
  SURBLs are very similar to DNS blacklist, except that they list domain names instead of spam IP sources. ORF 2.0 can collect links to "spamvertized" sites from the scanned email and check the linked domains in the SURBLs.
• NEW: Greylisting
  Anti-spam feature based on temporary rejection of emails from unknown senders. While greylisting provides outstanding spam stop rate, it causes about 15 minutes delay of emails from unknown senders as well. Moreover, it works at the Before Arrival filtering point only.
• NEW: Automatic Sender Whitelist
  A self-learning whitelist which monitors your outgoing emails and builds a sender email address whitelist from the recipients of the outgoing emails. In other words, the recipients of the emails that you send become whitelisted senders.
• NEW: Tarpit Delay
  Delays your server's response to blacklisted mails. Can be used to slow down/stop Directory Harvest Attacks or to fight back to spammers.
• NEW: Several minor improvements
  
  • Completely rewritten DNS cache with persistent cache data store
  • DNS TCP fallback option
  • Updated DNS client in ORF
  • Improved email wildcard mask support, now both the * and the ? wildcards are supported
  • Attachment filter wildcard support (* and ? wildcards are now supported)
  • Configurable SMTP response for the On Arrival email drop action
  • Configurable SMTP response for the attachment filter drop action
  • ORF Log Viewer: "Remote Control"—add addresses to the ORF sender and IP lists by one click
  • ORF Log Viewer: "Quick Filters"—easier filter selection
  • ORF Log Viewer: "Preview Panel"—easier viewing of long log column data
  • ORF Log Viewer: Customizable color-coding of event records based on the event severity
  • ORF Log Viewer: Filters are now listed in alphabetical order
  • ORF Admin Tool: Sorting improvements, now you can sort virtually every list of ORF by any column
  • ORF Admin Tool: SMA expiration reminder
  • ORF Admin Tool: DNS Test to check the health of your DNS servers
• REMOVED: The "Reject mail temporarily on DNS failure" feature has been removed.
  

Changes in version 1.5.2

• UPDATE: License agreement
  The license agreement has been changed, the installer and the documentation was updated accordingly. This version does not add any new features compared to ORF 1.5.1.

Changes in version 1.5.1

• NEW: Active Directory integration "Live Mode"
  The new AD integration mode allows validating the recipient "live", without extracting all addresses from the Active Directory (synchronization). The Live Mode is more resource-friendly and faster than the previous Synchronization mode when working with large directories. The performance of the Synchronization mode (pre-1.5.1 AD integration) was also improved.
• BUGFIX: Memory leak in the ORF SMTP Module
  A bug in the ORF 1.5 SMTP Module resulted in a 20-byte memory leak per email at the On Arrival filtering point. This has caused out of memory errors in ORF and IIS crashes. This bug has been fixed by version 1.5.1.

Changes in version 1.5

• NEW: Dual filtering points model
  Previous ORF versions filtered the emails before email arrival. Now with 1.5 you can filter emails on arrival, which allows delivery path analysis, keyword and attachment filtering, etc.
• NEW: Attachment and keyword filtering
  Using the attachment filter you can drop emails with malicious attachments or replace the attachments with a customisable warning text. Both the keyword and the attachment filtering support using Perl-compatible regular expressions, which makes the filtering extremely flexible. Both features are Unicode-aware.
• NEW: Reviewing emails caught by the filter
  Emails blacklisted at the On Arrival filtering point can be dropped, redirected or tagged (header or subject).
• NEW: ORF Log Viewer
  ORF is now shipped with a built-in log viewer which allows easy browsing, searching and filtering the logs.
• NEW: DNS blacklist updates
  The default DNS blacklist definition set (blacklists.xml) has been updated.

Changes in version 1.4

• NEW: Invalidated RDNS record list
  The new list allows you to invalidate specific IP addresses returned by the RDNS A record test. This feature has been built into ORF to keep the RDNS test usable after .com/.net gTLD manager Verisign added a global A record wildcard to the .com/.net zones. The wildcard IP address is added to the list by default. The DNS A record which resolves to any of the IP addresses listed on this list will be treated as non-existent record in the Reverse DNS test.

Changes in version 1.3

• NEW: Exception list for the Active Directory integration
  Using the new exception list, you can exclude specific email addresses or domains from the Active Directory-based recipient filtering. This comes handy if you provide filtered mail services for domains that are not listed in your directory.
• NEW: AD integration user authentication support
  User authentication may be required for the AD integration if ORF is running on a computer which is not a member of the domain. ORF now supports specifying a user name and password for LDAP authentication.
• NEW: Whitelisting authenticated sessions now can be disabled
  
• NEW: Authenticated user name in the log
  For easier tracking of authenticated sessions, version 1.3 logs the authenticated user name with the whitelist event message.
• NEW: Customizable RDNS SMTP response
  
• NEW: Minor improvements
  
• BUGFIX: Cannot start syslogd when ORF Service is up
  You could not start the syslog daemon on the syslog UDP port while ORF was running, if you had ORF syslogd logging enabled. This was caused by an unclosed socket has which allocated the syslog UDP port so the syslog daemon was unable to start listening to syslog messages. This issue occurred only when both ORF and the syslog daemon was running on the same computer.
• NEW: DNS blacklist updates
  
  • Removed: DORKSZTL and DORKS (dead blacklists)
  • Removed: MONKEYFORMMAIL (no hits, seemingly dead)
  • Removed: BLITZEDHTTP, BLITZEDWINGATE, BLITZEDSOCKS (these zones are no longer up)
  • Added: CBL, LBL, REYNOLDST1, UCEB
  • Update: Four new zones added to FIVETEN, BLITZED also updated
  • Update: MONKEYPROXIES has been renamed to MONKEYUPL (zone remains the same)

Changes in version 1.2.1

• BUGFIX: Sending statistics cannot be disabled
  Due to a software bug you could not disable the statistics report sender feature, statistics were sent regardless your settings. This bug has been fixed in version 1.2.1.

Changes in version 1.2

• NEW: Seamless update
  Until version 1.2, you had to manually stop and restart Exchange services during an ORF update. The new Update Setup shipped with ORF version 1.2 can automatically stop and restart the Exchange services and transfer your previous ORF settings to the updated version.
• NEW: Active Directory integration
  Unlike other mail servers, Exchange 2000 does not reject mails coming to mailboxes that does not exist. Exchange 2000 accepts the mail for delivery and bounces the email later if the recipient mailbox is unavailable. Spam is often sent with non-existing sender email address, which results in tons of NDR's filling up the mail queue. Using the ORF's new Active Directory integration you can reject all mails that are addressed to mailboxes that are no longer (or never been) valid and accept mails only to mailboxes that exists in the Active Directory.
• NEW: Built-in Bonded Sender™ Program DNS whitelist support
  IronPort Systems Inc's Bonded Sender™ Program provides a public DNS whitelist, which is now supported by ORF 1.2. More information about this program is available at http://www.bondedsender.com.
• NEW: Better ORF community support
  Do you find it confusing to select the best DNS blacklists? Now ORF can automatically send your ORF statistics anonymously to our server in email. The server collects these statistics and displays DNS blacklist popularity and statistics on our website.
• NEW: Commentable list items
  The new version supports commenting IP/sender/recipient whitelist and blacklist items which makes managing and exchanging these lists easier.
• NEW: Regular expressions
  Using regular expressions you can create complex email address masks. ORF 1.2 supports the Perl-compatible regular expressions (PCRE, for more information, please see http://www.pcre.org). This feature is available for the sender whitelist, sender blacklist, recipient whitelist and recipient blacklists.
• NEW: Windows Event Log and BSD syslog support
  Version 1.2 extends logging capabilities with Windows Event Log and BSD syslog support.
• NEW: Automatic whitelisting of authenticated SMTP connections
  Authenticated SMTP connections are now recognized and automatically whitelisted by the new version.
• BUGFIX:
  Cumulative statistics not saved on system reboot/shutdown
• BUGFIX:
  Sender email address is not logged under specific conditions

Changes in version 1.1.1

• BUGFIX: Reverse DNS test fails when MX missing and A/CNAME exists
  The reverse DNS test with "MX or A/CNAME" test mode did not test A/CNAME records due to a software bug. This bug caused the software to work as the reverse DNS test running with "MX" (stict check) mode and to provide wrong information for the remote SMTP server about the block reason.
• BUGFIX: Incorrect reverse DNS statistics
  Reverse DNS statistics were displayed incorrectly. The "Tests" value was equal to the "Blocks" value.
• ADDED: Log level recorded in the log
  This feature makes writing log parsers easier.

Changes in version 1.1

• NEW: Support for multiple DNS servers
  In version 1.1, you can define multiple (fail-over) DNS servers with priority order.
• NEW: Cumulative statistics
  Using the new cumulative statistics feature you can view the statistics of ORF since the installation. You can also take a snapshot of the current run-time statistics and export the snapshot to various file formats (including CSV, which can be imported by Microsoft® Excel®). The statistics are resettable.
• NEW: Reverse DNS test with MX or A/CNAME records
  The 1.0 version reverse DNS test was very strict. Version 1.1 offers you a less strict check. This helps in reducing the number of legitime mails blocked.
• NEW: Address list export/import
  Exporting and importing address lists (IP, sender, recipient whitelists and blacklists) is now available. Multiple text formats supported, including CSV which can be imported by Microsoft® Excel®
• NEW: Blocking broken sender domains
  ORFEE 1.1 can block mails with broken sender domain information (senderdomain is not a fully qualified domain name - FQDN).
• NEW: Temporary rejection of mails on DNS errors
  You can configure ORF to reject the mail temporarily when it cannot be tested due to DNS errors. Using this option you can avoid accepting mails when the filtering is not available due to unreachable DNS data.
• NEW: Several minor improvements
  
  • All address lists (IP, sender and recipient whitelists and blacklists) are sortable to ascending or descending order by one click
  • You can set the order of list items using drag&drop (where applicable)
  • Sending a test notification mail from the Events page is now available
  • Default values automatically assigned to various SMTP responses
  • You can configure ORF to add the local server name to the log as a separate column
  • {HOUR} field added to the available log file name fields
  • You can control line wrapping in the notification mails
  • Now the sender address is available in the log when a mail is blocked on the recipient blacklist
  • CTRL-SPACE displays the directory browser dialog in path edit boxes
• BUGFIX: RDNS test may fail with specially formatted addresses
  The reverse DNS test did not handle some specially formatted sender addresses correctly. Affected format: "mailbox@[1.2.3.4]", "[email protected]". This syntax is allowed by RFC standards, but used rarely on the Internet. ORF did not recognize that the sender domain is actually an IPv4 address and blocked the mail (because it failed on RDNS test).
• BUGFIX: Sender blacklist hits are not logged
  Mails blocked on the sender blacklist were not logged by ORF Enterprise.
• BUGFIX: Some controls may not appear with Large Fonts settings
  If you run your display in Large Fonts mode, you may experienced that some controls in the ORF Administration Tool were not visible on the screen.