The Cyren IP Reputation filter is available if NoSpamProxy Protection is licensed. This filter performs the check of the IP address of the sending system, classifies it according to the classification received from Cyren and assigns corresponding SCL points:
No known risk (0 SCL points)
Medium risk (1 SCL points)
High risk (3 SCL points)
Depending on the setting of the evaluation criteria and additional classifications of the other filters in the applied rule, an IP address can thus lead to the rejection of the emails. This rejection can already take place during the envelope phase, so that further information – for example, the subject – is no longer transmitted.
NoSpamProxy has no influence on these evaluations. However, every affected sender can have their IP address and its classification checked and adjusted via the Cyren support page.
https://www.nospamproxy.de/wp-content/uploads/2015/07/makefg1.png256256Technik NoSpamProxyhttps://www.nospamproxy.de/wp-content/uploads/2015/03/logo.pngTechnik NoSpamProxy2021-04-20 08:27:122021-04-20 12:49:09Detection of IP addresses by the Cyren IP Reputation filter
The Cyren Premium AntiVirus scanner is part of the Malware Scanner action and can be used if NoSpamProxy Protection is licensed. Cyren Premium AntiVirus checks attachments that are attached to an email. In doing so, it carries out two basic checks:
Local checks against definitions
The definitions are regularly downloaded from the Cyren servers. In case of access problems to the Cyren servers, the definitions must not be older than two days.
During the check, the attachment is placed in the directory C:\ProgramData\Net at Work Mail Gateway\Cyren\Temp, checked and deleted again.
Live checks – Zero Hour Protection
Check for conspicuous attachments in the recent past. A hash value is generated and sent to Cyren, which then sends a response with the corresponding classification by Cyren.
Unlike with the Cyren AntiSpam filter, the NoSpamProxy support has no way of influencing this behaviour in the case of a misclassification. In the case of misclassifications – i.e. false positives or false negatives – the sender or the recipient of the email must always contact Cyren and have this corrected accordingly.
A description of the process can be found on the respective Cyren support page.
In case of local problems or missing definitions, please refer to the Knowledge Base article Cyren Engines – Troubleshooting
Note
To ensure parallel operation with other locally installed virus scanners on the gateway role, please refer to the Knowledge Base article How to configure on-access virus scanners and define the exceptions as described!
Below you will find information on using the Sandbox Service in NoSpamProxy. For general information on how a cloud sandbox works, licensing or data protection, see Informationen zum NoSpamProxy Sandbox-Service (German only).
Note
Since 2018, we strongly recommend NoSpamProxy customers to take a whitelisting approach to content filtering (see our article on email firewalls). This recommendation applies in particular to the use of the NoSpamProxy Sandbox service.
An example: Even if an “executable file for Windows” is supported by the sandbox, the question arises whether one wants to allow this potentially dangerous file type for one’s own company at all. In this case, it makes more sense to generally reject this file type and thus also save the upload to the sandbox.
If a file is classified as unsuspicious by the sandbox service, the respective email will be delivered.
Sandbox-Hashabfrage
Sandbox hash query
The retrieval of the hash values from the sandbox database can be carried out without restriction and without deduction of purchased licences. For this purpose, the corresponding check mark Query the sandbox if the attachments of inbound emails are known to be malicious must be ticked.
This check can be applied to all file types.
Sandbox upload
File uploads are limited to 20 files per user and month.
This value is the total value of permitted uploads; there is no strict user check. This means, for example, for a 50-user licence that the respective NoSpamProxy installation may upload 1000 files to the sandbox in one month. Costs may be incurred if the limit is exceeded.
To limit the sandbox check to individual file types, an additional content filter action should be created that is only applied to certain file types.
To enable uploading, the option Upload unknown files to the sandbox for analysis must be activated.
Supported file types
Executable files
Executable files for Windows
Office – Word
<all>
Office – Excel
<all>
Office – PowerPoint
<all>
Video
Adobe Flash (SWF)
Adobe Flash Video (FLV)
Text
Rich Text Format
Rich Text Format with OLE objects
PDF
PDF with URLs
Archives and compressed files
ZIP-compressed file
GZIP-compressed file
TAR archive
GZIP-compressed TAR archive
7Zip-compressed file
Scripts (Configuration via file names)
.js
.vbs
.wsf
.ps
.py
.hta
.perl
.php
.sh
Delivery delay
If a file has to be uploaded to the sandbox (sandbox upload), the email will not be accepted initially and temporarily rejected so that the sending email server delivers it again.
The temporary rejection is applied here because the analysis on the sandbox array takes a certain amount of time, but should be completed after a regular 5 minutes when a new delivery attempt is made.
This will result in a delivery delay for the respective emails which must be taken into account accordingly. We therefore recommend that you check exactly which files should really be sent to the sandbox. Note the following option if time-critical processes or mailboxes exist in your company:
Is a sandbox hash query sufficient instead of a complete analysis (sandbox upload)?
It is possible to create different actions in the content filter to configure different actions for a content filter entry for “Trusted emails” and “Untrusted emails” between a sandbox upload and a sandbox hash query.
Office documents can be converted into a secure PDF document by NoSpamProxy Content Disarming if necessary.
https://www.nospamproxy.de/wp-content/uploads/2015/07/makefg1.png256256Technik NoSpamProxyhttps://www.nospamproxy.de/wp-content/uploads/2015/03/logo.pngTechnik NoSpamProxy2021-04-19 15:15:062021-04-19 17:27:49Information on using the NoSpamProxy Sandbox Service
Monday to Friday from 9am to 5pm CET.
Deviating support availability information will be communicated via our blog, forum or in the opening email for tickets.
Response times
Next business day at the latest, but usually within four hours during regular support hours.
Priorities are set and monitored by the support team, enabling a faster response to critical issues.
If you contact us
All end customers who have concluded a valid manufacturer support or comparable contracts with Net at Work GmbH are entitled to support. End customers who have not purchased manufacturer support must open a ticket via their reseller/service provider or apply for chargeable support via our sales department.
In case of queries regarding existing tickets, please have the ticket number ready. You will find this in the subject of the opening email or in the ticket communication, represented as “NAW-xxxxx-ZxZxZx” (x is a number, Z is a letter).
If you open a new ticket by email, please refer to the Knowledge Base article Troubleshooting in case of problems. Please include all necessary information.
If you open a ticket by phone or via the contact form, please submit additional information if needed after you have received the opening email.
Please note: The more information you provide us with at the time of opening, the more targeted and faster we can respond to your request.
It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers.This article shows you ways to test the communication and function.
Details about the three Cyren engines in NoSpamProxy
NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.
Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)
Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
Program file: ctasd.exe
Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
Configuration file: ctasd.conf
Service name: NetatworkMailGatewayCyrenService
Service display name: NoSpamProxy – CYREN Service
Definitions folder: C:\ProgramData\Net at Work Mail Gateway\Cyren\Definitions
Is a web proxy required for Internet communication in your company and is it registered according to the knowledge base article How to configure CYREN services?
This must be checked and re-entered after each NoSpamProxy Update/Upgrade.
Always edit the newly created file, never overwrite it with an old version of the file.
Is it possible to communicate with and/or without web proxy to all mentioned external systems of Cyren?
Are there any exceptions on the firewall to access allsub-domains from ctmail.com? These connections must not be used for virus scanning, content filtering, or other checks!
Are there any error messages when the services are running interactively via the command prompt (CMD)? To run interactively, please follow these stepsaus and attach a screenshot of the request’s communication to support.
Stop each service from Microsoft Windows services.
Open a prompt with administrator privileges.
Run the command for the service, to be tested. Use the path to the corresponding executable if you do not have NoSpamProxy installed in the default directory
Ctasd CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
Ctipd CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
Ctwsd CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
Copy the output or take a screenshot of the output.
If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.
Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.
Analysis
RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:
If a multipart/entity signed is ever to be transmitted over the standard Internet SMTP infrastructure or other transport that is constrained to 7-bit text, it MUST have transferred encoding applied so that it is represented as 7-bit text. MIME entities that are 7-bit data already need no transfer encoding. Entities such as 8-bit text and binary data can be encoded with quoted-printable or base-64 transfer encoding.
To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.
However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.
This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.
Workarounds
Workaround 1: Enable opaque signing
Microsoft Outlook
Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.
Do the following:
Open Microsoft Outlook.
Go to File > Options > Trust Center Settings > Email Security.
Remove the check mark for Send clear text signed message when sending signed messages
Click OK.
By disabling this option, you have enabled opaque signing.
Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
You can also configure opaque signing using PowerShell:
https://www.nospamproxy.de/wp-content/uploads/Info-Icon.png667667Stefan Feisthttps://www.nospamproxy.de/wp-content/uploads/2015/03/logo.pngStefan Feist2020-09-29 11:12:482020-11-16 14:57:58Locally signed emails are permanently rejected due to invalid S/MIME signatures
We have released version 13.2.21069.1155 on March 15th, 2021. This Version is an upgrade release where the following Bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons! As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.21069.1155 (March, 15th, 2021)
based on Fast Channel Version 13.2.21040.1645
If you have installed version 13.2.21040.1645 from March 1st 2021, perform an update to this new version to avoid problems!
Fixed
27467: Archived eml file is empty
27471: D3 archive connector cannot handle subjects with special characters
27508: Possible StackOverFlowException when parsing an email address
27333: Activities are shown only in first
27457: Not recognized category from Cyren
26905: URL Safeguard removes PGP signature and email headers after rewriting URLs in PGP signed content
27124: An error occurred while creating a dispatch job: Another read operation is currently in progress
27229: Corporate email server check “SPF protected local address” is successful if only the SPF check for the EHLO domain was successful
27135: Attachments from nested emails are not uploaded to the Web Portal
Version 13.2.21040.1645 (March, 01st, 2021)
based on Fast Channel Version 13.2.20349.1331
Due to a subsequently discovered, but very rare problem, this version had to be removed from the download. A new version will be released as soon as possible, to fix all problems.
If you are already using this version, please watch out for temporarily blocked emails and contact support for clarification, if this occurs.
Fixed
26340: Large files are not auto approved if there are older files to be auto approved with malware scan failures
26931: Update Cyren to new binaries
27013: Restricting maximum concurrent connections per domain doesn’t work reliably
26872: POP3 receive connector only supports TLS 1.0
26776: email is destroyed after outbound email signing
26715: Logging extension for archive connector
26854: Internal domain names (i.e. exchange.local) are resolved using the external DNS servers
26646: Timstamp server for Outlook Add in is invalid
26666: Disclaimer is added at the wrong position
Version 13.2.20349.1331 (January 13th, 2021)
based on Fast Channel Version 13.2.20296.1426
Fixed
26541: Unexpected error occurred during a connection: Index was out of range.
26415: Attach file failed error.
26519: Illegal characters in path.
25996: Auto Retry of quality signature Item should have the Message Track status Put on hold.
25963: Waiting Status for qualified signature signing Status
26410: Configuring the Cyren service on the Web Portal fails with error message “A potentially dangerous Request.Form value was detected from the client”
26337: Header-From address in the format “Display name <address1@example.com;address2@example.com>” causes Message Tracking deserialization errors
25925: URL Safeguard rewrites URLs in brackets with the closing bracket as part of the URL
25846: CmsMimePart cannot be converted to PDF using auto encryption
26033: Outlook Add-In mime type detection detects Office documents as unprocessable zip archives
26004: Gateway Role creates replication artifacts >50MB which can’t be collected by the Intranet Role and break the replication
26173: Web portal and Outlook Add-In don’t use the correct content filter if a partner user is configured to allow any attachments
25608: Secondary DNS server is not queried if the primary DNS server responds with status code ServerFailure
25609: License usage De-Mail count is incorrect if multiple Gateway Roles are using the same De-Mail domains
26144: URL Safeguard destroys URLs in CSS by replacing them with “Protected link”-HTML
25790: NDR contains empty attachment instead of original email
25673: Outlook Addin: Issues on accessing files from UNC path
26129: Empty header line is created if the header ends with a whitespace and the header has a certain length
26507: Remove hard coded domain white list from the surbl filter
26170: Use the new endpoint for the Cyren IP Reputation
Version 13.2.20296.1426 (November 09th, 2020)
based on Fast Channel Version 13.2.20258.1435
Fixed
25605: A replication artifact could not be deserialized. The item will be retried at a later time. Error: The string Cards🏠🏡@tizgharan.org.uk is not a valid email address
25606: Message tracks could not be retrieved from the Intranet Role: The string “”@bnv.gob.ve is not a valid email address
24125: Email is signed using SMIME/PGP although it is deactivated in the rule if the sender requests automatic encryption
25654: Database cleanup is slow NOTE: If the TempDB will not shrinked automatically, use the SQL tools to do this manually
25687: Cyren malware scanner fails with error: Illegal characters in path
24838: Users should not be imported from file if email contains not allowed chars outside of quotation marks (“”)
24840: Error when importing user from text file with many @ in email address
25133: Text file automatic user import imports email address prefixes (i.e. SMTP:)
24888: Improve error message in LDAP sync when a group cannot be expanded
25729: Message Track filter doesn’t work for Powershell Cmdlets to get actions, activities, attachments, filters, URLs
26059: Outlook-Add-In crashes on initializing the MimeTypeDetection
Version 13.2.20258.1435 (September 28th, 2020)
based on Fast Channel Version 13.2.20199.1826
Changed
24112: Create Issue “German Azure Cloud will be removed”
20044: Implement automatic retries of mails waiting for qualified signatures
Fixed
24831: Add hint to manual that LDAP key server does not support LDAPS
24895: Replication service replicates too many artifacts to the database at once
24837: Reading the Default partner settings is not retried if it fails the first time
24984: EmailAddress.TryParse uses the relaxed algorithm and is used in the Envelope methods
23685: NDR is sent if an email is permanently rejected by the sandbox
23686: Sender IP address is not blocked if an email is rejected permanently by the sandbox
24904: An unexpected error occurred during a connection: Deep clone with non-clonable stream is not supported. Stream must be of type ClonableStream
24995: OpenKeys configuration is not replicated to new Gateway Roles
24884: Disclaimer is added at the wrong position
25016: NoSpamProxy crashes when a large SMIME email is processeds
24720: URL Safeguard error when rewriting URLs in message/delivery-status attachment: Mimepart ‘NestedMessageMimePart’ is not supported
24683: CDR’ed document is not attached to the EML file in case of nested attachments
24825: change tyntec text message provider default hostname
25154: Email is not accepted because of error: Length cannot be less than zero. Parameter name: length
25045: Wrong reject reason for email
25256: Emails cannot be processed by content filter
25165: Downgrade to 7 bit transfer encoding for all emails breaks existing signatures if the email contains a mime part with 8 bit transfer encoding
24917: Intermediate certificate is displayed as “untrusted root, revoked” when imported in NoSpamProxy
25343: Email with very long header line causes 100% CPU usage on Gateway Role
24753: Level of Trust bonus not granted because successful SPF validation doesn’t authenticate MAIL FROM domain
23927: “Strict Open XML” office documents are detected as zip archives
24768: TLS best practice settings include 3DES cipher suite
25319: Attachments are differently identified when a mail was signed
24873: Pdf is not disarmed, zip file detect as unprocessable
25364: An attempt to scan the file in directory ZEL4TVFP for viruses. Error: Padding is invalid and cannot be removed.
25443: Unexpected error occurred during a connection: Index was out of range.
25446: All zip files in large files detect as unprocessable+archive
25408: Cyren IP reputation filter configuration is reset after editing the rule using the MMC
25440: URL Safeguard applies HTML base URL to absolute URLs
25513: Message Tracking search is slow when searching for sender/recipient
25537: TempDB database uses enormous amounts of space during database cleanup
25538: Message Track cleanup doesn’t delete a lot of details if the detail retention time is much shorter than the summary retention time
We are currently registering awave of attacks with obsolete Microsoft Office formats that are no longer available as a file type in NoSpamProxyand should generally no longer be used.
Note
The content of this article is only arecommendation. Every NoSpamProxyusershould make the settings as required or appropriate for the company in question. The article can also be appliedto all other combinations and is not onlyrelevantforMicrosoft Officeformats.
Configuring the content filter
Basic information on setting up content filters can be found in ourtraining videos.
The configuration recommended here follows a whitelisting approach. This means that only file formats will be allowedthat ware wanted, and that all others will be blocked.
Create content filter entries for all file types (also called MIME types)that you want to allow. These content filter entries should only be configured for file types, not for file names.
Now create a content filter entry that filters for file names and rejects all attachments with a certain file extension.
In the content filter itself, the order should then be such that the allowed entries are at the top and the rejecting entry below:
Detection of IP addresses by the Cyren IP Reputation filter
How-tos 12.x, 13.xThe Cyren IP Reputation filter is available if NoSpamProxy Protection is licensed. This filter performs the check of the IP address of the sending system, classifies it according to the classification received from Cyren and assigns corresponding SCL points:
Depending on the setting of the evaluation criteria and additional classifications of the other filters in the applied rule, an IP address can thus lead to the rejection of the emails. This rejection can already take place during the envelope phase, so that further information – for example, the subject – is no longer transmitted.
NoSpamProxy has no influence on these evaluations. However, every affected sender can have their IP address and its classification checked and adjusted via the Cyren support page.
Further information
Attachment detection by Cyren Premium AntiVirus
How-tos 10.x, 11.x, 12.x, 13.x, 9.2The Cyren Premium AntiVirus scanner is part of the Malware Scanner action and can be used if NoSpamProxy Protection is licensed. Cyren Premium AntiVirus checks attachments that are attached to an email. In doing so, it carries out two basic checks:
Unlike with the Cyren AntiSpam filter, the NoSpamProxy support has no way of influencing this behaviour in the case of a misclassification.
In the case of misclassifications – i.e. false positives or false negatives – the sender or the recipient of the email must always contact Cyren and have this corrected accordingly.
A description of the process can be found on the respective Cyren support page.
In case of local problems or missing definitions, please refer to the Knowledge Base article Cyren Engines – Troubleshooting
Note
To ensure parallel operation with other locally installed virus scanners on the gateway role, please refer to the Knowledge Base article How to configure on-access virus scanners and define the exceptions as described!
Further information
Information on using the NoSpamProxy Sandbox Service
Settings 13.x, 13.xBelow you will find information on using the Sandbox Service in NoSpamProxy. For general information on how a cloud sandbox works, licensing or data protection, see Informationen zum NoSpamProxy Sandbox-Service (German only).
Note
Since 2018, we strongly recommend NoSpamProxy customers to take a whitelisting approach to content filtering (see our article on email firewalls). This recommendation applies in particular to the use of the NoSpamProxy Sandbox service.
An example: Even if an “executable file for Windows” is supported by the sandbox, the question arises whether one wants to allow this potentially dangerous file type for one’s own company at all. In this case, it makes more sense to generally reject this file type and thus also save the upload to the sandbox.
If a file is classified as unsuspicious by the sandbox service, the respective email will be delivered.
Sandbox-Hashabfrage
Sandbox hash query
The retrieval of the hash values from the sandbox database can be carried out without restriction and without deduction of purchased licences. For this purpose, the corresponding check mark Query the sandbox if the attachments of inbound emails are known to be malicious must be ticked.
This check can be applied to all file types.
Sandbox upload
File uploads are limited to 20 files per user and month.
This value is the total value of permitted uploads; there is no strict user check. This means, for example, for a 50-user licence that the respective NoSpamProxy installation may upload 1000 files to the sandbox in one month. Costs may be incurred if the limit is exceeded.
To limit the sandbox check to individual file types, an additional content filter action should be created that is only applied to certain file types.
To enable uploading, the option Upload unknown files to the sandbox for analysis must be activated.
Supported file types
Delivery delay
If a file has to be uploaded to the sandbox (sandbox upload), the email will not be accepted initially and temporarily rejected so that the sending email server delivers it again.
The temporary rejection is applied here because the analysis on the sandbox array takes a certain amount of time, but should be completed after a regular 5 minutes when a new delivery attempt is made.
This will result in a delivery delay for the respective emails which must be taken into account accordingly. We therefore recommend that you check exactly which files should really be sent to the sandbox. Note the following option if time-critical processes or mailboxes exist in your company:
Support Information
Troubleshooting contact, erreichbarkeit, information, kontakt, reaction, reaktionszeit, support, timeBelow you will find general information about our support services.
For further details, please refer to the Allgemeinen Geschäftsbedingungen (AGB)
Contact
Phone: +49 (5251) 304 636
Email: support@nospamproxy.de
Contact form: Support request
Support hours
Monday to Friday from 9am to 5pm CET.
Deviating support availability information will be communicated via our blog, forum or in the opening email for tickets.
Response times
Next business day at the latest, but usually within four hours during regular support hours.
Priorities are set and monitored by the support team, enabling a faster response to critical issues.
If you contact us
All end customers who have concluded a valid manufacturer support or comparable contracts with Net at Work GmbH are entitled to support. End customers who have not purchased manufacturer support must open a ticket via their reseller/service provider or apply for chargeable support via our sales department.
In case of queries regarding existing tickets, please have the ticket number ready. You will find this in the subject of the opening email or in the ticket communication, represented as “NAW-xxxxx-ZxZxZx” (x is a number, Z is a letter).
If you open a new ticket by email, please refer to the Knowledge Base article Troubleshooting in case of problems. Please include all necessary information.
If you open a ticket by phone or via the contact form, please submit additional information if needed after you have received the opening email.
Please note: The more information you provide us with at the time of opening, the more targeted and faster we can respond to your request.
Cyren Engines – Troubleshooting
Troubleshooting 10.x, 11.x, 12.x, 13.x, 9.2It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers. This article shows you ways to test the communication and function.
Details about the three Cyren engines in NoSpamProxy
NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.
Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)
Cyren IP Reputation (ctipd)
Cyren URL Categorization (ctwsd)
Note: All paths are the default paths and may differ from your installation.
Troubleshooting
In the following section you will find a small checklist, which you should always check before the first request to the support
CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.
Locally signed emails are permanently rejected due to invalid S/MIME signatures
Known errorsProblem
Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.
Analysis
RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:
To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.
However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.
This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.
Workarounds
Workaround 1: Enable opaque signing
Microsoft Outlook
Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.
Do the following:
By disabling this option, you have enabled opaque signing.
Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
You can also configure opaque signing using PowerShell:
For more information click here.
Workaround 2: Remove local signatures
Configure NoSpamProxy to remove locally applied signatures.
Release Notes – NoSpamProxy 13.2 (Fast Channel)
Release Notes 13.2We have released version 13.2.21069.1155 on March 15th, 2021. This Version is an upgrade release where the following Bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons! As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.21069.1155 (March, 15th, 2021)
based on Fast Channel Version 13.2.21040.1645
If you have installed version 13.2.21040.1645 from March 1st 2021, perform an update to this new version to avoid problems!
Fixed
Version 13.2.21040.1645 (March, 01st, 2021)
based on Fast Channel Version 13.2.20349.1331
Due to a subsequently discovered, but very rare problem, this version had to be removed from the download. A new version will be released as soon as possible, to fix all problems.
If you are already using this version, please watch out for temporarily blocked emails and contact support for clarification, if this occurs.
Fixed
Version 13.2.20349.1331 (January 13th, 2021)
based on Fast Channel Version 13.2.20296.1426
Fixed
Version 13.2.20296.1426 (November 09th, 2020)
based on Fast Channel Version 13.2.20258.1435
Fixed
NOTE: If the TempDB will not shrinked automatically, use the SQL tools to do this manually
Version 13.2.20258.1435 (September 28th, 2020)
based on Fast Channel Version 13.2.20199.1826
Changed
Fixed
Version 13.2.20199.1826 (July 27th, 2020)
based on Regular Channel Version 13.2.20171.1151
Fixed
How to reject unwanted Office formats
How-tosWe are currently registering a wave of attacks with obsolete Microsoft Office formats that are no longer available as a file type in NoSpamProxy and should generally no longer be used.
Note
The content of this article is only a recommendation. Every NoSpamProxy user should make the settings as required or appropriate for the company in question. The article can also be applied to all other combinations and is not only relevant for Microsoft Office formats.
Configuring the content filter
Basic information on setting up content filters can be found in our training videos.
The configuration recommended here follows a whitelisting approach. This means that only file formats will be allowed that ware wanted, and that all others will be blocked.
In the content filter itself, the order should then be such that the allowed entries are at the top and the rejecting entry below: