Posted on May 30th, 2007 by Peter | Permalink
Here is a mostly complete list of changes in the upcoming 4.0 version of ORF:
- Combined Actions: Tag and redirect email.
- Test Exceptions: This feature allows some tests to take precedence over blacklists (Attachment Blacklist, External Agents, AD Test and the Recipient Blacklist)—filtering for viruses even when the email would be whitelisted.
- New database model: Support for storing Greylisting and Auto Sender Whitelist data on Microsoft SQL Server. More reliable local database support.
- Subject logging: The name tells it all, email subjects at the On Arrival filtering point are now logged.
- Improved log filtering: Rule-based filtering in the ORF Log Viewer that provides much greater flexibility than the current filter.
- 64-bit support: Support for 64-bit editions of Windows Server.
- More types of supported IP range formats: no more subnet mask mess (except if you want).
- Greylisting improvement: Now Greylisting can be configured to accept delivery re-attempts from the same Class C (/24) block. This means lower number of false positives.
- Auto Sender Whitelist Automatic Response Detection: Namely, automatic recognition of Out of Office autoresponses. These are not added to the Auto Sender Whitelist, thus the database does not become polluted.
- Update notifications: the ORF Administration Tool, Log Viewer and Reporting Tool now tells you if there is a new ORF version available.
- Significantly improved PowerLog preprocessing speed: about 75 times faster now.
- All known bugs fixed.
posted on May 30th, 2007 @ 04:34 pm GMT+0000
Awesome…includes a few things we wanted over here. So stop wasting your time on travelling and get this thingy released :)))
posted on May 30th, 2007 @ 09:22 pm GMT+0000
Great to see progress on Exchange 2007 support and new features!
posted on June 4th, 2007 @ 03:40 pm GMT+0000
What about headers checking?
posted on June 4th, 2007 @ 03:42 pm GMT+0000
Alex: If you mean filtering by header values, that will not be available in ORF 4.0, but you can always add write a short External Agent that does that. Basically, it would be only few lines of script.
posted on June 4th, 2007 @ 03:48 pm GMT+0000
for example: mark e-mails with different smtp to: and mime to: fields in the email addresses as spam; check if email contains encoded ip addresses; check if the email subject contains the first part of the recipient email address.
posted on June 4th, 2007 @ 03:49 pm GMT+0000
Peter, I don`t know how to write ext. agents :)
posted on June 4th, 2007 @ 06:41 pm GMT+0000
Powerlogs not slow…and better log filtering! Looks like I’ll have to replace my trusty 2.1 (right after Chris Schmidt & Peter Lawton test 4.0 :) Can the logs show the HELO? BTW, for the next version, my top feature request is making SPF compliant to RFC 4408.
posted on June 5th, 2007 @ 10:36 am GMT+0000
Alex: I see. What about asking someone on the ORF Newsgroups to write the agent for the public? I mean, if others find these tests appealing, I am sure someone can help by implementing the agent, there are a bunch of guys there who are familiar with scripting.
posted on June 5th, 2007 @ 10:38 am GMT+0000
Frank: No, unfortunately, still no HELO in the logs (they’re available in the SMTP logs, though). As for RFC-final SPF compliance, it is on the To-Do list, but for the version after 4.1 only, because 4.1 will focus on Exchange 2007 solely.
posted on June 5th, 2007 @ 07:38 pm GMT+0000
does 64 bit support listed above on the blog, mean that exchange 2007 support is included in 4.0 also?
posted on June 6th, 2007 @ 08:22 am GMT+0000
Doug: No, unfortunately (http://blog.vamsoft.com/?p=56), ORF 4.0 will not support that. There is a lot more to Exchange 2007 support than 64-bit.
For instance, IIS SMTP is no longer used by Exchange 2007 and this takes several changes in ORF.
- The Protocol Event Sink technology that ORF relies on cannot be used. There is a new technology instead, called Transport Agents. Agents have to be implemented in a different language (ORF was written in Borland Delphi, Transport Agents require .NET, however).
- The Transport Agent API is quite different from the Protocol Event Sink API that raises a few questions, such as identifying authenticated SMTP connections, etc.
- Due to the different technology, the installation code has to be changed to use Exchange-specific PowerShell scripts instead of the current COM-based IIS administration scripts.
- No more SMTP Virtual Servers.
Another issue is that CDOSYS (CDO for Windows 2000) goes away once Exchange 2007 is installed (this is not documented, but experience confirms this). ORF relies on CDOSYS heavily to parse and re-encode parts of the email, and to send email notifications. The new .NET managed APIs are at least difficult to be used from native Borland Delphi code–not to mention that ORF has to support Exchange 2007-less configurations, too.
This is barely a full list, it is just a few issues we identified looking into Exchange 2007 support requirements.
posted on June 6th, 2007 @ 08:32 am GMT+0000
I know you guys will dig up this article http://technet.microsoft.com/en-us/library/79df6a3a-29a8-4935-b143-8a66c8d082d4.aspx regarding the CDOSYS issue, so I’d like to point out that it does not talk about CDOSYS specifically; there are many CDO technologies from CDOEXM to CDONTS :)))
posted on June 6th, 2007 @ 08:03 pm GMT+0000
In reading comments, I understand that ORF 4.0 will not support Exchange 2007. When is ORF expected to support Exchange 2007? Even a ballpark timeframe would be useful so we can determine if it’s feasible to stick with ORF or to look for another solution if the timeframe is too long.
posted on June 7th, 2007 @ 07:16 am GMT+0000
Scott: ORF will support Exchange 2007 in the version 4.1, the first planned release after 4.0. This version will focus solely on Exchange 2007 (and maybe bugfixes of 4.0), so that we can add Exchange 2007 support ASAP.
We are hoping to release 4.1 within 2 months after the 4.0 release, but that can easily wrong. There are two many unknown factors in the Exchange 2007 technology to make a reliable schedule. More detailed information will be available when we complete the technology research and see what has to be changed in ORF and how.
posted on June 7th, 2007 @ 08:22 pm GMT+0000
Can we run ORF on it’s own server with just the IIS SMTP component and have it pass mail to the Exchange 2007 system in the meantime?
posted on June 7th, 2007 @ 08:56 pm GMT+0000
Scott, I am currently running ORFEE on a pair of perimeter servers W2K03 relaying to Es2007 on a x64 box. So yes this will still be possible.
The IIS SMTP module used by ORFEE is no longer in Windows Vista and presumably the ‘to be released’ Vista Server. So the problem is in Vista not Exchange Server 2007, right Peter?
posted on June 8th, 2007 @ 07:29 am GMT+0000
Scott: As Allianz pointed out, you can actually do that. You do not even need another hardware, just run another Windows with IIS SMTP inside a virtual machine (VMWare Server is now free!).
posted on June 8th, 2007 @ 07:31 am GMT+0000
Allianz: IIS in Vista does not support SMTP, but that is not a problem, because we target the Windows Server platforms and Windows Server 2008 will support SMTP (though it will not be installed by default). I have no information about the event sink API changes, if any. Setting up the Server 2008 beta is on our To-Do list, we will evaluate it shortly.
posted on June 8th, 2007 @ 04:24 pm GMT+0000
I’m definitely planning to run this on a VM. We have an ESX server prepped and ready to go.
posted on June 18th, 2007 @ 02:09 pm GMT+0000
So let me get this straight. I’m running ORF on my EX2003 box, will install EX2007 next month and move mailboxes over to it. Continue to use ORF to process incoming mail on the older server. What about the transport server role? Does that fit into the mix here?
posted on June 19th, 2007 @ 07:52 am GMT+0000
Bobby, the Transport Hub role is OK — to my best knowledge, there are two roles that can accept SMTP emails from the outside, Transport Hub and Edge.
posted on June 21st, 2007 @ 07:39 am GMT+0000
Do you plan to include in 4.0 such a feature:
if a user gets an e-mail he considers to be a spam, he should be able to forward it to some address (orf@domain.com) which belongs to ORF server. When server receives this e-mail, it will extract the address and add it to blacklist.
posted on June 21st, 2007 @ 07:43 am GMT+0000
Traistn: The ORF 4.0 feature set is already closed, we are running tests with the beta candidate, so unfortunately we cannot add this to 4.0. Something similar might be implemented in a future version, however.
Blacklisting the sender email address is not very effective, so probably ORF would block the source IP instead. However, when the email is forwarded, the original delivery path information is lost, so we would use a different technology.
posted on June 21st, 2007 @ 07:46 am GMT+0000
I ment a feature which is implemented in SPAM Assassin…
posted on June 21st, 2007 @ 08:47 am GMT+0000
Traistn: Sorry, I do not really know SpamAssassin — can you please tell me more about what you mean specifically?
posted on October 22nd, 2007 @ 06:57 pm GMT+0000
Any update on Exch2007 support? I’d rather not have a separate server running or VM Ware for Spam only.
posted on October 24th, 2007 @ 09:37 am GMT+0000
Craig, we still do not have all the information needed to finish the Exchange 2007 version. I’ll blog about it later today.