I just finished implementing an ORF improvement that we call Combined Actions. This allows combining specific On Arrival actions, for instance, tagging the subject plus the header plus redirecting the email.
Unrelated as it may seem, this improvement bought some changes to the ORF Text log format. The latest 3.0 log format has event classes for each type of action (14 event classes, from TagMailHeader to IgnoreMailRecipient) and so combined actions would have required to introduce new event classes for every possible combination (or, just to allow multiple event classes for a single event), causing a boom in the number of possible event classes.
This, among with other reasons, made us to re-think how logs should like and to come up with a few changes that we believe make logs easier to read and more useful.
First, we reduced the number of event classes to five: System, Pass, Whitelist, Blacklist and Intermediate. I think the first four are quite straightforward, but the Intermediate event class requires a little explanation: this is an event class that reports an intermediate action performed on the email. Currently, these are:
- Recipient removal at On Arrival. This may occur if some, but not all of the email recipients are blacklisted, e.g. by the Active Directory recipient validation.
- Recipient whitelisting at On Arrival. Again, this may occur if some, but not all of the email recipients are whitelisted.
- Attachment replacement (Attachment Filtering).
To identify the exact action performed, a new Action column has been introduced (can describe multiple actions, e.g. TagSubject+Redirect).
Another change was to eliminate the optional “Server” column, as it made little sense to log the the server name with every log message when the server name cannot be changed without rebooting the server. The local server name was moved to the ORF log header and it is no longer optional.
The next version’s log will have one more thing that I guess you will like: an optional email subject column. The subject is logged in UTF-8 encoding (ASCII letters kept human-readable), in URL Encoded format.