Change Log
This section contains the complete version history of ORF.
Changes in version ORF 6.7
- NEW: Microsoft® Windows Server 2022 Support
ORF now officially supports Windows Server 2022. - NEW: Attachment Quarantine Manager
Allows resending, exporting and deleting quarantined attachments that were saved to the file system. Accessible via the ORF Administration Tool (Attachment Filtering) or the ORF Log Viewer (Tools). - NEW: Attachment resending settings
A new tab called Resend has been added to the Attachment Filtering settings dialog. - NEW: Log Viewer – Resend attachment
Quarantined attachments can be resent to the original recipients with a single click using the Tools menu or the right-click context menu. - NEW: Log Viewer - Event grouping
Events logged for a given email are now grouped together for easier overview (limited support on IIS SMTP servers). - NEW: Log Viewer - New columns
Four new columns have been added to the Log Viewer: - Author: The (RFC5322.From) email address that email clients actually display to recipients.
- Source IP: The IP address of the mail server that sent the email.
- Remote Peer IP: The IP address of the mail server that connected to the ORF server.
- Related Test: The ORF test related to the event record.
- NEW: Log Viewer - New sorting options
Three new sorting options have been added to the Log Viewer column headers: - Username
- Organizational domain
- Top-Level domain
- IMPROVED: Log Viewer - Right-click menu
The right-click context menu has been restructured for easier view and navigation. - IMPROVED: Log Viewer - Remote Control
The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved: - The content of the Author and HELO fields have been added to the list of items available for sending to ORF lists.
- You can now send multiple items at once to ORF lists, and specify the comment.
- IMPROVED: Log Viewer - Right-click filter
You can now filter for multiple selected items at once from the right-click context menu. - BUGFIX: Reporting Tool - DMARC reporting
The Hits and Contribution statistics were incorrectly calculated in the DMARC filtering reports. - Other minor fixes and user interface improvements.
Changes in version ORF 6.6.1
- BUGFIX: False transport agent status
On Microsoft® Exchange 2010 servers, and when accessed remotely, the Administration Tool incorrectly reported the status of some of the ORF transport agents. - BUGFIX: Memory leak in the ADO and CDO call handling module
The ADO and CDO call handling module was leaking a certain amount of memory when the incoming email had to be modified. This bug primarily affected servers with very high email load. - IMPROVED: ARC settings verification messages
The ARC signature settings verification test in the Administration Tool now displays different DNS error messages based on response codes, instead of a "catch-all" error message. - Further minor UI fixes.
Changes in version ORF 6.6
- NEW: ARC Signing
The new version adds support for ARC (Authenticated Received Chain) allowing ORF to sign the email's original authentication result and store it in the message header in a verifiable format. This enables subsequent ARC-enabled mails transfer agents to validate the email even if it fails the local SPF, DKIM and DMARC checks. - NEW: ARC Test
Emails that would fail the SPF, DKIM or DMARC tests as a result of intermediate processing can be "rescued" by ORF by recycling the original email authentication results left in the message header by trusted ARC signers. - NEW: Exchange Transport Agent
A third transport agent has been introduced which is responsible for adding digital signatures to incoming messages when ARC Signing is enabled. - CHANGE: Pending Submissions item handling
Items sent from the Log Viewer to blacklists, whitelists and exception lists are no longer used by the ORF service immediately. - CHANGE: New category in the navigation bar
The settings pages of the DMARC, DKIM and SPF tests have been moved to a new category called Authentication. - BUGFIX: Unexpected SPF Test error
Rather than ignoring the email, the SPF Test ended with an error when the following two conditions were met: the sender was excluded from the SPF check and the SPF Test was allowed to run at the Before Arrival filtering point. - BUGFIX: IPv6 scope-id parsing error
Link-local (intranet) IPv6 addresses ending with a scope-id were not recognized as valid IPv6 addresses, which caused benign errors on systems where IP-based tests were allowed to run at the Before Arrival filtering point. - Further minor changes and improvements.
Changes in version ORF 6.5
- NEW: Email authentication results in the message header
A standard Authentication-Results header is now added automatically to all tested emails recording the results of the SPF, DKIM and DMARC checks. - NEW: Extended message header filtering
It is now possible to limit the search scope to a specific header field when creating a keyword filter expression. - NEW: Automatic message header decoding
Keyword filter expressions with a header search scope are now checked against the decoded message header parts by default. Select the "Email header (raw MIME)" search scope in the keyword filter properties dialog if you need to create a rule for matching encoded content. - IMPROVED: Unicode-enabled configuration fields
The management tools have been updated to support Unicode characters in most text fields, including file paths. - IMPROVED: SURBL Test
The domain extractor of the SURBL Test has been updated to recognize links with accidentally or intentionally malformed URL prefixes (e.g. "http:/\").
Changes in version ORF 6.4
- NEW: Complete IPv6 Support
The ORF Service and ORF Management Tools are now fully IPv6 capable. You can now connect to ORF instances via IPv6 interfaces and create IPv6-specific rules and policies for filtering. - NEW: Sender identity verification before whitelist and exclude actions
A sender validation option was added to the Sender Whitelist page and to each Sender Exceptions dialog. Enable it to prevent spammers from exploiting existing email address and domain expressions on said lists to bypass filtering. - BUGFIX: Service outage preceded by access violation errors
Receipt of specifically malformed emails could cause a buffer overflow in the memory space of ORF, resulting in service outage. - Further minor bugfixes and performance improvements.
Changes in version ORF 6.3
- IMPROVED: Attachment Filtering
ORF can now unpack additional archive formats, such as RAR, ARJ, TAR, GZIP, Z, etc. - IMPROVED: Regex Engine
The regex engine has been updated in order to be able to match strings that contain Unicode characters with code point values greater than U+FFFF (65535), such as emoticons and other symbols stored in supplementary Unicode planes. - BUGFIX: Ed25519-type public key strings trigger DKIM Test errors
Due to a hashing bug in the DKIM signature verifier algorithm, the DKIM Test terminated with an error upon attempting to parse ed25519-type key strings from public DKIM (DNS TXT) key records. - Further minor user interface improvements and fixes.
Changes in version ORF 6.2
- NEW: Custom Action - Test Mode
A new custom action for troubleshooting, testing and fine-tuning individual blacklist tests. - NEW: Result-based actions for the SPF and DKIM tests
You can now specify different blacklist actions for most SPF and DKIM authentication results. - NEW: Search filter expressions in logs
This new feature allows you to find log entries that match the filter expressions you defined in the ORF Administration Tool. - CHANGE: Automated filtering points selection
The appropriate filtering points are now automatically selected for each test based on your ORF configuration. The filtering point control columns (Before Arrival & On Arrival) were removed from the UI. - CHANGE: Active Directory-based recipient validation
Emails sent to shared mailboxes are no longer rejected when ORF is configured to blacklist emails sent to disabled AD accounts. - CHANGE: Configuration file paths
The service-related configuration files were moved to "%ProgramData%\ORF Fusion\". - IMPROVED: SMTP Responses
The SMTP response list had been extended and the default responses have been updated. - BUGFIX: DKIM Signature Verifier - RFC-6376 standards violation
Signature verification was unnecessarily terminated with a warning when the version tag (v=) was not the first tag in the "DKIM-Signature" header field.
Changes in version ORF 6.1.1
- BUGFIX: DMARC identifier alignment check problem
Uppercase characters in the domain part of the "From:" header address caused verification failure during the DMARC identifier alignment check. - BUGFIX: Minor user interface issues
Fixed a number of UI related issued affecting the ORF management tools.
Changes in version ORF 6.1
- NEW: DKIM Whitelist
Whitelist emails from specific senders based on the validity of the DKIM signature. - NEW: Enforced Signatures
Create a list of senders and signers whose emails must pass DKIM validation in order to pass filtering. - IMPROVED: RFC8463-compliant updated DKIM verifier
ORF now validates Ed25519-SHA256 DKIM signatures as well. - NEW: Detailed DKIM logs
When enabled, the signature verification details will be added to the DKIM log messages. - NEW: DMARC sub-test logging
When this option is enabled, the results of the SPF and DKIM checks will appear in the logs. - BUGFIX: Invalid pointer operation
ORF logged an error message when one of the recipients of a multi-recipient email was on the Recipient Whitelist while the sender was on the Auto Sender Whitelist. - BUGFIX: Access violation error on malformed emails
Non-standard MIME boundary usage in emails could trigger access violation errors due to a bug in the ORF MIME parser.
Changes in version ORF 6.0.1
- BUGFIX: ORF transport agent On Arrival error
In rare cases, certain emails might trigger a "NullReferenceException" error during the parsing of the email data received from Microsoft Exchange. - BUGFIX: DKIM signature parsing failure
Quotation marks in the "h=" tag of the DKIM signature were interpreted as text boundary instead of literal characters. - BUGFIX: DKIM signature timestamp error
DKIM signature verification might fail with a timestamp error on servers located to the west of the UTC±00:00 timezone. - BUGFIX: Limited tarpit delay functionality
The Tarpit Delay feature did not work when configured as a default filtering action. - BUGFIX: False license activation error message
The License Manager displayed the wrong error message on connection failure.
Changes in version ORF 6.0
- NEW: Microsoft® Exchange 2019 compatibility
Exchange 2019 is now fully supported by ORF. - NEW: Microsoft® Windows Server 2019 compatibility
ORF is now officially supported on Windows Server 2019. - NEW: Licensing changes
ORF Fusion is now available through subscription only. Perpetual licenses and maintenance plans are no longer available. For more information please consult our related KB. - NEW: License Manager
ORF Fusion now requires a license key for activation. A License Manager has been added to the ORF Administration Tool (Help / License Manager) for managing your licenses. - NEW: DKIM Test
The new version supports using the DomainKeys Identified Mail (DKIM) email authentication framework for verifying the integrity of incoming emails as well as the identity of responsible senders via cryptographic signatures. - NEW: DMARC Test
Domain-based Message Authentication, Reporting & Conformance (DMARC), possibly the most advanced email validation system designed to combat phishing and email spoofing, is now here to help you detect and mitigate fraudulent messages. - NEW: Per-Test Actions
Separate filtering actions can now be specified for almost every blacklist test. - NEW: Attachment Filter Exceptions
Allows excluding specific senders from Attachment Filtering by the sender email address or the source IP address. - NEW: DKIM Test added to Whitelist Test Exceptions
Provides an opportunity to verify the authenticity of the incoming email before the Auto Sender Whitelist or Sender Whitelist could exempt the message from filtering (disabled by default). - NEW: General user interface improvements
- Status indicator added to tests in the side-menu
- Toggle option added to the toolbars
- Status bar elements are now interactive
- Some of the icons received a second state
- NEW: Log Viewer log file handling improvements
- Drag-and-drop support added
- You can now select multiple log files and load them at once
- Loading specific log files is now possible in multi-server mode as well
- IMPROVED: Attachment Blacklist logging
Filter expressions are now appended to log messages automatically when no user-defined comment text is configured. - CHANGE: Microsoft® Windows Server 2003 support retired
The new version no longer supports Microsoft® Windows Sever 2003. - CHANGE: Microsoft® Exchange Server 2000-2003 support retired
The new version no longer supports Exchange Server 2000 and Exchange Server 2003. - CHANGE: Fusion for SBS edition retired
The Fusion for SBS edition of ORF has been retired due to lack of demand. There is only one ORF edition now, ORF Fusion, which supports Windows Server Essentials (formerly Windows Small Business Server or SBS) installations as well. Free upgrades to ORF Fusion are given to Fusion for SBS users with active Software Maintenance Agreements. - CHANGE: License agreement updated
The license agreement has been changed, the installer and the documentation was updated accordingly. - BUGFIX: Increased memory usage & oversized PowerLog reference file
A bug in the ORF PowerLog Reference module resulted in a new reference entry being added to the plogrefs.dat file on each IP Whitelist and IP Blacklist hit. The potential impacts of the bug were out of memory errors and service crashes affecting servers with very high email load. - BUGFIX: Wrong attachment filtering action on memory error
Fixed an error handling bug that could cause legitimate emails and attachments to be blacklisted or quarantined. - BUGFIX: Configuration change warning not displayed
The ORF Administration Tool did not check whether the local configuration of the subscriber server should be saved before connecting to a publisher server if the connection was initiated from a settings page that was in subscriber mode.
Changes in version ORF 5.5.1
- BUGFIX: Archive scan timeout not respected
Fixed an error handling bug that could delay ORF from executing the configured archive scan timeout action. - BUGFIX: Right-click export not working for certain lists
Some of the user-defined lists could not be exported using the export option of the right-click context menu. - BUGFIX: User Interface Lag in the Log Viewer and Reporting Tool
Fixed a bug that could cause the Log Viewer and Reporting Tool to hang or become unresponsive for short periods of time.
Changes in version ORF 5.5
- NEW: Multi-server support in the Log Viewer
The Log Viewer can now connect to multiple ORF instances at the same time, so you may browse and filter logs from all your ORF servers simultaneously. - NEW: Filtering inside compressed attachments
The Attachment Filter can now perform recursive checks in compressed (Zip) files. Password protected archives are treated according to user-defined policy. - NEW: Attachment filtering based on file size
You may now set a per-expression file size limit for each attachment filter expression. - NEW: Option to blacklist emails sent to disabled accounts
A new Recipient Validation option has been added to allow the blacklisting of emails sent to email addresses associated with disabled Active Directory accounts. - NEW: List item control
All blacklist and whitelist entries can now be enabled or disabled selectively. - IMPROVED: Attachment Quarantine
Removed attachments are now saved with a .quarantine extension to prevent the accidental execution of malicious files. - IMPROVED: Email header tagging
The name of the blacklist test that triggers the filtering action can now be included into the header tag. - IMPROVED: Remote management
When the ORF service shuts down or is restarted, any remotely connected Administration Tool will now disconnect automatically. - BUGFIX:
All known bugs fixed.
Changes in version ORF 5.4.1
- NEW: Microsoft® Exchange 2016 compatibility
Although ORF 5.4 worked fine with Exchange 2016, the platform was detected by ORF as Exchange 2013. Version 5.4.1 has been updated to detect Exchange 2016 as a separate Exchange version. - NEW: Microsoft® Windows Server 2016 compatibility
ORF is now officially supported on Windows Server 2016. - CHANGE: Removed dead surbl.org zones
A few surbl.org zones went offline since the last version. The default definition set included with ORF now reflects this change. - BUGFIX: External Agent exit code actions always enabled
Fixed bug with ORF ignoring the enabled/disabled state of External Agent exit codes actions. - BUGFIX: Inconsistent IP Whitelist logging
Due to a bug in the IP Whitelist implementation, ORF did not always select the right IP address to be logged as "Related IP" address when a hit occurred. The bug affected only ORF Text Logs and the On Arrival filtering point. - BUGFIX: SPF evaluation limit counters do not propagate out from recursion
The overall DNS lookup limit (max. 10) for SPF terms ("include", "a", "mx", "ptr", "exists" and "redirect") was not tracked as a single global limit for all evaluations, but just for a single instance of a recursive evaluation. Because of this, the total number of DNS queries triggered by the SPF terms might have exceed the limit specified in RFC-7208 (Section 4.6.4), unless the limit was reached in a recursive evaluation. - BUGFIX: Incorrect severity level assigned to ESpfTempError exception
Timeout occuring during the retrieval of an SPF record resulted in ORF logging an ESpfTempError exception with Error severity, instead of a more informative message with the proper Warning severity. - BUGFIX: Before Arrival SMTP actions for the HELO Blacklist cannot be edited
Changes made to the SMTP action of the HELO Blacklist were not persisted in the configuration.
Changes in version ORF 5.4
- NEW: Built-in recursive DNS resolver
The new DNS resolver can obtain DNS data without the help of a dedicated DNS resolver server. This greatly simplifies the DNS setup in ORF and eliminates common DNS configuration problems that lead to a diminished spam filtering performance. - IMPROVED: Updated DNSBL definition set and recommendations
The new set is compiled based on comprehensive true positive, false positive and overlap analysis to maximize the spam catch rate without risking the loss of legitimate emails. - IMPROVED: RFC7208-compliant updated SPF client
ORF implemented SPF long before it became standardized. The final RFC4408 standard and the most recent RFC7208 version contain few significant changes, but they are more lenient in handling common SPF errors, so this update allows evaluating more policies than before. - IMPROVED: Exchange 2013 CU9 Health Probe detection update
Microsoft® Exchange 2013 regularly sends health probe emails as a part of its Managed Availability feature. ORF has a built-in mechanism for detecting and ignoring these emails to avoid clogging up the logs. The CU9 package for Microsoft® Exchange 2013 introduced a feature that broke this detection in ORF and this update restores the detection. - CHANGE: Microsoft® Windows 2000 support retired
The new version no longer supports Microsoft® Windows 2000. - BUGFIX:
All known bugs fixed.
Changes in version ORF 5.3
- NEW: Microsoft® Exchange 2013 Edge Transport Server support
ORF is now fully compatible with the Edge Transport Server role introduced in Microsoft® Exchange 2013 SP1. Please read our related Knowledge Base article for more information about deploying ORF on different Exchange 2013 roles. - NEW: Automatic detection of the Transport Agents defect of Microsoft® Exchange 2013 SP1
Microsoft® Exchange 2013 SP1 was shipped with a critical flaw (see Microsoft Knowledge Base Article 2938053). The ORF Setup now detects the defect and refuses to install on an unpatched SP1 installation, and the ORF Service will now log errors if it finds the underlying Exchange installation unpatched.
Changes in version ORF 5.2
- NEW: Configuration Snapshots
ORF now automatically takes snapshots of the ORF configuration state on every configuration save and this enables reverting to earlier configurations. - NEW: Attachment Quarantine
The Attachment Quarantine allows saving blacklisted email attachments to the file system for later retrieval by the administrator. Automatic retention control is available. - NEW: Log Message Explanations from Email Notifications
Event message explanations are now available from ORF email notifications (in previous versions, these were available from the ORF Log Viewer only). - IMPROVED: Updated Second-level Domain List (SLD)
The built-in Second-level Domain List (SLD) of ORF has been updated (January 2014). - BUGFIX:
All known bugs fixed.
Changes in version ORF 5.1
- NEW: Microsoft® Exchange 2013 Support
ORF now can be used with Microsoft® Exchange 2013 on both the Client Access server and the Mailbox server roles. Please read our related Knowledge Base article for more information. - NEW: Session timeout prevention in the ORF Log Viewer and ORF Reporting Tool
In ORF 5, if the Log Viewer or the Reporting Tool was connected to a remote ORF instance and left unattended for more than 24 hours, the session has timed out, as the login ticket has expired. Now they keep the session alive. - NEW: Fixed items are now shown on the Intermediate Host List
Intranet IP address ranges are treated as Intermediate Hosts by default to avoid blacklisting internal and outgoing emails. In previous ORF versions, these ranges were not visible in the Administration Tool, which was confusing for new ORF users. Now these ranges are visible as non-editable items. - NEW: Reverse DNS lookup in the ORF Log Viewer
Now the Log Viewer supports looking up the PTR record (Reverse DNS lookup) of any logged IP address (Event View). - NEW: IDNA support in the URL harvester engine
The URL harvester component is responsible for detecting, decoding, prioritizing and sorting URL payloads in spam, such as web links and email address domains. The domain names harvested from URLs are checked against online blacklists (SURBLs) to see if they are associated with spam. The URL Harvester now supports Internationalized Domain Names (IDNA), so ORF is now able to discover and lookup domain names written in alphabets and scripts like Cyrillic, Japanese or Hebrew. - IMPROVED: Updated Second-level Domain List (SLD)
The built-in Second-level Domain List (SLD) of ORF has been updated. - NEW: Browser-style navigation in the Administration Tool
New keyboard shortcuts have been implemented in the Administration Tool, so now it is possible to navigate through pages back and forward by pressing the Alt + Left Arrow / Alt + Right Arrow keys or Backspace / Shift + Backspace, as in any browser. This also supports the back and forward buttons you may have on your keyboard. - IMPROVED: Log Viewer now copies data in Unicode format
The Copy Cell feature of the ORF Log Viewer now copies data in Unicode format instead of ANSI. - IMPROVED: Now all ORF binaries are signed digitally
To prevent forgery or tampering, sotware publishers often sign their binaries digitally with Authenticode. Some of the binaries of ORF (namely the ones written in .NET) were not signed in previous ORF versions to avoid possible problems. Now these problems have been worked around. - IMPROVED: Setup now checks if Internet Explorer 6 or later is installed
Though the minimum system requirements indicate that Internet Explorer 6 or newer version is required by ORF, this requirement was not enforced technically, so ORF could be installed on servers with earlier Internet Explorer versions, but could not function properly. Now the setup checks the IE version and ORF refuses to install if the version requirement is not met. - BUGFIX:
All known bugs fixed.
Changes in version ORF 5
- NEW: System requirements raised to Windows 2000 SP3
See minimum system requirements for details. - NEW: Licensing Changes
ORF was split into two products, ORF Fusion and ORF Fusion for SBS. Visit our website for detailed information. - NEW: Remote Administration
This feature allows editing the configuration of remote ORF installations (Administration Tool), viewing remote logs (Log Viewer), and creating reports from remote servers (Reporting Tool) from a client - NEW: Configuration Synchronization
ORF now can be configured to synchronize specific setting between instances in multi-server setups. - NEW: Improved Help
The Help is now available both offline and online, each topic with feedback support. - NEW: URL blacklist update: Spamhaus DBL
The default URL blacklist definition set (surbls.xml) has been extended with Spamhaus DBL. - NEW: Option to Disable IP Lookups for URL Blacklists
Querying IP addresses against URL Blacklists now can be disabled (required by Spamhaus DBL). - NEW: Auto Sender Whitelist can be configured to keep items forever
- NEW: "Whitelist authenticated clients" is now a separate test (available Before and On Arrival)
- NEW: Various General Improvements
- The ORF Service can now log Unicode expression comments
- Renewed, rich formatted HTML email notifications
- Time-restricted license (trial, beta, alpha) expiry email notifications
- Ability to extend trial period
- Updated Out Of Office subject samples in the Auto Sender Whitelist exceptions
- The Whitelist Emails From Vamsoft Ltd. option now fetches Vamsoft email server list from DNS instead of using a hardcoded list
- Log message improvements
- NEW: General User Interface Improvements
- New toolbars added
- New start screens with news and update information
- New dashboards
- Renewed status bars with more information
- More resizable dialogs (typically list editors)
- New About Box with more information
- Copy To Clipboard functionality in the Modules dialog
- NEW: Renewed Remote Control feature
- new UI
- forwarding to the publisher server (if items are sent to a subscriber server)
- sending client FQDN is now shown
- hinting if the target list is getting overloaded
- NEW: Administration Tool improvements
- Renewed page navigation
- System Overview page with status summary and 24-hour statistics
- Now you can test email/IP addresses/text against lists
- Configuration Wizard to help setting up ORF
- One-click list sorting (header click instead of the Sort button; column and direction remembered)
- View and change test assignment settings from the test pages
- Creating email and domain expressions is now simplified by an expression creator
- New Tests page with test descriptions
- Now all sections have pages
- New Welcome Screen after installation
- Connection and search testing is now available for the Active Directory Recipient Validation source
- Database connection tests initiated in the ORF Admin Tool are now performed by the ORF Service (when available) to rule out issues caused by integrated SQL authentication and the different security context.
- When importing DNSBL/SURBL definitions, the previous enabled state of DNSBLs and SURBLs are preserved
- Illustration to aid determining the Intermediate Host List contents
- NEW: Log Viewer improvements
- Renewed Event View
- Online knowledge base lookups with rateable/commentable articles
- Send to List from the Event View
- Right-click filtering
- Visually renewed filter builder
- HTML + plain text event clipboard copy
- Quick Filters: Now allows editing right from the filter list
- Reset to Factory Defaults in the Column Selector dialog
- NEW: Reporting Tool improvements
- Renewed user interface and report design
- BUGFIX:
All known bugs fixed. - REMOVED:
The "Header Check Depth" setting was removed from the UI
Changes in version ORF 4.4
- NEW: Microsoft® Exchange 2010 Support
ORF now can be used with Exchange 2010 without a patch. - NEW: IIS 6 SMTP Service Support on Windows Server 2008
The IIS 6 SMTP Service is now supported on Windows Server 2008. - NEW: IIS 6 SMTP Service Support on Windows Server 2008 R2
The IIS 6 SMTP Service is now supported on Windows Server 2008 R2. - NEW: DNS blacklist update: Spamhaus CSS
The Spamhaus ZEN DNSBL definition in the default set (blacklists.xml) has been extended with Spamhaus CSS. - BUGFIX:
All known bugs fixed.
Changes in version ORF 4.3
- NEW: DHA Protection Test
A new test in ORF that can help to detect and stop Directory Harvest Attacks (DHAs). - NEW: Honeypot Test
Allows setting up honeypot (spamtrap) addresses and ban senders that attempt to send to these addresses. - NEW: Restartless Configuration Changes
ORF can now reinitialize with the new configuration without restarting the ORF Service, so you can enjoy uninterrupted email filtering. - IMPROVED: Remote Control
The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved. It no longer requires a running ORF Administration Tool, more target lists are supported and multiple items can be sent at once. - NEW: Whitelist Test Exception for the SPF Test
The SPF Test was added to the Whitelist Test Exceptions (disabled by default) so now you can validate the authenticity of the sender email address before the Auto Sender Whitelist or Sender Whitelist would run. This prevents forged emails from getting whitelisted. - IMPROVED: Live Statistics
The live statistics of ORF was redesigned to include a stopwatch functionality and got a few new counters. - NEW: Blacklisting on SPF Neutral
For specific (user-configurable) domains, blacklisting on SPF Neutral result is now available. - NEW: Option to Skip Greylisting on SPF Pass
Allows skipping the Greylisting test if the SPF Test says the sender is explicitly authorized to send in the name of a domain (enabled by default). - NEW: DNS blacklist updates
The default DNS blacklist definition set (blacklists.xml) has been updated. - Further minor improvements and minor bugfixes.
Changes in version ORF 4.2
- NEW: "Real" Reverse DNS Test
This new subtest of the Reverse DNS Test checks if the sending IP has reverse name (DNS PTR record). Blacklisting the resolved host names is also supported. - NEW: Keyword Whitelist
A new On Arrival-only test for whitelisting emails with specific keywords or patterns in the email body, subject or header. - NEW: Charset Blacklist
Another On Arrival-only test, for blacklisting emails written in specific languages/scripts. - NEW: Compatible with Microsoft® Exchange 2007 on Windows Server 2008
Version 4.2 now supports the Windows Server 2008 platform, when running with Microsoft® Exchange 2007. Note that the IIS SMTP-only mode is not supported on this platform, Exchange 2007 is required. - NEW: SPF Exceptions
Allows excluding specific senders from the SPF test by the sender email address or the source IP address. - NEW: Auto Sender Whitelist Sender Exceptions
This feature can be used to quickly un-whitelist accidentally whitelisted senders, without editing the Auto Sender Whitelist database. - NEW: ORF Text Log Retention Control
Allows automatic deletion of the ORF Text Log files after a user-defined number of days. This feature is disabled by default. - NEW: Optional HELO/EHLO Logging
When this option is enabled, the SMTP HELO/EHLO argument domain is added to the ORF logs as a separate column, helping the creation of HELO Blacklist expressions. This feature is disabled by default. - NEW: Minor improvements
- Integrated Configuration Export/Import Guide: Instructions on exporting and importing the entire ORF configuration are now available from the ORF Administration Tool menu.
- The ORF Administration Tool now remembers the last open page.
- The ORF Log Viewer can start the ORF Administration Tool when sending to blacklists/whitelists.
- The Uninstaller now asks if data and configuration files should be left on the system.
- Minor bugfixes.
Changes in version ORF 4.1
- NEW: Microsoft® Exchange 2007 Support
ORF 4.1 now can be installed on Exchange 2007 Servers (Edge Transport or Hub Transport roles). - NEW: Email Header Filtering
The Keyword Filtering feature was extended with the ability to filter for keywords in the email header. - BUGFIX: ORF Does Not Filter Mails with Blank HELO
ORF logged a warning message and did not filter emails that arrived with a blank HELO/EHLO domain argument. - BUGFIX: Connection Is Not Tarpitted At Before Arrival Under Specific Conditions
Tarpit Delay was not triggered (irrespectively of the mode it was switched to) at the Before Arrival filtering point in case the Recipient Validation Test was excluded from the whitelists' scope (Whitelist Test Exceptions).
Changes in version ORF 4.0.4
- NEW: Recipient Validation Test
This new test takes over the role of the Active Directory test and allows you to validate recipients using the Active Directory and two new sources: SQL databases and text files. - IMPROVED: ORF Log Viewer Log File Handling
The Log Viewer now supports viewing user-selected log files in addition to the automatic log file loading. - BUGFIX: Memory Leak in the ORF SMTP Module
The ORF SMTP Module was leaking a specific amount of memory on every email that reached the On Arrival filtering point. The potential impacts of the leak were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load. - REMOVED: Active Directory test "Synchronization Mode"
Changes in version ORF 4.0.3
- BUGFIX: Before Arrival Delivery Problems Under Specific Circumstances
Valid recipients did not get the email when all of the following conditions were satisfied at once: - The email had multiple recipients
- At least one recipient was rejected at Before Arrival
- BUGFIX: Log Viewer Time Filter Problems
The "Time" filter could not be set higher than 12:59:59 (after(...date/time), before(...date/time), between(...date/time) modes). Events that occurred after 12:59:59 could not be filtered by the "Time" filter. - BUGFIX: Log Viewer IP Address Filter May Return an Error
Under Windows 2003 Server, the Log Viewer returned a "List index out of bounds" error when an IP filter with either CIDR notation (e.g., 1.2.3.0/24) or text range notation (e.g., 1.2.3.4-1.2.3.255) was applied to the "Related IP address" field.
Changes in version ORF 4.0.2
- BUGFIX: Delivery Problems Under Specific Conditions
Valid recipients did not get the email when all of the following conditions were satisfied at once: - Active Directory Test was enabled at the On Arrival filtering point
- The email had multiple recipients (valid and invalid ones)
- The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)
- BUGFIX: Log Viewer: Saved Email Subject Filtering Expression Changes Randomly
Previously saved Log Viewer email subject filtering expressions could have changed unexpectedly when modified. - BUGFIX: Saved Log Viewer Filter Cannot Be Deleted Under Specific Conditions
Previously saved filter in the Log Viewer could not be deleted if the view was switched to "All" mode.
Changes in version ORF 4.0.1
- BUGFIX: Incorrect SMTP Module Status Displayed
A bug in the ORF SMTP Module caused the SMTP Module status displayed for one or more of the SMTP Virtual Server as "not loaded/inactive" when multiple SMTP Virtual Servers were present, even when the SMTP Module was loaded and active. - BUGFIX: IP List CSV Export is Broken
The ORF Administration Tool IP list (IP Blacklist, IP Whitelist) CSV format exports were broken in version 4.0 and thus could not be imported. Exporting/importing in TXT format and importing from earlier version CSV exports worked, however. - BUGFIX: Email Loss When Whitelisting Under Specific Circumstances
Whitelisted recipients did not get the email when all of the following conditions were satisfied at once: - The email had multiple recipients at the On Arrival filtering point
- Some, but not all of the email recipients were whitelisted
- The email was not blacklisted
- BUGFIX: Some External Agents Do Not Run Under Specific Conditions
When External Agents whitelist test exceptions were enabled and there were enabled External Agents with both Anti-Virus and Spam Filter role, agents with Spam Filter role were not ran by ORF.
Changes in version ORF 4.0
- NEW: Combined Actions
The new version can tag and redirect the email at the same time at the On Arrival filtering point. - NEW: Whitelist Test Exceptions
This feature allows some blacklist tests to take precedence over whitelists (Attachment Filtering, External Agents, Active Directory Integration and the Recipient Blacklist), which provides better email security. - NEW: External Databases
Allows using Microsoft® SQL Server® databases for storing the Auto Sender Whitelist and Greylisting data. - NEW: Email Subject Logging
The subject of the incoming email is now logged at the On Arrival filtering point. - NEW: 64-bit Windows Support
ORF 4.0 can be used on 64-bit Windows Server editions. - NEW: Auto Sender Whitelist Automatic Response Detection
This new feature prevents automatic responses (e.g., Out of Office autoresponses) from polluting your Auto Sender Whitelist. - NEW: Greylisting /24 Support
Now Greylisting can be configured to accept delivery re-attempts from the same /24 network block. This reduces the email delay from senders with a pool of outgoing email servers. - NEW: Automatic Update Check
This feature periodically checks for a new ORF version and tells you if there is any available. - IMPROVED: Log Filtering and Search
The filtering feature of the ORF Log Viewer was completely redesigned to allow creating more flexible filters. The Search functionality is no longer column-specific (free text search). - IMPROVED: More flexible IP Address Definitions
In the new version, IP network definitions can be entered in various formats, including text range and CIDR notation. - IMPROVED: PowerLog Preprocessing Speed
ORF 4.0 preprocesses the PowerLog files about 75 times faster than the previous 3.0 version. - BUGFIX: PowerLog Files May Get Deleted
A bug in ORF caused the ORF PowerLog file under preprocessing to be deleted on the specific conditions (affected versions: 3.0 and 3.0.1). - BUGFIX: Legitimate Emails Tarpitted on Specific Conditions
ORF applied the tarpit delay on any non-whitelisted email on specific conditions (affected versions: 3.0 and 3.0.1). - BUGFIX: External Agent Exit Code Enabled State Cannot Be Changed
A bug in ORF prevented persisting the changes made to the enabled state of the External Agent exit codes (affected versions: 2.1, 3.0 and 3.0.1).
Changes in version ORF 3.0.1
- BUGFIX: AD Test may reject emails when the AD is not available
When the Active Directory Test was in Synchronization Mode, version 3.0 failed to recognize that the address list was unavailable after a failed synchronization and rejected non-whitelisted emails.
Changes in version ORF 3.0
- NEW: Reporting
This version introduces ORF Reporting Tool, which allows generating printable graphical reports about ORF's filtering activity. The Reporting Tool relies on a new log device called ORF PowerLogs. - NEW: Minor changes and improvements
- More consistent spam filtering engine behavior on errors.
- Attachment MIME type is now logged when an email/attachment is blacklisted by the Attachment Filtering.
- External Agent parameter double quotes are now tripled as opposed to doubling them, like in previous versions.
- Statistics are now sent to Vamsoft in a fixed 24 hours period.
Changes in version ORF 2.1
- NEW: SPF support
The new version supports using the Sender Policy Framework (SPF), which is an email authentication protocol for recognizing email address forgery. As most of the spam arrives with forged sender address, SPF can do a great job in reducing spam. - NEW: External Agents
Allows attaching various external software, such as anti-virus or anti-spam products to ORF. Depending on the agents used, it can boost ORF's spam filtering performance significantly or act as another layer of defense against viruses. You can download agent definitions for a few software from our website or define your own. - NEW: HELO Domain Blacklist
A new feature which helps to detect poorly written spammer software and malicious content based on the HELO/EHLO domain. - NEW: Minor improvements
- URL Domain Blacklist: Version 2.1 allows defining domain exceptions which are not checked by the URL Domain Blacklist.
- Tarpit Delay: ORF delays maximum 10 connections concurrently to avoid eating up IIS resources.
Changes in version ORF 2.0.2
- BUGFIX: Database problems
This version is shipped with an updated version of the database engine used by ORF. The update fixes the problems which may lead to corruption of the Greylisting or the Automatic Sender Whitelist databases. The symptoms of the database corruption were occasional database error messages logged by ORF and, in rare cases, 100% processor use for a long period (more than a minute) on a large number of outgoing emails (e.g., newsletters). - BUGFIX: IP Whitelist ignored in Short log mode
A bug in ORF caused the IP Whitelist to be ignored at the Before Arrival filtering point when the ORF log was in "Short Log Messages" mode. - IMPROVED: Automatic Sender Whitelist performance
We improved the performance of the Automatic Sender Whitelist performance, the new version processes outgoing email significantly faster and uses less resources than the previous version.
Changes in version ORF 2.0.1
- BUGFIX: Memory leak in the ORF SMTP Module
A bug in the ORF SMTP Module resulted in a small memory leak on each rejected email. The potential impacts of the bug were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.
Changes in version ORF 2.0
- NEW: Support for SURBLs (URL Blacklist Support)
SURBLs are very similar to DNS blacklist, except that they list domain names instead of spam IP sources. ORF 2.0 can collect links to "spamvertized" sites from the scanned email and check the linked domains in the SURBLs. - NEW: Greylisting
Anti-spam feature based on temporary rejection of emails from unknown senders. While greylisting provides outstanding spam stop rate, it causes about 15 minutes delay of emails from unknown senders as well. Moreover, it works at the Before Arrival filtering point only. - NEW: Automatic Sender Whitelist
A self-learning whitelist which monitors your outgoing emails and builds a sender email address whitelist from the recipients of the outgoing emails. In other words, the recipients of the emails that you send become whitelisted senders. - NEW: Tarpit Delay
Delays your server's response to blacklisted mails. Can be used to slow down/stop Directory Harvest Attacks or to fight back to spammers. - NEW: Several minor improvements
- Completely rewritten DNS cache with persistent cache data store
- DNS TCP fallback option
- Updated DNS client in ORF
- Improved email wildcard mask support, now both the * and the ? wildcards are supported
- Attachment filter wildcard support (* and ? wildcards are now supported)
- Configurable SMTP response for the On Arrival email drop action
- Configurable SMTP response for the attachment filter drop action
- ORF Log Viewer: "Remote Control"—add addresses to the ORF sender and IP lists by one click
- ORF Log Viewer: "Quick Filters"—easier filter selection
- ORF Log Viewer: "Preview Panel"—easier viewing of long log column data
- ORF Log Viewer: Customizable color-coding of event records based on the event severity
- ORF Log Viewer: Filters are now listed in alphabetical order
- ORF Admin Tool: Sorting improvements, now you can sort virtually every list of ORF by any column
- ORF Admin Tool: SMA expiration reminder
- ORF Admin Tool: DNS Test to check the health of your DNS servers
- REMOVED: The "Reject mail temporarily on DNS failure" feature has been removed.
Changes in version 1.5.2
- UPDATE: License agreement
The license agreement has been changed, the installer and the documentation was updated accordingly. This version does not add any new features compared to ORF 1.5.1.
Changes in version 1.5.1
- NEW: Active Directory integration "Live Mode"
The new AD integration mode allows validating the recipient "live", without extracting all addresses from the Active Directory (synchronization). The Live Mode is more resource-friendly and faster than the previous Synchronization mode when working with large directories. The performance of the Synchronization mode (pre-1.5.1 AD integration) was also improved. - BUGFIX: Memory leak in the ORF SMTP Module
A bug in the ORF 1.5 SMTP Module resulted in a 20-byte memory leak per email at the On Arrival filtering point. This has caused out of memory errors in ORF and IIS crashes. This bug has been fixed by version 1.5.1.
Changes in version 1.5
- NEW: Dual filtering points model
Previous ORF versions filtered the emails before email arrival. Now with 1.5 you can filter emails on arrival, which allows delivery path analysis, keyword and attachment filtering, etc. - NEW: Attachment and keyword filtering
Using the attachment filter you can drop emails with malicious attachments or replace the attachments with a customisable warning text. Both the keyword and the attachment filtering support using Perl-compatible regular expressions, which makes the filtering extremely flexible. Both features are Unicode-aware. - NEW: Reviewing emails caught by the filter
Emails blacklisted at the On Arrival filtering point can be dropped, redirected or tagged (header or subject). - NEW: ORF Log Viewer
ORF is now shipped with a built-in log viewer which allows easy browsing, searching and filtering the logs. - NEW: DNS blacklist updates
The default DNS blacklist definition set (blacklists.xml) has been updated.
Changes in version 1.4
- NEW: Invalidated RDNS record list
The new list allows you to invalidate specific IP addresses returned by the RDNS A record test. This feature has been built into ORF to keep the RDNS test usable after .com/.net gTLD manager Verisign added a global A record wildcard to the .com/.net zones. The wildcard IP address is added to the list by default. The DNS A record which resolves to any of the IP addresses listed on this list will be treated as non-existent record in the Reverse DNS test.
Changes in version 1.3
- NEW: Exception list for the Active Directory integration
Using the new exception list, you can exclude specific email addresses or domains from the Active Directory-based recipient filtering. This comes handy if you provide filtered mail services for domains that are not listed in your directory. - NEW: AD integration user authentication support
User authentication may be required for the AD integration if ORF is running on a computer which is not a member of the domain. ORF now supports specifying a user name and password for LDAP authentication. - NEW: Whitelisting authenticated sessions now can be disabled
- NEW: Authenticated user name in the log
For easier tracking of authenticated sessions, version 1.3 logs the authenticated user name with the whitelist event message. - NEW: Customizable RDNS SMTP response
- NEW: Minor improvements
- BUGFIX: Cannot start syslogd when ORF Service is up
You could not start the syslog daemon on the syslog UDP port while ORF was running, if you had ORF syslogd logging enabled. This was caused by an unclosed socket has which allocated the syslog UDP port so the syslog daemon was unable to start listening to syslog messages. This issue occurred only when both ORF and the syslog daemon was running on the same computer. - NEW: DNS blacklist updates
- Removed: DORKSZTL and DORKS (dead blacklists)
- Removed: MONKEYFORMMAIL (no hits, seemingly dead)
- Removed: BLITZEDHTTP, BLITZEDWINGATE, BLITZEDSOCKS (these zones are no longer up)
- Added: CBL, LBL, REYNOLDST1, UCEB
- Update: Four new zones added to FIVETEN, BLITZED also updated
- Update: MONKEYPROXIES has been renamed to MONKEYUPL (zone remains the same)
Changes in version 1.2.1
- BUGFIX: Sending statistics cannot be disabled
Due to a software bug you could not disable the statistics report sender feature, statistics were sent regardless your settings. This bug has been fixed in version 1.2.1.
Changes in version 1.2
- NEW: Seamless update
Until version 1.2, you had to manually stop and restart Exchange services during an ORF update. The new Update Setup shipped with ORF version 1.2 can automatically stop and restart the Exchange services and transfer your previous ORF settings to the updated version. - NEW: Active Directory integration
Unlike other mail servers, Exchange 2000 does not reject mails coming to mailboxes that does not exist. Exchange 2000 accepts the mail for delivery and bounces the email later if the recipient mailbox is unavailable. Spam is often sent with non-existing sender email address, which results in tons of NDR's filling up the mail queue. Using the ORF's new Active Directory integration you can reject all mails that are addressed to mailboxes that are no longer (or never been) valid and accept mails only to mailboxes that exists in the Active Directory. - NEW: Built-in Bonded Sender™ Program DNS whitelist support
IronPort Systems Inc's Bonded Sender™ Program provides a public DNS whitelist, which is now supported by ORF 1.2. More information about this program is available at http://www.bondedsender.com. - NEW: Better ORF community support
Do you find it confusing to select the best DNS blacklists? Now ORF can automatically send your ORF statistics anonymously to our server in email. The server collects these statistics and displays DNS blacklist popularity and statistics on our website. - NEW: Commentable list items
The new version supports commenting IP/sender/recipient whitelist and blacklist items which makes managing and exchanging these lists easier. - NEW: Regular expressions
Using regular expressions you can create complex email address masks. ORF 1.2 supports the Perl-compatible regular expressions (PCRE, for more information, please see http://www.pcre.org). This feature is available for the sender whitelist, sender blacklist, recipient whitelist and recipient blacklists. - NEW: Windows Event Log and BSD syslog support
Version 1.2 extends logging capabilities with Windows Event Log and BSD syslog support. - NEW: Automatic whitelisting of authenticated SMTP connections
Authenticated SMTP connections are now recognized and automatically whitelisted by the new version. - BUGFIX:
Cumulative statistics not saved on system reboot/shutdown - BUGFIX:
Sender email address is not logged under specific conditions
Changes in version 1.1.1
- BUGFIX: Reverse DNS test fails when MX missing and A/CNAME exists
The reverse DNS test with "MX or A/CNAME" test mode did not test A/CNAME records due to a software bug. This bug caused the software to work as the reverse DNS test running with "MX" (stict check) mode and to provide wrong information for the remote SMTP server about the block reason. - BUGFIX: Incorrect reverse DNS statistics
Reverse DNS statistics were displayed incorrectly. The "Tests" value was equal to the "Blocks" value. - ADDED: Log level recorded in the log
This feature makes writing log parsers easier.
Changes in version 1.1
- NEW: Support for multiple DNS servers
In version 1.1, you can define multiple (fail-over) DNS servers with priority order. - NEW: Cumulative statistics
Using the new cumulative statistics feature you can view the statistics of ORF since the installation. You can also take a snapshot of the current run-time statistics and export the snapshot to various file formats (including CSV, which can be imported by Microsoft® Excel®). The statistics are resettable. - NEW: Reverse DNS test with MX or A/CNAME records
The 1.0 version reverse DNS test was very strict. Version 1.1 offers you a less strict check. This helps in reducing the number of legitime mails blocked. - NEW: Address list export/import
Exporting and importing address lists (IP, sender, recipient whitelists and blacklists) is now available. Multiple text formats supported, including CSV which can be imported by Microsoft® Excel® - NEW: Blocking broken sender domains
ORFEE 1.1 can block mails with broken sender domain information (senderdomain is not a fully qualified domain name - FQDN). - NEW: Temporary rejection of mails on DNS errors
You can configure ORF to reject the mail temporarily when it cannot be tested due to DNS errors. Using this option you can avoid accepting mails when the filtering is not available due to unreachable DNS data. - NEW: Several minor improvements
- All address lists (IP, sender and recipient whitelists and blacklists) are sortable to ascending or descending order by one click
- You can set the order of list items using drag&drop (where applicable)
- Sending a test notification mail from the Events page is now available
- Default values automatically assigned to various SMTP responses
- You can configure ORF to add the local server name to the log as a separate column
- {HOUR} field added to the available log file name fields
- You can control line wrapping in the notification mails
- Now the sender address is available in the log when a mail is blocked on the recipient blacklist
- CTRL-SPACE displays the directory browser dialog in path edit boxes
- BUGFIX: RDNS test may fail with specially formatted addresses
The reverse DNS test did not handle some specially formatted sender addresses correctly. Affected format: "mailbox@[1.2.3.4]", "[email protected]". This syntax is allowed by RFC standards, but used rarely on the Internet. ORF did not recognize that the sender domain is actually an IPv4 address and blocked the mail (because it failed on RDNS test). - BUGFIX: Sender blacklist hits are not logged
Mails blocked on the sender blacklist were not logged by ORF Enterprise. - BUGFIX: Some controls may not appear with Large Fonts settings
If you run your display in Large Fonts mode, you may experienced that some controls in the ORF Administration Tool were not visible on the screen.
Copyright © Vamsoft Ltd. 2024. All rights reserved.
Document ID changelog, version 23.