ORF 4.0 Changes

Here is a mostly complete list of changes in the upcoming 4.0 version of ORF:

  • Combined Actions: Tag and redirect email.
  • Test Exceptions: This feature allows some tests to take precedence over blacklists (Attachment Blacklist, External Agents, AD Test and the Recipient Blacklist)—filtering for viruses even when the email would be whitelisted.
  • New database model: Support for storing Greylisting and Auto Sender Whitelist data on Microsoft SQL Server. More reliable local database support.
  • Subject logging: The name tells it all, email subjects at the On Arrival filtering point are now logged.
  • Improved log filtering: Rule-based filtering in the ORF Log Viewer that provides much greater flexibility than the current filter.
  • 64-bit support: Support for 64-bit editions of Windows Server.
  • More types of supported IP range formats: no more subnet mask mess (except if you want).
  • Greylisting improvement: Now Greylisting can be configured to accept delivery re-attempts from the same Class C (/24) block. This means lower number of false positives.
  • Auto Sender Whitelist Automatic Response Detection: Namely, automatic recognition of Out of Office autoresponses. These are not added to the Auto Sender Whitelist, thus the database does not become polluted.
  • Update notifications: the ORF Administration Tool, Log Viewer and Reporting Tool now tells you if there is a new ORF version available.
  • Significantly improved PowerLog preprocessing speed: about 75 times faster now.
  • All known bugs fixed.

27 thoughts on “ORF 4.0 Changes

  1. Kurt (EC)

    Awesome…includes a few things we wanted over here. So stop wasting your time on travelling and get this thingy released :)))

  2. Peter Post author

    Alex: If you mean filtering by header values, that will not be available in ORF 4.0, but you can always add write a short External Agent that does that. Basically, it would be only few lines of script.

  3. alex

    for example: mark e-mails with different smtp to: and mime to: fields in the email addresses as spam; check if email contains encoded ip addresses; check if the email subject contains the first part of the recipient email address.

  4. Frank

    Powerlogs not slow…and better log filtering! Looks like I’ll have to replace my trusty 2.1 (right after Chris Schmidt & Peter Lawton test 4.0 :) Can the logs show the HELO? BTW, for the next version, my top feature request is making SPF compliant to RFC 4408.

  5. Peter Post author

    Alex: I see. What about asking someone on the ORF Newsgroups to write the agent for the public? I mean, if others find these tests appealing, I am sure someone can help by implementing the agent, there are a bunch of guys there who are familiar with scripting.

  6. Peter Post author

    Frank: No, unfortunately, still no HELO in the logs (they’re available in the SMTP logs, though). As for RFC-final SPF compliance, it is on the To-Do list, but for the version after 4.1 only, because 4.1 will focus on Exchange 2007 solely.

  7. Doug Crowe

    does 64 bit support listed above on the blog, mean that exchange 2007 support is included in 4.0 also?

  8. Peter Post author

    Doug: No, unfortunately (http://blog.vamsoft.com/?p=56), ORF 4.0 will not support that. There is a lot more to Exchange 2007 support than 64-bit.

    For instance, IIS SMTP is no longer used by Exchange 2007 and this takes several changes in ORF.

    – The Protocol Event Sink technology that ORF relies on cannot be used. There is a new technology instead, called Transport Agents. Agents have to be implemented in a different language (ORF was written in Borland Delphi, Transport Agents require .NET, however).

    – The Transport Agent API is quite different from the Protocol Event Sink API that raises a few questions, such as identifying authenticated SMTP connections, etc.

    – Due to the different technology, the installation code has to be changed to use Exchange-specific PowerShell scripts instead of the current COM-based IIS administration scripts.

    – No more SMTP Virtual Servers.

    Another issue is that CDOSYS (CDO for Windows 2000) goes away once Exchange 2007 is installed (this is not documented, but experience confirms this). ORF relies on CDOSYS heavily to parse and re-encode parts of the email, and to send email notifications. The new .NET managed APIs are at least difficult to be used from native Borland Delphi code–not to mention that ORF has to support Exchange 2007-less configurations, too.

    This is barely a full list, it is just a few issues we identified looking into Exchange 2007 support requirements.

  9. Scott

    In reading comments, I understand that ORF 4.0 will not support Exchange 2007. When is ORF expected to support Exchange 2007? Even a ballpark timeframe would be useful so we can determine if it’s feasible to stick with ORF or to look for another solution if the timeframe is too long.

  10. Peter Post author

    Scott: ORF will support Exchange 2007 in the version 4.1, the first planned release after 4.0. This version will focus solely on Exchange 2007 (and maybe bugfixes of 4.0), so that we can add Exchange 2007 support ASAP.

    We are hoping to release 4.1 within 2 months after the 4.0 release, but that can easily wrong. There are two many unknown factors in the Exchange 2007 technology to make a reliable schedule. More detailed information will be available when we complete the technology research and see what has to be changed in ORF and how.

  11. Scott

    Can we run ORF on it’s own server with just the IIS SMTP component and have it pass mail to the Exchange 2007 system in the meantime?

  12. allianz

    Scott, I am currently running ORFEE on a pair of perimeter servers W2K03 relaying to Es2007 on a x64 box. So yes this will still be possible.

    The IIS SMTP module used by ORFEE is no longer in Windows Vista and presumably the ‘to be released’ Vista Server. So the problem is in Vista not Exchange Server 2007, right Peter?

  13. Peter Post author

    Scott: As Allianz pointed out, you can actually do that. You do not even need another hardware, just run another Windows with IIS SMTP inside a virtual machine (VMWare Server is now free!).

  14. Peter Post author

    Allianz: IIS in Vista does not support SMTP, but that is not a problem, because we target the Windows Server platforms and Windows Server 2008 will support SMTP (though it will not be installed by default). I have no information about the event sink API changes, if any. Setting up the Server 2008 beta is on our To-Do list, we will evaluate it shortly.

  15. Scott

    I’m definitely planning to run this on a VM. We have an ESX server prepped and ready to go.

  16. Bobby

    So let me get this straight. I’m running ORF on my EX2003 box, will install EX2007 next month and move mailboxes over to it. Continue to use ORF to process incoming mail on the older server. What about the transport server role? Does that fit into the mix here?

  17. Peter Post author

    Bobby, the Transport Hub role is OK — to my best knowledge, there are two roles that can accept SMTP emails from the outside, Transport Hub and Edge.

  18. Traistn

    Do you plan to include in 4.0 such a feature:
    if a user gets an e-mail he considers to be a spam, he should be able to forward it to some address (orf@domain.com) which belongs to ORF server. When server receives this e-mail, it will extract the address and add it to blacklist.

  19. Peter Post author

    Traistn: The ORF 4.0 feature set is already closed, we are running tests with the beta candidate, so unfortunately we cannot add this to 4.0. Something similar might be implemented in a future version, however.

    Blacklisting the sender email address is not very effective, so probably ORF would block the source IP instead. However, when the email is forwarded, the original delivery path information is lost, so we would use a different technology.

  20. Peter Post author

    Traistn: Sorry, I do not really know SpamAssassin — can you please tell me more about what you mean specifically?

  21. craig

    Any update on Exch2007 support? I’d rather not have a separate server running or VM Ware for Spam only.

  22. Peter Post author

    Craig, we still do not have all the information needed to finish the Exchange 2007 version. I’ll blog about it later today.

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code