@Grant: Please send us an email to with the following information / files:
1. Description of your your system setup (OS and Exchange versions, perimeter and back-end servers, which server relays to where, firewalls, proxies, secondary MXs, other software which may affect the email flow, etc.)
2. Your configuration file called orfent.ini
3. Your raw text .log files related to this issue from the past few days (orfee-<date>.log files). Please send us raw .log files, Log Viewer .csv exports are not suitable.
The above files are located in the ORF directory (Program Files \ ORF Enterprise Edition or Program Files (x86) \ ORF Enterprise Edition by default).
4. The original MIME headers of such spam getting through filtering. The MIME headers can be retrieved by selecting View | Options in Outlook ("Internet Headers"). (Instructions on how to get the MIME headers from other email clients: http://www.spamcop.net/fom-serve/cache/19.html). Please copy/paste these into a text file.
5. the original email bodies spam getting through filtering (in .eml or .msg format)
Please send all the above mentioned files in a single ZIP. If you agree, I will review your configuration and make some suggestions to maximize the filtering efficiency.
1. Description of your your system setup (OS and Exchange versions, perimeter and back-end servers, which server relays to where, firewalls, proxies, secondary MXs, other software which may affect the email flow, etc.)
2. Your configuration file called orfent.ini
3. Your raw text .log files related to this issue from the past few days (orfee-<date>.log files). Please send us raw .log files, Log Viewer .csv exports are not suitable.
The above files are located in the ORF directory (Program Files \ ORF Enterprise Edition or Program Files (x86) \ ORF Enterprise Edition by default).
4. The original MIME headers of such spam getting through filtering. The MIME headers can be retrieved by selecting View | Options in Outlook ("Internet Headers"). (Instructions on how to get the MIME headers from other email clients: http://www.spamcop.net/fom-serve/cache/19.html). Please copy/paste these into a text file.
5. the original email bodies spam getting through filtering (in .eml or .msg format)
Please send all the above mentioned files in a single ZIP. If you agree, I will review your configuration and make some suggestions to maximize the filtering efficiency.
Krisztian Fekete (ORF Team)
(October 21, 2010)
in response to this post
in response to this post
@Grant: Are you using DNSBL's and SURBL's? I use Barracuda, spamhaus zen, spamcop, and combined surbl lists and haven't had a problem with these.
mikeg
(October 21, 2010)
in response to this post
in response to this post
@mikeg: I am using: CBL Composite List/SORBS/SpamCop/Spamhaues I want to say I also used Barracuda at one time as well.
Grant
(October 21, 2010)
in response to this post
in response to this post
I suggest you add the combined surbl list located in configuration/filtering/on arrival/url blacklists and see if that helps. It filters urls in messages that could lead to images.
mikeg
(October 21, 2010)
@mikeg: Just looked at that and I have two boxes checked already. The combined and Spamcop
Grant
(October 21, 2010)
in response to this post
in response to this post
pharmacy assistant programs []
physicians blend hgh spray []
accounting degrees []
It is very annoying one user gets about 50 of these a day, any ideas or anyone need more information?