Spam rates worldwide dropped like that around the end of last year and there are many theories why but that seems to be why our ratio's from last year to this year reflect a huge difference like yours.
mikeg
(March 8, 2011)
@Kent Jones: Did the number of spam slipping though increased noticeably?
If the number of spam increased, then probably something is wrong with either the ORF DNS settings, or the DNS server settings.
* Please make sure the new DNS server IP is listed in the ORF DNS settings (Configuration / Global / DNS and Lookups page).
* Check if the DNS server meets the requirements of ORF. You can check this in the ORF Administration Tool, on the DNS and Lookups page, using the Test button.
* Make sure that your DNS server performs lookups with the root DNS server, instead of forwarding to your ISP DNS servers, or a third-party DNS network like OpenDNS. Many DNSBLs and SURBLs have a fair usage limitation and if they see too much traffic from certain servers, the administrators may firewall out the offenders. ISP DNS servers aggregate traffic from their network (because often they are configured as forwarders) and this can trigger such blocking of DNSBL/SURBL services.
* Please check the ORF logs for errors.
If the number of spam did not increase, probably there was another change and it is a mere coincidence. This could be a drop in the global spam traffic, a new firewall that pre-filters spam for ORF, etc.
If the number of spam increased, then probably something is wrong with either the ORF DNS settings, or the DNS server settings.
* Please make sure the new DNS server IP is listed in the ORF DNS settings (Configuration / Global / DNS and Lookups page).
* Check if the DNS server meets the requirements of ORF. You can check this in the ORF Administration Tool, on the DNS and Lookups page, using the Test button.
* Make sure that your DNS server performs lookups with the root DNS server, instead of forwarding to your ISP DNS servers, or a third-party DNS network like OpenDNS. Many DNSBLs and SURBLs have a fair usage limitation and if they see too much traffic from certain servers, the administrators may firewall out the offenders. ISP DNS servers aggregate traffic from their network (because often they are configured as forwarders) and this can trigger such blocking of DNSBL/SURBL services.
* Please check the ORF logs for errors.
If the number of spam did not increase, probably there was another change and it is a mere coincidence. This could be a drop in the global spam traffic, a new firewall that pre-filters spam for ORF, etc.
Peter Karsai (ORF Team)
(March 9, 2011)
in response to this post
in response to this post
@Peter Karsai (ORF Team): If none of the above helps, please check this post: http://www.vamsoft.com/forum/topic/show/Spamhaus-Win-2008-DNS-server/4#comment423 for further tips.
Peter Karsai (ORF Team)
(March 9, 2011)
in response to this post
in response to this post
@Peter Karsai (ORF Team): Yes, the number of spam slipping through did increase noticeably. The DNS tests pass and it reports everything ok. There are no errors in the logs.
Our DNS does perform lookups with the root servers. We only have our ISP DNS and OpenDNS in forwarders as a backup.
I'm not sure what else to change/check.
Our DNS does perform lookups with the root servers. We only have our ISP DNS and OpenDNS in forwarders as a backup.
I'm not sure what else to change/check.
Kent Jones
(March 10, 2011)
in response to this post
in response to this post
@Kent Jones: Please send us your system description (OS, Exchange version, are there any relaying hosts, secondary MXs, etc.), your configuration file called orfent.ini, and your .log files from the past 1-2 days to . The latter files are located in the ORF directory by default (Program Files \ ORF Enterprise Edition or Program Files (x86) \ ORF Enterprise Edition by default), please send raw .log files, Log Viewer CSV exports are not suitable.
If you agree, we will review your configuration and make some suggestions to increase the filtering rate if possible. Thanks!
If you agree, we will review your configuration and make some suggestions to increase the filtering rate if possible. Thanks!
Krisztian Fekete
(March 10, 2011)
in response to this post
in response to this post
That would be wonderful. Thanks for all your help!
I've sent the log files and system information.
I've sent the log files and system information.
Kent Jones
(March 10, 2011)
@Kent Jones: Thanks, I sent you our recommendations in email. Please let us know if applying these changes improved the catch rate.
Krisztian Fekete
(March 11, 2011)
in response to this post
in response to this post
@Krisztian Fekete: Thanks, that did help quite a bit. I'm currently at a 87% catch rate over 4 days.
I appreciate all the help you've given me.
I appreciate all the help you've given me.
Kent Jones
(March 15, 2011)
in response to this post
in response to this post
@Kent Jones: I am glad I could help :)
Krisztian Fekete
(March 16, 2011)
in response to this post
in response to this post
Any suggestions?