< zurück

The Cyren IP Reputation filter is available if NoSpamProxy Protection is licensed. This filter performs the check of the IP address of the sending system, classifies it according to the classification received from Cyren and assigns corresponding SCL points:

  • No known risk (0 SCL points)
  • Medium risk (1 SCL points)
  • High risk (3 SCL points)

Depending on the setting of the evaluation criteria and additional classifications of the other filters in the applied rule, an IP address can thus lead to the rejection of the emails. This rejection can already take place during the envelope phase, so that further information – for example, the subject – is no longer transmitted.

NoSpamProxy has no influence on these evaluations. However, every affected sender can have their IP address and its classification checked and adjusted via the Cyren support page.

Further information

 

Tags:
< zurück

The Cyren Premium AntiVirus scanner is part of the Malware Scanner action and can be used if NoSpamProxy Protection is licensed. Cyren Premium AntiVirus checks attachments that are attached to an email. In doing so, it carries out two basic checks:

  • Local checks against definitions
    • The definitions are regularly downloaded from the Cyren servers. In case of access problems to the Cyren servers, the definitions must not be older than two days.
    • During the check, the attachment is placed in the directory C:\ProgramData\Net at Work Mail Gateway\Cyren\Temp, checked and deleted again.
  • Live checks – Zero Hour Protection
    • Check for conspicuous attachments in the recent past. A hash value is generated and sent to Cyren, which then sends a response with the corresponding classification by Cyren.

Unlike with the Cyren AntiSpam filter, the NoSpamProxy support has no way of influencing this behaviour in the case of a misclassification.
In the case of misclassifications – i.e. false positives or false negatives – the sender or the recipient of the email must always contact Cyren and have this corrected accordingly.

A description of the process can be found on the respective Cyren support page.

In case of local problems or missing definitions, please refer to the Knowledge Base article Cyren Engines – Troubleshooting

Note

To ensure parallel operation with other locally installed virus scanners on the gateway role, please refer to the Knowledge Base article How to configure on-access virus scanners and define the exceptions as described!

Further information

< zurück

Below you will find information on using the Sandbox Service in NoSpamProxy. For general information on how a cloud sandbox works, licensing or data protection, see Informationen zum NoSpamProxy Sandbox-Service (German only).

Note

Since 2018, we strongly recommend NoSpamProxy customers to take a whitelisting approach to content filtering (see our article on email firewalls). This recommendation applies in particular to the use of the NoSpamProxy Sandbox service.

An example: Even if an “executable file for Windows” is supported by the sandbox, the question arises whether one wants to allow this potentially dangerous file type for one’s own company at all. In this case, it makes more sense to generally reject this file type and thus also save the upload to the sandbox.

If a file is classified as unsuspicious by the sandbox service, the respective email will be delivered.

Sandbox-Hashabfrage

Sandbox hash query

The retrieval of the hash values from the sandbox database can be carried out without restriction and without deduction of purchased licences. For this purpose, the corresponding check mark Query the sandbox if the attachments of inbound emails are known to be malicious must be ticked.

NoSpamProxy Sandbox Service - Hash Check
This check can be applied to all file types.

Sandbox upload

File uploads are limited to 20 files per user and month.

This value is the total value of permitted uploads; there is no strict user check. This means, for example, for a 50-user licence that the respective NoSpamProxy installation may upload 1000 files to the sandbox in one month. Costs may be incurred if the limit is exceeded.

To limit the sandbox check to individual file types, an additional content filter action should be created that is only applied to certain file types.
To enable uploading, the option Upload unknown files to the sandbox for analysis must be activated.
NoSpamProxy Sandbox Service - Hash Check an Upload

Supported file types

  • Executable files
    • Executable files for Windows
  • Office – Word
    • <all>
  • Office – Excel
    • <all>
  • Office – PowerPoint
    • <all>
  • Video
    • Adobe Flash (SWF)
    • Adobe Flash Video (FLV)
  • Text
    • Rich Text Format
    • Rich Text Format with OLE objects
    • PDF
    • PDF with URLs
  • Archives and compressed files
    • ZIP-compressed file
    • GZIP-compressed file
    • TAR archive
    • GZIP-compressed TAR archive
    • 7Zip-compressed file
  • Scripts (Configuration via file names)
    • .js
    • .vbs
    • .wsf
    • .ps
    • .py
    • .hta
    • .perl
    • .php
    • .sh

Delivery delay

If a file has to be uploaded to the sandbox (sandbox upload), the email will not be accepted initially and temporarily rejected so that the sending email server delivers it again.

The temporary rejection is applied here because the analysis on the sandbox array takes a certain amount of time, but should be completed after a regular 5 minutes when a new delivery attempt is made.

This will result in a delivery delay for the respective emails which must be taken into account accordingly. We therefore recommend that you check exactly which files should really be sent to the sandbox. Note the following option if time-critical processes or mailboxes exist in your company:

  • Is a sandbox hash query sufficient instead of a complete analysis (sandbox upload)?
  • It is possible to create different actions in the content filter to configure different actions for a content filter entry for “Trusted emails” and “Untrusted emails” between a sandbox upload and a sandbox hash query.
  • Office documents can be converted into a secure PDF document by NoSpamProxy Content Disarming if necessary.

Tags:
< zurück

Below you will find general information about our support services.
For further details, please refer to the
Allgemeinen Geschäftsbedingungen (AGB) 

Contact

Phone: +49 (5251) 304 636
Email: support@nospamproxy.de
Contact form: Support request 

Support hours

Monday to Friday from 9am to 5pm CET.
Deviating support availability information will be communicated via our blog, forum or in the opening email for tickets.

Response times

Next business day at the latest, but usually within four hours during regular support hours.
Priorities are set and monitored by the support team, enabling a faster response to critical issues.

If you contact us

All end customers who have concluded a valid manufacturer support or comparable contracts with Net at Work GmbH are entitled to support. End customers who have not purchased manufacturer support must open a ticket via their reseller/service provider or apply for chargeable support via our sales department.

In case of queries regarding existing tickets, please have the ticket number ready. You will find this in the subject of the opening email or in the ticket communication, represented as “NAW-xxxxx-ZxZxZx” (x is a number, Z is a letter).

If you open a new ticket by email, please refer to the Knowledge Base article Troubleshooting in case of problems. Please include all necessary information.

If you open a ticket by phone or via the contact form, please submit additional information if needed after you have received the opening email.
Please note: The more information you provide us with at the time of opening, the more targeted and faster we can respond to your request.

Info Icon
< zurück

It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers. This article shows you ways to test the communication and function.

Details about the three Cyren engines in NoSpamProxy

NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.

Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctasd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctasd.conf
  • Service name: NetatworkMailGatewayCyrenService
  • Service display name: NoSpamProxy – CYREN Service
  • Definitions folder: C:\ProgramData\Net at Work Mail Gateway\Cyren\Definitions
  • Definitions files: aivsecon-v2.def, antivir-v2.def, antivir-v2.ini, antivir-v2-hit.ini
    • these four files should always be in the directory
    • The file “antivir-v2-hit.ini” should never be older than 2 hours
    • To re-update,restart the service
  • External access: resolver1.netat.ctmail.com, resolver [2…5] .netat.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren IP Reputation (ctipd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctipd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctipd.conf
  • Service Name: NetatworkMailGatewayCyrenIpReputationService
  • Service Display Name: NoSpamProxy – CYREN IP Reputation Service
  • External access: Iprep1.t.ctmail.com,Iprep[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren URL Categorization (ctwsd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctwsd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctwsd.conf
  • Service Name: NetatworkMailGatewayCyrenUrlService
  • Service Display Name: NoSpamProxy – CYREN URL Categorization Service
  • External access: webres1.t.ctmail.com,webres[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Note: All paths are the default paths and may differ from your installation.

Troubleshooting

In the following section you will find a small checklist, which you should always check before the first request to the support

  • Is the necessary module licensed in NoSpamProxy? If not, you don’t need the services and can disable them on the system in the Windows services.
  • Has the Knowledge Base article How to configure on-access virus scanners been applied to all systems with the appropriate services?
  • Is a web proxy required for Internet communication in your company and is it registered according to the knowledge base article How to configure CYREN services?
    • This must be checked and re-entered after each NoSpamProxy Update/Upgrade.
    • Always edit the newly created file, never overwrite it with an old version of the file.
  • Is it possible to communicate with and/or without web proxy to all mentioned external systems of Cyren?
  • Are there any exceptions on the firewall to access all sub-domains from ctmail.com? These connections must not be used for virus scanning, content filtering, or other checks!
  • Are there any error messages when the services are running interactively via the command prompt (CMD)? To run interactively, please follow these steps aus and attach a screenshot of the request’s communication to support.
    1. Stop each service from Microsoft Windows services.
    2. Open a prompt with administrator privileges.
    3. Run the command for the service, to be tested. Use the path to the corresponding executable if you do not have NoSpamProxy installed in the default directory
      • Ctasd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
      • Ctipd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
      • Ctwsd
        CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
    4. Copy the output or take a screenshot of the output.

If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.

Info Icon
< zurück

Problem

Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.

Analysis

RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:

If a multipart/entity signed is ever to be transmitted over the standard Internet SMTP infrastructure or other transport that is constrained to 7-bit text, it MUST have transferred encoding applied so that it is represented as 7-bit text. MIME entities that are 7-bit data already need no transfer encoding. Entities such as 8-bit text and binary data can be encoded with quoted-printable or base-64 transfer encoding.

To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.

However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.

This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.

Workarounds

Workaround 1: Enable opaque signing

Microsoft Outlook

Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.

Do the following:

  1. Open Microsoft Outlook.
  2. Go to File > Options > Trust Center Settings > Email Security.
  3. Remove the check mark for Send clear text signed message when sending signed messages
    Enabling opaque signing in Microsoft Outlook
  4. Click OK.

By disabling this option, you have enabled opaque signing.

Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online

You can also configure opaque signing using PowerShell:

Set-SmimeConfig -OWAClearSign $false

For more information click here.

Receiving email clients that do not support S/MIME cannot process emails signed using opaque signing.

Workaround 2: Remove local signatures

Configure NoSpamProxy to remove locally applied signatures.

Corresponding emails can be delivered in this way, but lose their S/MIME signature.

  1. Go to Configuration > Rules.
  2. Open the appropriate rule for inbound emails.
  3. Go to the Actions tab, open the S/MIME and PGP validation as well as encryption action, and go to the Validation options tab.
  4. Place the check mark for Remove attached signature from S/MIME-signed emails (recommended).
  5. Click Save and Close.

< zurück

We have released version 13.2.21069.1155 on March 15th, 2021. This Version is an upgrade release where the following Bugs are fixed and new features are added or changed.

Important Information

If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons! As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.

Version 13.2.21069.1155 (March, 15th, 2021)

based on Fast Channel Version 13.2.21040.1645

If you have installed version 13.2.21040.1645 from March 1st 2021, perform an update to this new version to avoid problems!

Fixed

  • 27467: Archived eml file is empty
  • 27471: D3 archive connector cannot handle subjects with special characters
  • 27508: Possible StackOverFlowException when parsing an email address
  • 27333: Activities are shown only in first
  • 27457: Not recognized category from Cyren
  • 26905: URL Safeguard removes PGP signature and email headers after rewriting URLs in PGP signed content
  • 27124: An error occurred while creating a dispatch job: Another read operation is currently in progress
  • 27229: Corporate email server check “SPF protected local address” is successful if only the SPF check for the EHLO domain was successful
  • 27135: Attachments from nested emails are not uploaded to the Web Portal

Version 13.2.21040.1645 (March, 01st, 2021)

based on Fast Channel Version 13.2.20349.1331

Due to a subsequently discovered, but very rare problem, this version had to be removed from the download. A new version will be released as soon as possible, to fix all problems.
If you are already using this version, please watch out for temporarily blocked emails and contact support for clarification, if this occurs.

Fixed

  • 26340: Large files are not auto approved if there are older files to be auto approved with malware scan failures
  • 26931: Update Cyren to new binaries
  • 27013: Restricting maximum concurrent connections per domain doesn’t work reliably
  • 26872: POP3 receive connector only supports TLS 1.0
  • 26776: email is destroyed after outbound email signing
  • 26715: Logging extension for archive connector
  • 26854: Internal domain names (i.e. exchange.local) are resolved using the external DNS servers
  • 26646: Timstamp server for Outlook Add in is invalid
  • 26666: Disclaimer is added at the wrong position

Version 13.2.20349.1331 (January 13th, 2021)

based on Fast Channel Version 13.2.20296.1426

Fixed

  • 26541: Unexpected error occurred during a connection: Index was out of range.
  • 26415: Attach file failed error.
  • 26519: Illegal characters in path.
  • 25996: Auto Retry of quality signature Item should have the Message Track status Put on hold.
  • 25963: Waiting Status for qualified signature signing Status
  • 26410: Configuring the Cyren service on the Web Portal fails with error message “A potentially dangerous Request.Form value was detected from the client”
  • 26337: Header-From address in the format “Display name <address1@example.com;address2@example.com>” causes Message Tracking deserialization errors
  • 25925: URL Safeguard rewrites URLs in brackets with the closing bracket as part of the URL
  • 25846: CmsMimePart cannot be converted to PDF using auto encryption
  • 26033: Outlook Add-In mime type detection detects Office documents as unprocessable zip archives
  • 26004: Gateway Role creates replication artifacts >50MB which can’t be collected by the Intranet Role and break the replication
  • 26173: Web portal and Outlook Add-In don’t use the correct content filter if a partner user is configured to allow any attachments
  • 25608: Secondary DNS server is not queried if the primary DNS server responds with status code ServerFailure
  • 25609: License usage De-Mail count is incorrect if multiple Gateway Roles are using the same De-Mail domains
  • 26144: URL Safeguard destroys URLs in CSS by replacing them with “Protected link”-HTML
  • 25790: NDR contains empty attachment instead of original email
  • 25673: Outlook Addin: Issues on accessing files from UNC path
  • 26129: Empty header line is created if the header ends with a whitespace and the header has a certain length
  • 26507: Remove hard coded domain white list from the surbl filter
  • 26170: Use the new endpoint for the Cyren IP Reputation

Version 13.2.20296.1426 (November 09th, 2020)

based on Fast Channel Version 13.2.20258.1435

Fixed

  • 25605: A replication artifact could not be deserialized. The item will be retried at a later time. Error: The string Cards🏠🏡@tizgharan.org.uk is not a valid email address
  • 25606: Message tracks could not be retrieved from the Intranet Role: The string “”@bnv.gob.ve is not a valid email address
  • 24125: Email is signed using SMIME/PGP although it is deactivated in the rule if the sender requests automatic encryption
  • 25654: Database cleanup is slow
    NOTE: If the TempDB will not shrinked automatically, use the SQL tools to do this manually
  • 25687: Cyren malware scanner fails with error: Illegal characters in path
  • 24838: Users should not be imported from file if email contains not allowed chars outside of quotation marks (“”)
  • 24840: Error when importing user from text file with many @ in email address
  • 25133: Text file automatic user import imports email address prefixes (i.e. SMTP:)
  • 24888: Improve error message in LDAP sync when a group cannot be expanded
  • 25729: Message Track filter doesn’t work for Powershell Cmdlets to get actions, activities, attachments, filters, URLs
  • 26059: Outlook-Add-In crashes on initializing the MimeTypeDetection

Version 13.2.20258.1435 (September 28th, 2020)

based on Fast Channel Version 13.2.20199.1826

Changed

  • 24112: Create Issue “German Azure Cloud will be removed”
  • 20044: Implement automatic retries of mails waiting for qualified signatures

Fixed

  • 24831: Add hint to manual that LDAP key server does not support LDAPS
  • 24895: Replication service replicates too many artifacts to the database at once
  • 24837: Reading the Default partner settings is not retried if it fails the first time
  • 24984: EmailAddress.TryParse uses the relaxed algorithm and is used in the Envelope methods
  • 23685: NDR is sent if an email is permanently rejected by the sandbox
  • 23686: Sender IP address is not blocked if an email is rejected permanently by the sandbox
  • 24904: An unexpected error occurred during a connection: Deep clone with non-clonable stream is not supported. Stream must be of type ClonableStream
  • 24995: OpenKeys configuration is not replicated to new Gateway Roles
  • 24884: Disclaimer is added at the wrong position
  • 25016: NoSpamProxy crashes when a large SMIME email is processeds
  • 24720: URL Safeguard error when rewriting URLs in message/delivery-status attachment: Mimepart ‘NestedMessageMimePart’ is not supported
  • 24683: CDR’ed document is not attached to the EML file in case of nested attachments
  • 24825: change tyntec text message provider default hostname
  • 25154: Email is not accepted because of error: Length cannot be less than zero. Parameter name: length
  • 25045: Wrong reject reason for email
  • 25256: Emails cannot be processed by content filter
  • 25165: Downgrade to 7 bit transfer encoding for all emails breaks existing signatures if the email contains a mime part with 8 bit transfer encoding
  • 24917: Intermediate certificate is displayed as “untrusted root, revoked” when imported in NoSpamProxy
  • 25343: Email with very long header line causes 100% CPU usage on Gateway Role
  • 24753: Level of Trust bonus not granted because successful SPF validation doesn’t authenticate MAIL FROM domain
  • 23927: “Strict Open XML” office documents are detected as zip archives
  • 24768: TLS best practice settings include 3DES cipher suite
  • 25319: Attachments are differently identified when a mail was signed
  • 24873: Pdf is not disarmed, zip file detect as unprocessable
  • 25364: An attempt to scan the file in directory ZEL4TVFP for viruses. Error: Padding is invalid and cannot be removed.
  • 25443: Unexpected error occurred during a connection: Index was out of range.
  • 25446: All zip files in large files detect as unprocessable+archive
  • 25408: Cyren IP reputation filter configuration is reset after editing the rule using the MMC
  • 25440: URL Safeguard applies HTML base URL to absolute URLs
  • 25513: Message Tracking search is slow when searching for sender/recipient
  • 25537: TempDB database uses enormous amounts of space during database cleanup
  • 25538: Message Track cleanup doesn’t delete a lot of details if the detail retention time is much shorter than the summary retention time
  • 25526: A parameter was invalid.

Version 13.2.20199.1826 (July 27th, 2020)

based on Regular Channel Version 13.2.20171.1151

Fixed

  • 24608: An unexpected error occurred during a connection: Die Länge darf nicht kleiner als 0 (null) sein. Parametername: length
  • 24621: Trigram search is slow
  • 24718: DKIM signature verification fails if the email contains an attached EML file with incorrect content type
  • 24684: Emails with nested EML attachment with incorrect content type are not serialized correctly
  • 24640: Email rejected by CxO Fraud Detection action causes two NDRs in default configuration
  • 24662: “Unable to confirm artifacts replication” error if there are a lot of replication artifacts
  • 24679: Multiple reputation filter PTR record tests are failing if the sender IP address doesn’t have a PTR record
  • 24719: An email could not be decoded

Tags:
< zurück

We are currently registering a wave of attacks with obsolete Microsoft Office formats that are no longer available as a file type in NoSpamProxy and should generally no longer be used.

Note

The content of this article is only a recommendation. Every NoSpamProxy user should make the settings as required or appropriate for the company in question. The article can also be applied to all other combinations and is not only relevant for Microsoft Office formats.

Configuring the content filter

Basic information on setting up content filters can be found in our training videos.

The configuration recommended here follows a whitelisting approach. This means that only file formats will be allowed that ware wanted, and that all others will be blocked.

  1. Create content filter entries for all file types (also called MIME types) that you want to allow. These content filter entries should only be configured for file types, not for file names.
    Allowed file types
  2. Now create a content filter entry that filters for file names and rejects all attachments with a certain file extension.
    Blocked file names

In the content filter itself, the order should then be such that the allowed entries are at the top and the rejecting entry below:

Order of the content filter entries