Your technology certification is waiting. Enroll in Cloud Class ®
1) Assign all tests possible to Before Arrival (Configuration / Tests / Tests)
You only want to assign everything to Before Arrival if Exchange is on a perimeter server with no secondary MX's. Enable Greylisting if you don't already and set it to before arrival.
2) Enable the following DNS Blacklist in the following order (Configuration / Tests / DNS Blacklists, you can re-order them using the Move up | Move down buttons):
• CBL Composite Blocking List
• Spamhaus ZEN
• SORBS Combined with the 127.0.0.6 and 127.0.0.10 actions disabled (Select SORBS / Modify / SMTP Actions tab / Uncheck 127.0.0.10 / Click OK)
• Not Just Another Bogus List (NJABL Combined List)
These proved to be the most accurate and most reliable DNSBLs (see http://www.vamsoft.com/press-release-2010-01-13.asp and http://blog.vamsoft.com/2010/05/20/configuration-used-for-the-vbspam-test/)
3) Update your URL Blacklist definitions and enable the recommended URL Blacklists (Configuration / Filtering - On Arrival / URL Blacklists):
Spamhaus has released a new URL blacklist called Spamhaus DBL since ORF v4.4 was released, so it was not included in the definition set shipped with the latest version. We released a new definition file, so the new list can be imported easily: it worth the effort, Spamhaus DBL is pretty effective.
1. Download the new definition file called surbls-100302.xml from http://www.vamsoft.com/dl.aspx?surbls-100302.xml
2. Start the ORF Administration Tool.
3. Expand Configuration / Filtering - On Arrival / URL Blacklists on the left navigation pane.
4. Right-click anywhere in the list and select Import Definitions.
5. Select the surbls-100302.xml file that you downloaded.
6. Make sure the Delete current definitions not listed here (full overwrite) checkbox is checked and click OK.
7. Enable the blacklists you want to use in the DNSBL list (we recommend using
• Spamhaus DBL
• SURBL: Combined
in this order. Also, please note that Spamhaus DBL does not accept IP lookups, so you should disable them (see http://www.vamsoft.com/spamhaus-dbl.asp for instructions ("3) Disable IP lookups").
4) Publish SPF record(s) for your domain(s) and enable the SPF test of ORF (Configuration / Tests / Tests)
To prevent spammers from spoofing your domain name (and block incoming spam which spoofs your own domain), you should publish an SPF record and enable the SPF test of ORF: Sender Policy Framework is an email authentication protocol, which allows you to control who can send emails in the name of your domain. Basically, you have to publish your policy (like "v=spf1 mx -all", which means only the servers your MX records point to are allowed to send emails in the name of your domain) as a TXT record. For more information, please visit http://www.openspf.org/ and read our article at http://www.vamsoft.com/howto-blacklist-self-spam.asp
5) Import our updated Regular Expressions (Configuration / Filtering - On Arrival / Keyword Blacklist)
I attached some regexes we constructed for common spam phrases, I suggest to import them to the Keyword filtering list (from the main menu of the Administration Tool (Configuration | Import | Keyword blacklist...) or in Configuration / Filtering - On Arrival / Keyword blacklist ---> Right click in the expressions box and select "Import list..." and import orf_keywords.xml)
Finally, save your settings to apply the configuration changes by pressing Ctrl + S.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.