6.9.2 ORF Online Help
Select your ORF version:

Table of Contents

Change Log


This section contains the complete version history of ORF.

Changes in version ORF 6.9.2

  • IMPROVEMENTS
    • Service & Administration Tool
      • Event Notifications can now be customized to limit the number of email alerts sent for warning, error, critical, and info severity events within a defined time frame.
      • Management Tools (Administration, Log Viewer, Reporting) are now automatically force-closed if reopened after the initial warning before the uninstallation process starts, ensuring no leftover files remain.
  • BUGFIXES
    • Service & Administration Tool
      • The Built-in DNS Resolver did not adhere to the configured timeout settings, leading to excessive email processing times when DNS communication was blocked or interrupted, such as by firewall rules or network issues.
      • The DKIM Test signature verification process terminated prematurely upon encountering a DNS timeout error, which could affect the validation of emails with multiple DKIM signatures.
      • Using the Recipient Whitelist in inverse mode ("Exclude all addresses from filtering, except the list below") triggered a filtering error for incoming emails, allowing them to bypass filtering, except for those subject to tests specified in Whitelist Test Exceptions.
      • Configuration Snapshots created in versions prior to 6.8 were not reloadable in the Configuration Snapshot Manager due to a parsing error.
      • The Statistics page displayed incorrect status and statistic information for GeoIP Blacklist filtering.
      • When closing the Administration Tool or disconnecting from an ORF instance an unexpected error message could occasionally appear.
      • Minor UI fixes and improvements.
    • Logging & Log Viewer
      • The Built-in DNS Resolver did not log the TCP fallback message when the DNS response exceeded the UDP packet size limit.
      • The DKIM Test results summary was not logged when all signature checks resulted in DNS timeouts; only DNS timeout warnings were recorded.
      • The SPF Test incorrectly logged "none" (indicating no record) for SPF mechanisms like "include" and "redirect" when related DNS queries timed out, instead of reporting a temporary DNS error.
    • Reports & Reporting Tool
      • A preprocessing issue could lead to truncated data, causing missing statistics in the generated reports.

Changes in version ORF 6.9.1

  • BUGFIXES
    • Service & Administration Tool
      • Emails were not logged and filtered under specific conditions: when the Sender email address in the Email Notifications settings was left blank and the incoming email's envelope sender address was also unspecified (i.e. null sender), or when the incoming email's envelope sender address matched the configured Sender email address. This issue occurred even with Email Notifications disabled.
    • Log Viewer
      • The SURBL Test was missing from the Related Test list in the Log Viewer’s Filter Builder.
      • When attempting to connect to a non-existent local installation using the Log Viewer tool, a redundant second error message was displayed in addition to the initial warning.
  • CHANGES
    • Service & Administration Tool
      • Email Notifications are now sent using the configured Sender email address with a randomly generated prefix to ensure accurate handling and delivery.

Changes in version ORF 6.9

  • NEW FEATURES
    • Service & Administration Tool
      • Integrated GeoIP Blacklist, enabling country and region-based blacklisting
      • Optional automatic Error Reporting added for smoother issue resolution
      • Plus Addressing exception lists have been added, offering greater control
      • Selective logging opions for Remote Access and Configuration Subscription events have been added to reduce unnecessary data
      • When using SQL-type database connections, ORF will automatically repair or update related tables as needed
    • Log Viewer
      • Sender Location information is now recorded and displayed in logs
    • Reporting Tool
      • GeoIP Blacklist statistics are now included in reports
  • IMPROVEMENTS
    • Service & Administration Tool
      • Configuration Errors and Warnings are now visually highlighted in the UI
      • The DKIM Test's Blacklist on neutral or permerror feature received a list-type configuration interface, allowing for further customization
      • Attachment Quarantine now resends attachments removed from the same email in a single email
      • The System > Status page now displays DNS and HTTP proxy status information as well
      • External SQL Database Management page now includes additional details and a repair option
    • Log Viewer
      • Auto Sender Whitelist events logged for outbound messages with multiple recipients are now grouped for easier overview
      • ARC-related event messages now include the sealing/signing domains
      • You can now toggle between System and ISO-like date formats in the Time column header's right-click menu
      • Event Properties window now features convenient copy-to-clipboard icons, and double-clicking items auto-selects relevant values
  • CHANGES
    • Service & Administration Tool
      • Email Notification settings now require specifying a sender email address
      • Introduced the System > Network Settings page, which now includes both DNS and HTTP proxy settings
      • Removed the System > DNS page
      • Removed the Proxy Settings buttons from individual test configuration pages
      • Renamed the management tool-specific Network Settings to Connection Preferences in the File menu
      • Renamed the Client IP special field to Remote Peer IP in the External Agent Properties window for improved clarity
      • DKIM Test signature verifier now allows for unencoded headers containing special characters
      • SPF Test now allows for non-standard representation of IPv6 addresses in SPF records
      • Detailed DKIM logs and the Authentication-Results header now both include the values of syntactically invalid selector (s=) tags
    • Log Viewer
      • Detailed DKIM logs and the Authentication-Results header now both include the values of syntactically invalid selector (s=) tags
  • BUGFIXES
    • Service & Administration Tool
      • The DMARC Test checked exempted email addresses found in the display name section of the From header address
      • The DKIM Test did not produce a permerror when the cryptographic algorithm of the signature differed from the one specified in the public key, as required by RFC
      • The Authentication-Results header incorrectly marked a DKIM policy hit alongside the correct pass result for multi-signed emails
      • The built-in DNS resolver failed to resolve certain queries over TCP
      • Attachment Filtering failed to remove certain types of password-protected archives
      • Attachment resubmission messages now accurately display the original email's sender IP address
      • IP reversion setting in the SURBL Blacklist properties also affected domains extracted from URIs, even if the corresponding domain reversion setting was disabled
      • In some cases, the hard-coded SQL network connectivity timeout did not take effect, causing extended timeouts
      • Enabling sender validation before whitelisting led to slower filtering due to an error in the automated filtering point selection
      • The default settings of the Local Features on the Configuration Subscription page were incorrect in the previous release
    • Log Viewer
      • User-defined Log Viewer filters that included the deprecated Related IP field were not transferred during update
      • The Tarpit Delay status was incorrectly logged as enabled at service start, even when it was actually disabled
      • Missing fields were added to the Windows Event and Unix Syslog log devices
      • Hotkey overlaps in the Log Viewer's Filter Builder window were resolved
    • Minor UI glitches were resolved

Changes in version ORF 6.8.3

  • CHANGE: Pending Submissions queue now accepts rejected items
    The Pending Submissions queue has been updated to allow resending of rejected items from the Log Viewer without the need to save the ORF configuration beforehand.
  • BUGFIX: DKIM invalid body length error
    Regardless of the value specified in the "l=" tag of the DKIM-Signature header, ORF incorrectly treated the "l=" tag as invalid.
  • BUGFIX: Incorrect remote control submission
    Entries sent from the Log Viewer to the HELO Domain Blacklist with a subdomain search scope were incorrectly added to the configuration as wildcard expressions instead of regular expressions.
  • BUGFIX: Log Viewer fixes
    Multiple issues have been resolved:
    • UTF8 encoded email subject lines and attachment names were sometimes inaccurately logged.
    • In certain cases, the details of the configured SQL server were not displayed on the dashboard screen.
    • Manual file loading and drag & drop functionality did not work when connected to multiple servers.
    • Closing the log files did not properly reset the configured date range.
    • The toolbar section displayed the wrong log source when multiple files were loaded.
    • Status bar details and other minor display issues have been fixed.

Changes in version ORF 6.8.2

  • BUGFIX: Timestamp conversion errors
    Unix timestamps in DKIM and ARC signatures dated more than a decade in the future were causing signature verification errors.
  • BUGFIX: Missing ARC signature in whitelisted emails
    The ARC signature was not added to incoming external emails that were whitelisted by the Authentication Whitelist.
  • BUGFIX: Plus Addressing not applied to whitelisted emails
    Plus Addressing actions were not being performed on incoming external emails that were whitelisted by the Authentication Whitelist.
  • BUGFIX: Multi-recipient email delivery issue with blacklisted and plus tagged recipients
    Emails with recipients who were both blacklisted and tagged with a plus tag could trigger an exception error, preventing successful delivery of the affected email.
  • CHANGE: Adjusted filtering order
    When the DHA Protection Test is set to run only at On Arrival, the Recipient Blacklist and Recipient Validation tests will no longer be performed Before Arrival.
  • IMPROVED: Conversion of old INI-type configuration files to XML
    When a legacy INI-type service configuration file is added to the program data folder after installation or update, it is now properly converted to XML when saving the ORF configuration, eliminating any previous errors.
  • Further minor UI fixes.

Changes in version ORF 6.8.1

  • CHANGE: Attachment Filtering - Encrypted archives scanning
    Enabling the "Remove password protected archives" and "Force check attachments" options together will now return a hit for encrypted and password protected content inside archives, regardless of the file extension.
  • BUGFIX: Email content replaced by Attachment Filtering
    The Attachment Filtering test replaced the entire email content (including header, body) when the email itself was defined as an attachment, and identified as a blacklisted attachment.
  • BUGFIX: Configuration error caused by non-printable characters
    Non-printable characters in the ORF configuration caused errors when saving or updating the configuration.
  • BUGFIX: Log Viewer fixes
    A number of issues have been resolved:
    • Timeout message was not displayed when unable to connect to the SQL server.
    • Unexpected crash when selecting certain elements in a certain order in the right-click menu.
    • The Sender IP quick filter targeted the wrong log field when filtering IP addresses from the /24 range.

Changes in version ORF 6.8

  • NEW: Plus Addressing
    ORF now supports plus addressing, aka. subaddressing or detailed addressing (e.g. [email protected]), and can properly filter and validate recipient addresses containing plus tags.
  • NEW: Administration Tool - Plus Address Filtering
    Create a list of filter expressions to manage plus tags in the recipient addresses of incoming emails.
  • NEW: Administration Tool - Plus Address Action
    Add a plus tag to the recipient addresses of blacklisted emails.
  • NEW: SQL logging
    ORF now supports real-time logging to SQL databases.
  • NEW: Log Viewer - Display SQL logs
    Load SQL logs directly from an SQL Server and display them in the Log Viewer.
  • NEW: Log Viewer - View a specific date range
    This new option allows you to load logs generated during a specified period.
  • IMPROVED: Database connection test messages
    Error messages that may appear when testing the external database connection now include additional details and suggestions.
  • IMPROVED: Log Viewer - Log exports
    CSV log exports are now saved with a header and can be read by the Log Viewer.
  • CHANGE: Log Viewer - Column name and content change
    The "Related IP" column has been renamed to "Sender IP" and now displays the IP address of the SMTP host that delivered the email to your organization's network. The related Event Log View help page now has the explanation of each column.
  • CHANGE: Configuration file format
    Most of the ORF configuration data is now stored in XML files.
  • BUGFIX: DMARC Test - Header parsing errors
    When set to find domains in the "display name" section of the From header:
    • The local-part of email addresses was not ignored.
    • The "display name" content was not properly decoded.
  • BUGFIX: Log Viewer - UI errors in multi-server mode
    Some user interface elements did not work properly when the Log Viewer was connected to multiple servers:
    • Clicking the Load, Refresh, Send and Quick Send dropdown elements on the toolbar triggered errors.
    • After filtering logs, the Export, Send and Quick Send controls became disabled.
  • BUGFIX: Log Viewer - Saving exports to remote file systems does not work
    Log exports could not be saved to the remotely managed ORF server.
  • BUGFIX: Incorrect "ARC-Authentication-Results" in the message header
    In rare cases, due to a memory allocation error, the ARC-Authentication-Results header included incorrect email details.
  • BUGFIX: PowerLog pre-processing error
    Powerlog corruption could cause unexpected service halts during file pre-processing.
  • BUGFIX: Unicode encoding issues
    All known unicode encoding and display errors have been fixed.
  • Other minor fixes and user interface improvements.

Changes in version ORF 6.7

  • NEW: Microsoft® Windows Server 2022 Support
    ORF now officially supports Windows Server 2022.
  • NEW: Attachment Quarantine Manager
    Allows resending, exporting and deleting quarantined attachments that were saved to the file system. Accessible via the ORF Administration Tool (Attachment Filtering) or the ORF Log Viewer (Tools).
  • NEW: Attachment resending settings
    A new tab called Resend has been added to the Attachment Filtering settings dialog.
  • NEW: Log Viewer – Resend attachment
    Quarantined attachments can be resent to the original recipients with a single click using the Tools menu or the right-click context menu.
  • NEW: Log Viewer - Event grouping
    Events logged for a given email are now grouped together for easier overview (limited support on IIS SMTP servers).
  • NEW: Log Viewer - New columns
    Four new columns have been added to the Log Viewer:
    • Author: The (RFC5322.From) email address that email clients actually display to recipients.
    • Source IP: The IP address of the mail server that originally sent the email.
    • Remote Peer IP: The IP address of the mail server that connected to the ORF server.
    • Related Test: The ORF test related to the event record.
  • NEW: Log Viewer - New sorting options
    Three new sorting options have been added to the Log Viewer column headers:
    • Username
    • Organizational domain
    • Top-Level domain
  • IMPROVED: Log Viewer - Right-click menu
    The right-click context menu has been restructured for easier view and navigation.
  • IMPROVED: Log Viewer - Remote Control
    The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved:
    • The content of the Author and HELO fields have been added to the list of items available for sending to ORF lists.
    • You can now send multiple items at once to ORF lists, and specify the comment.
  • IMPROVED: Log Viewer - Right-click filter
    You can now filter for multiple selected items at once from the right-click context menu.
  • BUGFIX: Reporting Tool - DMARC reporting
    The Hits and Contribution statistics were incorrectly calculated in the DMARC filtering reports.
  • Other minor fixes and user interface improvements.

Changes in version ORF 6.6.1

  • BUGFIX: False transport agent status
    On Microsoft® Exchange 2010 servers, and when accessed remotely, the Administration Tool incorrectly reported the status of some of the ORF transport agents.
  • BUGFIX: Memory leak in the ADO and CDO call handling module
    The ADO and CDO call handling module was leaking a certain amount of memory when the incoming email had to be modified. This bug primarily affected servers with very high email load.
  • IMPROVED: ARC settings verification messages
    The ARC signature settings verification test in the Administration Tool now displays different DNS error messages based on response codes, instead of a "catch-all" error message.
  • Further minor UI fixes.

Changes in version ORF 6.6

  • NEW: ARC Signing
    The new version adds support for ARC (Authenticated Received Chain) allowing ORF to sign the email's original authentication result and store it in the message header in a verifiable format. This enables subsequent ARC-enabled mails transfer agents to validate the email even if it fails the local SPF, DKIM and DMARC checks.
  • NEW: ARC Test
    Emails that would fail the SPF, DKIM or DMARC tests as a result of intermediate processing can be "rescued" by ORF by recycling the original email authentication results left in the message header by trusted ARC signers.
  • NEW: Exchange Transport Agent
    A third transport agent has been introduced which is responsible for adding digital signatures to incoming messages when ARC Signing is enabled.
  • CHANGE: Pending Submissions item handling
    Items sent from the Log Viewer to blacklists, whitelists and exception lists are no longer used by the ORF service immediately.
  • CHANGE: New category in the navigation bar
    The settings pages of the DMARC, DKIM and SPF tests have been moved to a new category called Authentication.
  • BUGFIX: Unexpected SPF Test error
    Rather than ignoring the email, the SPF Test ended with an error when the following two conditions were met: the sender was excluded from the SPF check and the SPF Test was allowed to run at the Before Arrival filtering point.
  • BUGFIX: IPv6 scope-id parsing error
    Link-local (intranet) IPv6 addresses ending with a scope-id were not recognized as valid IPv6 addresses, which caused benign errors on systems where IP-based tests were allowed to run at the Before Arrival filtering point.
  • Further minor changes and improvements.

Changes in version ORF 6.5

  • NEW: Email authentication results in the message header
    A standard Authentication-Results header is now added automatically to all tested emails recording the results of the SPF, DKIM and DMARC checks.
  • NEW: Extended message header filtering
    It is now possible to limit the search scope to a specific header field when creating a keyword filter expression.
  • NEW: Automatic message header decoding
    Keyword filter expressions with a header search scope are now checked against the decoded message header parts by default. Select the "Email header (raw MIME)" search scope in the keyword filter properties dialog if you need to create a rule for matching encoded content.
  • IMPROVED: Unicode-enabled configuration fields
    The management tools have been updated to support Unicode characters in most text fields, including file paths.
  • IMPROVED: SURBL Test
    The domain extractor of the SURBL Test has been updated to recognize links with accidentally or intentionally malformed URL prefixes (e.g. "http:/\").

Changes in version ORF 6.4

  • NEW: Complete IPv6 Support
    The ORF Service and ORF Management Tools are now fully IPv6 capable. You can now connect to ORF instances via IPv6 interfaces and create IPv6-specific rules and policies for filtering.
  • NEW: Sender identity verification before whitelist and exclude actions
    A sender validation option was added to the Sender Whitelist page and to each Sender Exceptions dialog. Enable it to prevent spammers from exploiting existing email address and domain expressions on said lists to bypass filtering.
  • BUGFIX: Service outage preceded by access violation errors
    Receipt of specifically malformed emails could cause a buffer overflow in the memory space of ORF, resulting in service outage.
  • Further minor bugfixes and performance improvements.

Changes in version ORF 6.3

  • IMPROVED: Attachment Filtering
    ORF can now unpack additional archive formats, such as RAR, ARJ, TAR, GZIP, Z, etc.
  • IMPROVED: Regex Engine
    The regex engine has been updated in order to be able to match strings that contain Unicode characters with code point values greater than U+FFFF (65535), such as emoticons and other symbols stored in supplementary Unicode planes.
  • BUGFIX: Ed25519-type public key strings trigger DKIM Test errors
    Due to a hashing bug in the DKIM signature verifier algorithm, the DKIM Test terminated with an error upon attempting to parse ed25519-type key strings from public DKIM (DNS TXT) key records.
  • Further minor user interface improvements and fixes.

Changes in version ORF 6.2

  • NEW: Custom Action - Test Mode
    A new custom action for troubleshooting, testing and fine-tuning individual blacklist tests.
  • NEW: Result-based actions for the SPF and DKIM tests
    You can now specify different blacklist actions for most SPF and DKIM authentication results.
  • NEW: Search filter expressions in logs
    This new feature allows you to find log entries that match the filter expressions you defined in the ORF Administration Tool.
  • CHANGE: Automated filtering points selection
    The appropriate filtering points are now automatically selected for each test based on your ORF configuration. The filtering point control columns (Before Arrival & On Arrival) were removed from the UI.
  • CHANGE: Active Directory-based recipient validation
    Emails sent to shared mailboxes are no longer rejected when ORF is configured to blacklist emails sent to disabled AD accounts.
  • CHANGE: Configuration file paths
    The service-related configuration files were moved to "%ProgramData%\ORF Fusion\".
  • IMPROVED: SMTP Responses
    The SMTP response list had been extended and the default responses have been updated.
  • BUGFIX: DKIM Signature Verifier - RFC-6376 standards violation
    Signature verification was unnecessarily terminated with a warning when the version tag (v=) was not the first tag in the "DKIM-Signature" header field.

Changes in version ORF 6.1.1

  • BUGFIX: DMARC identifier alignment check problem
    Uppercase characters in the domain part of the "From:" header address caused verification failure during the DMARC identifier alignment check.
  • BUGFIX: Minor user interface issues
    Fixed a number of UI related issued affecting the ORF management tools.

Changes in version ORF 6.1

  • NEW: DKIM Whitelist
    Whitelist emails from specific senders based on the validity of the DKIM signature.
  • NEW: Enforced Signatures
    Create a list of senders and signers whose emails must pass DKIM validation in order to pass filtering.
  • IMPROVED: RFC8463-compliant updated DKIM verifier
    ORF now validates Ed25519-SHA256 DKIM signatures as well.
  • NEW: Detailed DKIM logs
    When enabled, the signature verification details will be added to the DKIM log messages.
  • NEW: DMARC sub-test logging
    When this option is enabled, the results of the SPF and DKIM checks will appear in the logs.
  • BUGFIX: Invalid pointer operation
    ORF logged an error message when one of the recipients of a multi-recipient email was on the Recipient Whitelist while the sender was on the Auto Sender Whitelist.
  • BUGFIX: Access violation error on malformed emails
    Non-standard MIME boundary usage in emails could trigger access violation errors due to a bug in the ORF MIME parser.

Changes in version ORF 6.0.1

  • BUGFIX: ORF transport agent On Arrival error
    In rare cases, certain emails might trigger a "NullReferenceException" error during the parsing of the email data received from Microsoft Exchange.
  • BUGFIX: DKIM signature parsing failure
    Quotation marks in the "h=" tag of the DKIM signature were interpreted as text boundary instead of literal characters.
  • BUGFIX: DKIM signature timestamp error
    DKIM signature verification might fail with a timestamp error on servers located to the west of the UTC±00:00 timezone.
  • BUGFIX: Limited tarpit delay functionality
    The Tarpit Delay feature did not work when configured as a default filtering action.
  • BUGFIX: False license activation error message
    The License Manager displayed the wrong error message on connection failure.

Changes in version ORF 6.0

  • NEW: Microsoft® Exchange 2019 compatibility
    Exchange 2019 is now fully supported by ORF.
  • NEW: Microsoft® Windows Server 2019 compatibility
    ORF is now officially supported on Windows Server 2019.
  • NEW: Licensing changes
    ORF Fusion is now available through subscription only. Perpetual licenses and maintenance plans are no longer available. For more information please consult our related KB.
  • NEW: License Manager
    ORF Fusion now requires a license key for activation. A License Manager has been added to the ORF Administration Tool (Help / License Manager) for managing your licenses.
  • NEW: DKIM Test
    The new version supports using the DomainKeys Identified Mail (DKIM) email authentication framework for verifying the integrity of incoming emails as well as the identity of responsible senders via cryptographic signatures.
  • NEW: DMARC Test
    Domain-based Message Authentication, Reporting & Conformance (DMARC), possibly the most advanced email validation system designed to combat phishing and email spoofing, is now here to help you detect and mitigate fraudulent messages.
  • NEW: Per-Test Actions
    Separate filtering actions can now be specified for almost every blacklist test.
  • NEW: Attachment Filter Exceptions
    Allows excluding specific senders from Attachment Filtering by the sender email address or the sender IP address.
  • NEW: DKIM Test added to Whitelist Test Exceptions
    Provides an opportunity to verify the authenticity of the incoming email before the Auto Sender Whitelist or Sender Whitelist could exempt the message from filtering (disabled by default).
  • NEW: General user interface improvements
    • Status indicator added to tests in the side-menu
    • Toggle option added to the toolbars
    • Status bar elements are now interactive
    • Some of the icons received a second state
  • NEW: Log Viewer log file handling improvements
    • Drag-and-drop support added
    • You can now select multiple log files and load them at once
    • Loading specific log files is now possible in multi-server mode as well
  • IMPROVED: Attachment Blacklist logging
    Filter expressions are now appended to log messages automatically when no user-defined comment text is configured.
  • CHANGE: Microsoft® Windows Server 2003 support retired
    The new version no longer supports Microsoft® Windows Sever 2003.
  • CHANGE: Microsoft® Exchange Server 2000-2003 support retired
    The new version no longer supports Exchange Server 2000 and Exchange Server 2003.
  • CHANGE: Fusion for SBS edition retired
    The Fusion for SBS edition of ORF has been retired due to lack of demand. There is only one ORF edition now, ORF Fusion, which supports Windows Server Essentials (formerly Windows Small Business Server or SBS) installations as well. Free upgrades to ORF Fusion are given to Fusion for SBS users with active Software Maintenance Agreements.
  • CHANGE: License agreement updated
    The license agreement has been changed, the installer and the documentation was updated accordingly.
  • BUGFIX: Increased memory usage & oversized PowerLog reference file
    A bug in the ORF PowerLog Reference module resulted in a new reference entry being added to the plogrefs.dat file on each IP Whitelist and IP Blacklist hit. The potential impacts of the bug were out of memory errors and service crashes affecting servers with very high email load.
  • BUGFIX: Wrong attachment filtering action on memory error
    Fixed an error handling bug that could cause legitimate emails and attachments to be blacklisted or quarantined.
  • BUGFIX: Configuration change warning not displayed
    The ORF Administration Tool did not check whether the local configuration of the subscriber server should be saved before connecting to a publisher server if the connection was initiated from a settings page that was in subscriber mode.

Changes in version ORF 5.5.1

  • BUGFIX: Archive scan timeout not respected
    Fixed an error handling bug that could delay ORF from executing the configured archive scan timeout action.
  • BUGFIX: Right-click export not working for certain lists
    Some of the user-defined lists could not be exported using the export option of the right-click context menu.
  • BUGFIX: User Interface Lag in the Log Viewer and Reporting Tool
    Fixed a bug that could cause the Log Viewer and Reporting Tool to hang or become unresponsive for short periods of time.

Changes in version ORF 5.5

  • NEW: Multi-server support in the Log Viewer
    The Log Viewer can now connect to multiple ORF instances at the same time, so you may browse and filter logs from all your ORF servers simultaneously.
  • NEW: Filtering inside compressed attachments
    The Attachment Filter can now perform recursive checks in compressed (Zip) files. Password protected archives are treated according to user-defined policy.
  • NEW: Attachment filtering based on file size
    You may now set a per-expression file size limit for each attachment filter expression.
  • NEW: Option to blacklist emails sent to disabled accounts
    A new Recipient Validation option has been added to allow the blacklisting of emails sent to email addresses associated with disabled Active Directory accounts.
  • NEW: List item control
    All blacklist and whitelist entries can now be enabled or disabled selectively.
  • IMPROVED: Attachment Quarantine
    Removed attachments are now saved with a .quarantine extension to prevent the accidental execution of malicious files.
  • IMPROVED: Email header tagging
    The name of the blacklist test that triggers the filtering action can now be included into the header tag.
  • IMPROVED: Remote management
    When the ORF service shuts down or is restarted, any remotely connected Administration Tool will now disconnect automatically.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.4.1

  • NEW: Microsoft® Exchange 2016 compatibility
    Although ORF 5.4 worked fine with Exchange 2016, the platform was detected by ORF as Exchange 2013. Version 5.4.1 has been updated to detect Exchange 2016 as a separate Exchange version.
  • NEW: Microsoft® Windows Server 2016 compatibility
    ORF is now officially supported on Windows Server 2016.
  • CHANGE: Removed dead surbl.org zones
    A few surbl.org zones went offline since the last version. The default definition set included with ORF now reflects this change.
  • BUGFIX: External Agent exit code actions always enabled
    Fixed bug with ORF ignoring the enabled/disabled state of External Agent exit codes actions.
  • BUGFIX: Inconsistent IP Whitelist logging
    Due to a bug in the IP Whitelist implementation, ORF did not always select the right IP address to be logged as "Related IP" address when a hit occurred. The bug affected only ORF Text Logs and the On Arrival filtering point.
  • BUGFIX: SPF evaluation limit counters do not propagate out from recursion
    The overall DNS lookup limit (max. 10) for SPF terms ("include", "a", "mx", "ptr", "exists" and "redirect") was not tracked as a single global limit for all evaluations, but just for a single instance of a recursive evaluation. Because of this, the total number of DNS queries triggered by the SPF terms might have exceed the limit specified in RFC-7208 (Section 4.6.4), unless the limit was reached in a recursive evaluation.
  • BUGFIX: Incorrect severity level assigned to ESpfTempError exception
    Timeout occuring during the retrieval of an SPF record resulted in ORF logging an ESpfTempError exception with Error severity, instead of a more informative message with the proper Warning severity.
  • BUGFIX: Before Arrival SMTP actions for the HELO Blacklist cannot be edited
    Changes made to the SMTP action of the HELO Blacklist were not persisted in the configuration.

Changes in version ORF 5.4

  • NEW: Built-in recursive DNS resolver
    The new DNS resolver can obtain DNS data without the help of a dedicated DNS resolver server. This greatly simplifies the DNS setup in ORF and eliminates common DNS configuration problems that lead to a diminished spam filtering performance.
  • IMPROVED: Updated DNSBL definition set and recommendations
    The new set is compiled based on comprehensive true positive, false positive and overlap analysis to maximize the spam catch rate without risking the loss of legitimate emails.
  • IMPROVED: RFC7208-compliant updated SPF client
    ORF implemented SPF long before it became standardized. The final RFC4408 standard and the most recent RFC7208 version contain few significant changes, but they are more lenient in handling common SPF errors, so this update allows evaluating more policies than before.
  • IMPROVED: Exchange 2013 CU9 Health Probe detection update
    Microsoft® Exchange 2013 regularly sends health probe emails as a part of its Managed Availability feature. ORF has a built-in mechanism for detecting and ignoring these emails to avoid clogging up the logs. The CU9 package for Microsoft® Exchange 2013 introduced a feature that broke this detection in ORF and this update restores the detection.
  • CHANGE: Microsoft® Windows 2000 support retired
    The new version no longer supports Microsoft® Windows 2000.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.3

  • NEW: Microsoft® Exchange 2013 Edge Transport Server support
    ORF is now fully compatible with the Edge Transport Server role introduced in Microsoft® Exchange 2013 SP1. Please read our related Knowledge Base article for more information about deploying ORF on different Exchange 2013 roles.
  • NEW: Automatic detection of the Transport Agents defect of Microsoft® Exchange 2013 SP1
    Microsoft® Exchange 2013 SP1 was shipped with a critical flaw (see Microsoft Knowledge Base Article 2938053). The ORF Setup now detects the defect and refuses to install on an unpatched SP1 installation, and the ORF Service will now log errors if it finds the underlying Exchange installation unpatched.

Changes in version ORF 5.2

  • NEW: Configuration Snapshots
    ORF now automatically takes snapshots of the ORF configuration state on every configuration save and this enables reverting to earlier configurations.
  • NEW: Attachment Quarantine
    The Attachment Quarantine allows saving blacklisted email attachments to the file system for later retrieval by the administrator. Automatic retention control is available.
  • NEW: Log Message Explanations from Email Notifications
    Event message explanations are now available from ORF email notifications (in previous versions, these were available from the ORF Log Viewer only).
  • IMPROVED: Updated Second-level Domain List (SLD)
    The built-in Second-level Domain List (SLD) of ORF has been updated (January 2014).
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5.1

  • NEW: Microsoft® Exchange 2013 Support
    ORF now can be used with Microsoft® Exchange 2013 on both the Client Access server and the Mailbox server roles. Please read our related Knowledge Base article for more information.
  • NEW: Session timeout prevention in the ORF Log Viewer and ORF Reporting Tool
    In ORF 5, if the Log Viewer or the Reporting Tool was connected to a remote ORF instance and left unattended for more than 24 hours, the session has timed out, as the login ticket has expired. Now they keep the session alive.
  • NEW: Fixed items are now shown on the Intermediate Host List
    Intranet IP address ranges are treated as Intermediate Hosts by default to avoid blacklisting internal and outgoing emails. In previous ORF versions, these ranges were not visible in the Administration Tool, which was confusing for new ORF users. Now these ranges are visible as non-editable items.
  • NEW: Reverse DNS lookup in the ORF Log Viewer
    Now the Log Viewer supports looking up the PTR record (Reverse DNS lookup) of any logged IP address (Event View).
  • NEW: IDNA support in the URL harvester engine
    The URL harvester component is responsible for detecting, decoding, prioritizing and sorting URL payloads in spam, such as web links and email address domains. The domain names harvested from URLs are checked against online blacklists (SURBLs) to see if they are associated with spam. The URL Harvester now supports Internationalized Domain Names (IDNA), so ORF is now able to discover and lookup domain names written in alphabets and scripts like Cyrillic, Japanese or Hebrew.
  • IMPROVED: Updated Second-level Domain List (SLD)
    The built-in Second-level Domain List (SLD) of ORF has been updated.
  • NEW: Browser-style navigation in the Administration Tool
    New keyboard shortcuts have been implemented in the Administration Tool, so now it is possible to navigate through pages back and forward by pressing the Alt + Left Arrow / Alt + Right Arrow keys or Backspace / Shift + Backspace, as in any browser. This also supports the back and forward buttons you may have on your keyboard.
  • IMPROVED: Log Viewer now copies data in Unicode format
    The Copy Cell feature of the ORF Log Viewer now copies data in Unicode format instead of ANSI.
  • IMPROVED: Now all ORF binaries are signed digitally
    To prevent forgery or tampering, sotware publishers often sign their binaries digitally with Authenticode. Some of the binaries of ORF (namely the ones written in .NET) were not signed in previous ORF versions to avoid possible problems. Now these problems have been worked around.
  • IMPROVED: Setup now checks if Internet Explorer 6 or later is installed
    Though the minimum system requirements indicate that Internet Explorer 6 or newer version is required by ORF, this requirement was not enforced technically, so ORF could be installed on servers with earlier Internet Explorer versions, but could not function properly. Now the setup checks the IE version and ORF refuses to install if the version requirement is not met.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 5

  • NEW: System requirements raised to Windows 2000 SP3
    See minimum system requirements for details.
  • NEW: Licensing Changes
    ORF was split into two products, ORF Fusion and ORF Fusion for SBS. Visit our website for detailed information.
  • NEW: Remote Administration
    This feature allows editing the configuration of remote ORF installations (Administration Tool), viewing remote logs (Log Viewer), and creating reports from remote servers (Reporting Tool) from a client
  • NEW: Configuration Synchronization
    ORF now can be configured to synchronize specific setting between instances in multi-server setups.
  • NEW: Improved Help
    The Help is now available both offline and online, each topic with feedback support.
  • NEW: URL blacklist update: Spamhaus DBL
    The default URL blacklist definition set (surbls.xml) has been extended with Spamhaus DBL.
  • NEW: Option to Disable IP Lookups for URL Blacklists
    Querying IP addresses against URL Blacklists now can be disabled (required by Spamhaus DBL).
  • NEW: Auto Sender Whitelist can be configured to keep items forever
  • NEW: "Whitelist authenticated clients" is now a separate test (available Before and On Arrival)
  • NEW: Various General Improvements
    • The ORF Service can now log Unicode expression comments
    • Renewed, rich formatted HTML email notifications
    • Time-restricted license (trial, beta, alpha) expiry email notifications
    • Ability to extend trial period
    • Updated Out Of Office subject samples in the Auto Sender Whitelist exceptions
    • The Whitelist Emails From Vamsoft Ltd. option now fetches Vamsoft email server list from DNS instead of using a hardcoded list
    • Log message improvements
  • NEW: General User Interface Improvements
    • New toolbars added
    • New start screens with news and update information
    • New dashboards
    • Renewed status bars with more information
    • More resizable dialogs (typically list editors)
    • New About Box with more information
    • Copy To Clipboard functionality in the Modules dialog
  • NEW: Renewed Remote Control feature
    • new UI
    • forwarding to the publisher server (if items are sent to a subscriber server)
    • sending client FQDN is now shown
    • hinting if the target list is getting overloaded
  • NEW: Administration Tool improvements
    • Renewed page navigation
    • System Overview page with status summary and 24-hour statistics
    • Now you can test email/IP addresses/text against lists
    • Configuration Wizard to help setting up ORF
    • One-click list sorting (header click instead of the Sort button; column and direction remembered)
    • View and change test assignment settings from the test pages
    • Creating email and domain expressions is now simplified by an expression creator
    • New Tests page with test descriptions
    • Now all sections have pages
    • New Welcome Screen after installation
    • Connection and search testing is now available for the Active Directory Recipient Validation source
    • Database connection tests initiated in the ORF Admin Tool are now performed by the ORF Service (when available) to rule out issues caused by integrated SQL authentication and the different security context.
    • When importing DNSBL/SURBL definitions, the previous enabled state of DNSBLs and SURBLs are preserved
    • Illustration to aid determining the Intermediate Host List contents
  • NEW: Log Viewer improvements
    • Renewed Event View
    • Online knowledge base lookups with rateable/commentable articles
    • Send to List from the Event View
    • Right-click filtering
    • Visually renewed filter builder
    • HTML + plain text event clipboard copy
    • Quick Filters: Now allows editing right from the filter list
    • Reset to Factory Defaults in the Column Selector dialog
  • NEW: Reporting Tool improvements
    • Renewed user interface and report design
  • BUGFIX:
    All known bugs fixed.
  • REMOVED:
    The "Header Check Depth" setting was removed from the UI

Changes in version ORF 4.4

  • NEW: Microsoft® Exchange 2010 Support
    ORF now can be used with Exchange 2010 without a patch.
  • NEW: IIS 6 SMTP Service Support on Windows Server 2008
    The IIS 6 SMTP Service is now supported on Windows Server 2008.
  • NEW: IIS 6 SMTP Service Support on Windows Server 2008 R2
    The IIS 6 SMTP Service is now supported on Windows Server 2008 R2.
  • NEW: DNS blacklist update: Spamhaus CSS
    The Spamhaus ZEN DNSBL definition in the default set (blacklists.xml) has been extended with Spamhaus CSS.
  • BUGFIX:
    All known bugs fixed.

Changes in version ORF 4.3

  • NEW: DHA Protection Test
    A new test in ORF that can help to detect and stop Directory Harvest Attacks (DHAs).
  • NEW: Honeypot Test
    Allows setting up honeypot (spamtrap) addresses and ban senders that attempt to send to these addresses.
  • NEW: Restartless Configuration Changes
    ORF can now reinitialize with the new configuration without restarting the ORF Service, so you can enjoy uninterrupted email filtering.
  • IMPROVED: Remote Control
    The Remote Control feature which allows sending IP and email addresses from the ORF Log Viewer to various ORF lists has been improved. It no longer requires a running ORF Administration Tool, more target lists are supported and multiple items can be sent at once.
  • NEW: Whitelist Test Exception for the SPF Test
    The SPF Test was added to the Whitelist Test Exceptions (disabled by default) so now you can validate the authenticity of the sender email address before the Auto Sender Whitelist or Sender Whitelist would run. This prevents forged emails from getting whitelisted.
  • IMPROVED: Live Statistics
    The live statistics of ORF was redesigned to include a stopwatch functionality and got a few new counters.
  • NEW: Blacklisting on SPF Neutral
    For specific (user-configurable) domains, blacklisting on SPF Neutral result is now available.
  • NEW: Option to Skip Greylisting on SPF Pass
    Allows skipping the Greylisting test if the SPF Test says the sender is explicitly authorized to send in the name of a domain (enabled by default).
  • NEW: DNS blacklist updates
    The default DNS blacklist definition set (blacklists.xml) has been updated.
  • Further minor improvements and minor bugfixes.

Changes in version ORF 4.2

  • NEW: "Real" Reverse DNS Test
    This new subtest of the Reverse DNS Test checks if the sending IP has reverse name (DNS PTR record). Blacklisting the resolved host names is also supported.
  • NEW: Keyword Whitelist
    A new On Arrival-only test for whitelisting emails with specific keywords or patterns in the email body, subject or header.
  • NEW: Charset Blacklist
    Another On Arrival-only test, for blacklisting emails written in specific languages/scripts.
  • NEW: Compatible with Microsoft® Exchange 2007 on Windows Server 2008
    Version 4.2 now supports the Windows Server 2008 platform, when running with Microsoft® Exchange 2007. Note that the IIS SMTP-only mode is not supported on this platform, Exchange 2007 is required.
  • NEW: SPF Exceptions
    Allows excluding specific senders from the SPF test by the sender email address or the sender IP address.
  • NEW: Auto Sender Whitelist Sender Exceptions
    This feature can be used to quickly un-whitelist accidentally whitelisted senders, without editing the Auto Sender Whitelist database.
  • NEW: ORF Text Log Retention Control
    Allows automatic deletion of the ORF Text Log files after a user-defined number of days. This feature is disabled by default.
  • NEW: Optional HELO/EHLO Logging
    When this option is enabled, the SMTP HELO/EHLO argument domain is added to the ORF logs as a separate column, helping the creation of HELO Blacklist expressions. This feature is disabled by default.
  • NEW: Minor improvements
    • Integrated Configuration Export/Import Guide: Instructions on exporting and importing the entire ORF configuration are now available from the ORF Administration Tool menu.
    • The ORF Administration Tool now remembers the last open page.
    • The ORF Log Viewer can start the ORF Administration Tool when sending to blacklists/whitelists.
    • The Uninstaller now asks if data and configuration files should be left on the system.
    • Minor bugfixes.

Changes in version ORF 4.1

  • NEW: Microsoft® Exchange 2007 Support
    ORF 4.1 now can be installed on Exchange 2007 Servers (Edge Transport or Hub Transport roles).
  • NEW: Email Header Filtering
    The Keyword Filtering feature was extended with the ability to filter for keywords in the email header.
  • BUGFIX: ORF Does Not Filter Mails with Blank HELO
    ORF logged a warning message and did not filter emails that arrived with a blank HELO/EHLO domain argument.
  • BUGFIX: Connection Is Not Tarpitted At Before Arrival Under Specific Conditions
    Tarpit Delay was not triggered (irrespectively of the mode it was switched to) at the Before Arrival filtering point in case the Recipient Validation Test was excluded from the whitelists' scope (Whitelist Test Exceptions).

Changes in version ORF 4.0.4

  • NEW: Recipient Validation Test
    This new test takes over the role of the Active Directory test and allows you to validate recipients using the Active Directory and two new sources: SQL databases and text files.
  • IMPROVED: ORF Log Viewer Log File Handling
    The Log Viewer now supports viewing user-selected log files in addition to the automatic log file loading.
  • BUGFIX: Memory Leak in the ORF SMTP Module
    The ORF SMTP Module was leaking a specific amount of memory on every email that reached the On Arrival filtering point. The potential impacts of the leak were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.
  • REMOVED: Active Directory test "Synchronization Mode"

Changes in version ORF 4.0.3

  • BUGFIX: Before Arrival Delivery Problems Under Specific Circumstances
    Valid recipients did not get the email when all of the following conditions were satisfied at once:
    • The email had multiple recipients
    • At least one recipient was rejected at Before Arrival
  • BUGFIX: Log Viewer Time Filter Problems
    The "Time" filter could not be set higher than 12:59:59 (after(...date/time), before(...date/time), between(...date/time) modes). Events that occurred after 12:59:59 could not be filtered by the "Time" filter.
  • BUGFIX: Log Viewer IP Address Filter May Return an Error
    Under Windows 2003 Server, the Log Viewer returned a "List index out of bounds" error when an IP filter with either CIDR notation (e.g., 1.2.3.0/24) or text range notation (e.g., 1.2.3.4-1.2.3.255) was applied to the "Related IP address" field.

Changes in version ORF 4.0.2

  • BUGFIX: Delivery Problems Under Specific Conditions
    Valid recipients did not get the email when all of the following conditions were satisfied at once:
    • Active Directory Test was enabled at the On Arrival filtering point
    • The email had multiple recipients (valid and invalid ones)
    • The recipient list of the mail began with an invalid address (which is not listed in the Active Directory)
  • BUGFIX: Log Viewer: Saved Email Subject Filtering Expression Changes Randomly
    Previously saved Log Viewer email subject filtering expressions could have changed unexpectedly when modified.
  • BUGFIX: Saved Log Viewer Filter Cannot Be Deleted Under Specific Conditions
    Previously saved filter in the Log Viewer could not be deleted if the view was switched to "All" mode.

Changes in version ORF 4.0.1

  • BUGFIX: Incorrect SMTP Module Status Displayed
    A bug in the ORF SMTP Module caused the SMTP Module status displayed for one or more of the SMTP Virtual Server as "not loaded/inactive" when multiple SMTP Virtual Servers were present, even when the SMTP Module was loaded and active.
  • BUGFIX: IP List CSV Export is Broken
    The ORF Administration Tool IP list (IP Blacklist, IP Whitelist) CSV format exports were broken in version 4.0 and thus could not be imported. Exporting/importing in TXT format and importing from earlier version CSV exports worked, however.
  • BUGFIX: Email Loss When Whitelisting Under Specific Circumstances
    Whitelisted recipients did not get the email when all of the following conditions were satisfied at once:
    • The email had multiple recipients at the On Arrival filtering point
    • Some, but not all of the email recipients were whitelisted
    • The email was not blacklisted
  • BUGFIX: Some External Agents Do Not Run Under Specific Conditions
    When External Agents whitelist test exceptions were enabled and there were enabled External Agents with both Anti-Virus and Spam Filter role, agents with Spam Filter role were not ran by ORF.

Changes in version ORF 4.0

  • NEW: Combined Actions
    The new version can tag and redirect the email at the same time at the On Arrival filtering point.
  • NEW: Whitelist Test Exceptions
    This feature allows some blacklist tests to take precedence over whitelists (Attachment Filtering, External Agents, Active Directory Integration and the Recipient Blacklist), which provides better email security.
  • NEW: External Databases
    Allows using Microsoft® SQL Server® databases for storing the Auto Sender Whitelist and Greylisting data.
  • NEW: Email Subject Logging
    The subject of the incoming email is now logged at the On Arrival filtering point.
  • NEW: 64-bit Windows Support
    ORF 4.0 can be used on 64-bit Windows Server editions.
  • NEW: Auto Sender Whitelist Automatic Response Detection
    This new feature prevents automatic responses (e.g., Out of Office autoresponses) from polluting your Auto Sender Whitelist.
  • NEW: Greylisting /24 Support
    Now Greylisting can be configured to accept delivery re-attempts from the same /24 network block. This reduces the email delay from senders with a pool of outgoing email servers.
  • NEW: Automatic Update Check
    This feature periodically checks for a new ORF version and tells you if there is any available.
  • IMPROVED: Log Filtering and Search
    The filtering feature of the ORF Log Viewer was completely redesigned to allow creating more flexible filters. The Search functionality is no longer column-specific (free text search).
  • IMPROVED: More flexible IP Address Definitions
    In the new version, IP network definitions can be entered in various formats, including text range and CIDR notation.
  • IMPROVED: PowerLog Preprocessing Speed
    ORF 4.0 preprocesses the PowerLog files about 75 times faster than the previous 3.0 version.
  • BUGFIX: PowerLog Files May Get Deleted
    A bug in ORF caused the ORF PowerLog file under preprocessing to be deleted on the specific conditions (affected versions: 3.0 and 3.0.1).
  • BUGFIX: Legitimate Emails Tarpitted on Specific Conditions
    ORF applied the tarpit delay on any non-whitelisted email on specific conditions (affected versions: 3.0 and 3.0.1).
  • BUGFIX: External Agent Exit Code Enabled State Cannot Be Changed
    A bug in ORF prevented persisting the changes made to the enabled state of the External Agent exit codes (affected versions: 2.1, 3.0 and 3.0.1).

Changes in version ORF 3.0.1

  • BUGFIX: AD Test may reject emails when the AD is not available
    When the Active Directory Test was in Synchronization Mode, version 3.0 failed to recognize that the address list was unavailable after a failed synchronization and rejected non-whitelisted emails.

Changes in version ORF 3.0

  • NEW: Reporting
    This version introduces ORF Reporting Tool, which allows generating printable graphical reports about ORF's filtering activity. The Reporting Tool relies on a new log device called ORF PowerLogs.
  • NEW: Minor changes and improvements
    • More consistent spam filtering engine behavior on errors.
    • Attachment MIME type is now logged when an email/attachment is blacklisted by the Attachment Filtering.
    • External Agent parameter double quotes are now tripled as opposed to doubling them, like in previous versions.
    • Statistics are now sent to Vamsoft in a fixed 24 hours period.

Changes in version ORF 2.1

  • NEW: SPF support
    The new version supports using the Sender Policy Framework (SPF), which is an email authentication protocol for recognizing email address forgery. As most of the spam arrives with forged sender address, SPF can do a great job in reducing spam.
  • NEW: External Agents
    Allows attaching various external software, such as anti-virus or anti-spam products to ORF. Depending on the agents used, it can boost ORF's spam filtering performance significantly or act as another layer of defense against viruses. You can download agent definitions for a few software from our website or define your own.
  • NEW: HELO Domain Blacklist
    A new feature which helps to detect poorly written spammer software and malicious content based on the HELO/EHLO domain.
  • NEW: Minor improvements
    • URL Domain Blacklist: Version 2.1 allows defining domain exceptions which are not checked by the URL Domain Blacklist.
    • Tarpit Delay: ORF delays maximum 10 connections concurrently to avoid eating up IIS resources.

Changes in version ORF 2.0.2

  • BUGFIX: Database problems
    This version is shipped with an updated version of the database engine used by ORF. The update fixes the problems which may lead to corruption of the Greylisting or the Automatic Sender Whitelist databases. The symptoms of the database corruption were occasional database error messages logged by ORF and, in rare cases, 100% processor use for a long period (more than a minute) on a large number of outgoing emails (e.g., newsletters).
  • BUGFIX: IP Whitelist ignored in Short log mode
    A bug in ORF caused the IP Whitelist to be ignored at the Before Arrival filtering point when the ORF log was in "Short Log Messages" mode.
  • IMPROVED: Automatic Sender Whitelist performance
    We improved the performance of the Automatic Sender Whitelist performance, the new version processes outgoing email significantly faster and uses less resources than the previous version.

Changes in version ORF 2.0.1

  • BUGFIX: Memory leak in the ORF SMTP Module
    A bug in the ORF SMTP Module resulted in a small memory leak on each rejected email. The potential impacts of the bug were IIS crashes and out of memory errors. This bug primarly affected servers with very high email load.

Changes in version ORF 2.0

  • NEW: Support for SURBLs (URL Blacklist Support)
    SURBLs are very similar to DNS blacklist, except that they list domain names instead of spam IP sources. ORF 2.0 can collect links to "spamvertized" sites from the scanned email and check the linked domains in the SURBLs.
  • NEW: Greylisting
    Anti-spam feature based on temporary rejection of emails from unknown senders. While greylisting provides outstanding spam stop rate, it causes about 15 minutes delay of emails from unknown senders as well. Moreover, it works at the Before Arrival filtering point only.
  • NEW: Automatic Sender Whitelist
    A self-learning whitelist which monitors your outgoing emails and builds a sender email address whitelist from the recipients of the outgoing emails. In other words, the recipients of the emails that you send become whitelisted senders.
  • NEW: Tarpit Delay
    Delays your server's response to blacklisted mails. Can be used to slow down/stop Directory Harvest Attacks or to fight back to spammers.
  • NEW: Several minor improvements
    • Completely rewritten DNS cache with persistent cache data store
    • DNS TCP fallback option
    • Updated DNS client in ORF
    • Improved email wildcard mask support, now both the * and the ? wildcards are supported
    • Attachment filter wildcard support (* and ? wildcards are now supported)
    • Configurable SMTP response for the On Arrival email drop action
    • Configurable SMTP response for the attachment filter drop action
    • ORF Log Viewer: "Remote Control"—add addresses to the ORF sender and IP lists by one click
    • ORF Log Viewer: "Quick Filters"—easier filter selection
    • ORF Log Viewer: "Preview Panel"—easier viewing of long log column data
    • ORF Log Viewer: Customizable color-coding of event records based on the event severity
    • ORF Log Viewer: Filters are now listed in alphabetical order
    • ORF Admin Tool: Sorting improvements, now you can sort virtually every list of ORF by any column
    • ORF Admin Tool: SMA expiration reminder
    • ORF Admin Tool: DNS Test to check the health of your DNS servers
  • REMOVED: The "Reject mail temporarily on DNS failure" feature has been removed.

Changes in version 1.5.2

  • UPDATE: License agreement
    The license agreement has been changed, the installer and the documentation was updated accordingly. This version does not add any new features compared to ORF 1.5.1.

Changes in version 1.5.1

  • NEW: Active Directory integration "Live Mode"
    The new AD integration mode allows validating the recipient "live", without extracting all addresses from the Active Directory (synchronization). The Live Mode is more resource-friendly and faster than the previous Synchronization mode when working with large directories. The performance of the Synchronization mode (pre-1.5.1 AD integration) was also improved.
  • BUGFIX: Memory leak in the ORF SMTP Module
    A bug in the ORF 1.5 SMTP Module resulted in a 20-byte memory leak per email at the On Arrival filtering point. This has caused out of memory errors in ORF and IIS crashes. This bug has been fixed by version 1.5.1.

Changes in version 1.5

  • NEW: Dual filtering points model
    Previous ORF versions filtered the emails before email arrival. Now with 1.5 you can filter emails on arrival, which allows delivery path analysis, keyword and attachment filtering, etc.
  • NEW: Attachment and keyword filtering
    Using the attachment filter you can drop emails with malicious attachments or replace the attachments with a customisable warning text. Both the keyword and the attachment filtering support using Perl-compatible regular expressions, which makes the filtering extremely flexible. Both features are Unicode-aware.
  • NEW: Reviewing emails caught by the filter
    Emails blacklisted at the On Arrival filtering point can be dropped, redirected or tagged (header or subject).
  • NEW: ORF Log Viewer
    ORF is now shipped with a built-in log viewer which allows easy browsing, searching and filtering the logs.
  • NEW: DNS blacklist updates
    The default DNS blacklist definition set (blacklists.xml) has been updated.

Changes in version 1.4

  • NEW: Invalidated RDNS record list
    The new list allows you to invalidate specific IP addresses returned by the RDNS A record test. This feature has been built into ORF to keep the RDNS test usable after .com/.net gTLD manager Verisign added a global A record wildcard to the .com/.net zones. The wildcard IP address is added to the list by default. The DNS A record which resolves to any of the IP addresses listed on this list will be treated as non-existent record in the Reverse DNS test.

Changes in version 1.3

  • NEW: Exception list for the Active Directory integration
    Using the new exception list, you can exclude specific email addresses or domains from the Active Directory-based recipient filtering. This comes handy if you provide filtered mail services for domains that are not listed in your directory.
  • NEW: AD integration user authentication support
    User authentication may be required for the AD integration if ORF is running on a computer which is not a member of the domain. ORF now supports specifying a user name and password for LDAP authentication.
  • NEW: Whitelisting authenticated sessions now can be disabled
  • NEW: Authenticated user name in the log
    For easier tracking of authenticated sessions, version 1.3 logs the authenticated user name with the whitelist event message.
  • NEW: Customizable RDNS SMTP response
  • NEW: Minor improvements
  • BUGFIX: Cannot start syslogd when ORF Service is up
    You could not start the syslog daemon on the syslog UDP port while ORF was running, if you had ORF syslogd logging enabled. This was caused by an unclosed socket has which allocated the syslog UDP port so the syslog daemon was unable to start listening to syslog messages. This issue occurred only when both ORF and the syslog daemon was running on the same computer.
  • NEW: DNS blacklist updates
    • Removed: DORKSZTL and DORKS (dead blacklists)
    • Removed: MONKEYFORMMAIL (no hits, seemingly dead)
    • Removed: BLITZEDHTTP, BLITZEDWINGATE, BLITZEDSOCKS (these zones are no longer up)
    • Added: CBL, LBL, REYNOLDST1, UCEB
    • Update: Four new zones added to FIVETEN, BLITZED also updated
    • Update: MONKEYPROXIES has been renamed to MONKEYUPL (zone remains the same)

Changes in version 1.2.1

  • BUGFIX: Sending statistics cannot be disabled
    Due to a software bug you could not disable the statistics report sender feature, statistics were sent regardless your settings. This bug has been fixed in version 1.2.1.

Changes in version 1.2

  • NEW: Seamless update
    Until version 1.2, you had to manually stop and restart Exchange services during an ORF update. The new Update Setup shipped with ORF version 1.2 can automatically stop and restart the Exchange services and transfer your previous ORF settings to the updated version.
  • NEW: Active Directory integration
    Unlike other mail servers, Exchange 2000 does not reject mails coming to mailboxes that does not exist. Exchange 2000 accepts the mail for delivery and bounces the email later if the recipient mailbox is unavailable. Spam is often sent with non-existing sender email address, which results in tons of NDR's filling up the mail queue. Using the ORF's new Active Directory integration you can reject all mails that are addressed to mailboxes that are no longer (or never been) valid and accept mails only to mailboxes that exists in the Active Directory.
  • NEW: Built-in Bonded Sender™ Program DNS whitelist support
    IronPort Systems Inc's Bonded Sender™ Program provides a public DNS whitelist, which is now supported by ORF 1.2. More information about this program is available at http://www.bondedsender.com.
  • NEW: Better ORF community support
    Do you find it confusing to select the best DNS blacklists? Now ORF can automatically send your ORF statistics anonymously to our server in email. The server collects these statistics and displays DNS blacklist popularity and statistics on our website.
  • NEW: Commentable list items
    The new version supports commenting IP/sender/recipient whitelist and blacklist items which makes managing and exchanging these lists easier.
  • NEW: Regular expressions
    Using regular expressions you can create complex email address masks. ORF 1.2 supports the Perl-compatible regular expressions (PCRE, for more information, please see http://www.pcre.org). This feature is available for the sender whitelist, sender blacklist, recipient whitelist and recipient blacklists.
  • NEW: Windows Event Log and BSD syslog support
    Version 1.2 extends logging capabilities with Windows Event Log and BSD syslog support.
  • NEW: Automatic whitelisting of authenticated SMTP connections
    Authenticated SMTP connections are now recognized and automatically whitelisted by the new version.
  • BUGFIX:
    Cumulative statistics not saved on system reboot/shutdown
  • BUGFIX:
    Sender email address is not logged under specific conditions

Changes in version 1.1.1

  • BUGFIX: Reverse DNS test fails when MX missing and A/CNAME exists
    The reverse DNS test with "MX or A/CNAME" test mode did not test A/CNAME records due to a software bug. This bug caused the software to work as the reverse DNS test running with "MX" (stict check) mode and to provide wrong information for the remote SMTP server about the block reason.
  • BUGFIX: Incorrect reverse DNS statistics
    Reverse DNS statistics were displayed incorrectly. The "Tests" value was equal to the "Blocks" value.
  • ADDED: Log level recorded in the log
    This feature makes writing log parsers easier.

Changes in version 1.1

  • NEW: Support for multiple DNS servers
    In version 1.1, you can define multiple (fail-over) DNS servers with priority order.
  • NEW: Cumulative statistics
    Using the new cumulative statistics feature you can view the statistics of ORF since the installation. You can also take a snapshot of the current run-time statistics and export the snapshot to various file formats (including CSV, which can be imported by Microsoft® Excel®). The statistics are resettable.
  • NEW: Reverse DNS test with MX or A/CNAME records
    The 1.0 version reverse DNS test was very strict. Version 1.1 offers you a less strict check. This helps in reducing the number of legitime mails blocked.
  • NEW: Address list export/import
    Exporting and importing address lists (IP, sender, recipient whitelists and blacklists) is now available. Multiple text formats supported, including CSV which can be imported by Microsoft® Excel®
  • NEW: Blocking broken sender domains
    ORFEE 1.1 can block mails with broken sender domain information (senderdomain is not a fully qualified domain name - FQDN).
  • NEW: Temporary rejection of mails on DNS errors
    You can configure ORF to reject the mail temporarily when it cannot be tested due to DNS errors. Using this option you can avoid accepting mails when the filtering is not available due to unreachable DNS data.
  • NEW: Several minor improvements
    • All address lists (IP, sender and recipient whitelists and blacklists) are sortable to ascending or descending order by one click
    • You can set the order of list items using drag&drop (where applicable)
    • Sending a test notification mail from the Events page is now available
    • Default values automatically assigned to various SMTP responses
    • You can configure ORF to add the local server name to the log as a separate column
    • {HOUR} field added to the available log file name fields
    • You can control line wrapping in the notification mails
    • Now the sender address is available in the log when a mail is blocked on the recipient blacklist
    • CTRL-SPACE displays the directory browser dialog in path edit boxes
  • BUGFIX: RDNS test may fail with specially formatted addresses
    The reverse DNS test did not handle some specially formatted sender addresses correctly. Affected format: "mailbox@[1.2.3.4]", "[email protected]". This syntax is allowed by RFC standards, but used rarely on the Internet. ORF did not recognize that the sender domain is actually an IPv4 address and blocked the mail (because it failed on RDNS test).
  • BUGFIX: Sender blacklist hits are not logged
    Mails blocked on the sender blacklist were not logged by ORF Enterprise.
  • BUGFIX: Some controls may not appear with Large Fonts settings
    If you run your display in Large Fonts mode, you may experienced that some controls in the ORF Administration Tool were not visible on the screen.
Copyright © Vamsoft Ltd. 2024. All rights reserved. Document ID changelog, version 31.