It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers.This article shows you ways to test the communication and function.
Details about the three Cyren engines in NoSpamProxy
NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.
Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)
Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
Program file: ctasd.exe
Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
Configuration file: ctasd.conf
Service name: NetatworkMailGatewayCyrenService
Service display name: NoSpamProxy – CYREN Service
Definitions folder: C:\ProgramData\Net at Work Mail Gateway\Cyren\Definitions
Is a web proxy required for Internet communication in your company and is it registered according to the knowledge base article How to configure CYREN services?
This must be checked and re-entered after each NoSpamProxy Update/Upgrade.
Always edit the newly created file, never overwrite it with an old version of the file.
Is it possible to communicate with and/or without web proxy to all mentioned external systems of Cyren?
Are there any exceptions on the firewall to access allsub-domains from ctmail.com? These connections must not be used for virus scanning, content filtering, or other checks!
Are there any error messages when the services are running interactively via the command prompt (CMD)? To run interactively, please follow these stepsaus and attach a screenshot of the request’s communication to support.
Stop each service from Microsoft Windows services.
Open a prompt with administrator privileges.
Run the command for the service, to be tested. Use the path to the corresponding executable if you do not have NoSpamProxy installed in the default directory
Ctasd CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
Ctipd CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
Ctwsd CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
Copy the output or take a screenshot of the output.
If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.
Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.
Analysis
RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:
If a multipart/entity signed is ever to be transmitted over the standard Internet SMTP infrastructure or other transport that is constrained to 7-bit text, it MUST have transferred encoding applied so that it is represented as 7-bit text. MIME entities that are 7-bit data already need no transfer encoding. Entities such as 8-bit text and binary data can be encoded with quoted-printable or base-64 transfer encoding.
To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.
However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.
This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.
Workarounds
Workaround 1: Enable opaque signing
Microsoft Outlook
Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.
Do the following:
Open Microsoft Outlook.
Go to File > Options > Trust Center Settings > Email Security.
Remove the check mark for Send clear text signed message when sending signed messages
Click OK.
By disabling this option, you have enabled opaque signing.
Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
You can also configure opaque signing using PowerShell:
https://www.nospamproxy.de/wp-content/uploads/Info-Icon.png667667Stefan Feisthttps://www.nospamproxy.de/wp-content/uploads/2015/03/logo.pngStefan Feist2020-09-29 11:12:482020-11-16 14:57:58Locally signed emails are permanently rejected due to invalid S/MIME signatures
We have released version 13.2.20296.1426 on November 09th, 2020. This version is an upgrade release where the following bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons!
As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.20296.1426 (November 09th, 2020)
based on Fast Channel Version 13.2.20258.1435
Fixed
25605: A replication artifact could not be deserialized. The item will be retried at a later time. Error: The string Cards🏠🏡@tizgharan.org.uk is not a valid email address
25606: Message tracks could not be retrieved from the Intranet Role: The string “”@bnv.gob.ve is not a valid email address
24125: Email is signed using SMIME/PGP although it is deactivated in the rule if the sender requests automatic encryption
25654: Database cleanup is slow NOTE: If the TempDB will not shrinked automatically, use the SQL tools to do this manually
25687: Cyren malware scanner fails with error: Illegal characters in path
24838: Users should not be imported from file if email contains not allowed chars outside of quotation marks (“”)
24840: Error when importing user from text file with many @ in email address
25133: Text file automatic user import imports email address prefixes (i.e. SMTP:)
24888: Improve error message in LDAP sync when a group cannot be expanded
25729: Message Track filter doesn’t work for Powershell Cmdlets to get actions, activities, attachments, filters, URLs
26059: Outlook-Add-In crashes on initializing the MimeTypeDetection
Version 13.2.20258.1435 (September 28th, 2020)
based on Fast Channel Version 13.2.20199.1826
Changed
24112: Create Issue “German Azure Cloud will be removed”
20044: Implement automatic retries of mails waiting for qualified signatures
Fixed
24831: Add hint to manual that LDAP key server does not support LDAPS
24895: Replication service replicates too many artifacts to the database at once
24837: Reading the Default partner settings is not retried if it fails the first time
24984: EmailAddress.TryParse uses the relaxed algorithm and is used in the Envelope methods
23685: NDR is sent if an email is permanently rejected by the sandbox
23686: Sender IP address is not blocked if an email is rejected permanently by the sandbox
24904: An unexpected error occurred during a connection: Deep clone with non-clonable stream is not supported. Stream must be of type ClonableStream
24995: OpenKeys configuration is not replicated to new Gateway Roles
24884: Disclaimer is added at the wrong position
25016: NoSpamProxy crashes when a large SMIME email is processeds
24720: URL Safeguard error when rewriting URLs in message/delivery-status attachment: Mimepart ‘NestedMessageMimePart’ is not supported
24683: CDR’ed document is not attached to the EML file in case of nested attachments
24825: change tyntec text message provider default hostname
25154: Email is not accepted because of error: Length cannot be less than zero. Parameter name: length
25045: Wrong reject reason for email
25256: Emails cannot be processed by content filter
25165: Downgrade to 7 bit transfer encoding for all emails breaks existing signatures if the email contains a mime part with 8 bit transfer encoding
24917: Intermediate certificate is displayed as “untrusted root, revoked” when imported in NoSpamProxy
25343: Email with very long header line causes 100% CPU usage on Gateway Role
24753: Level of Trust bonus not granted because successful SPF validation doesn’t authenticate MAIL FROM domain
23927: “Strict Open XML” office documents are detected as zip archives
24768: TLS best practice settings include 3DES cipher suite
25319: Attachments are differently identified when a mail was signed
24873: Pdf is not disarmed, zip file detect as unprocessable
25364: An attempt to scan the file in directory ZEL4TVFP for viruses. Error: Padding is invalid and cannot be removed.
25443: Unexpected error occurred during a connection: Index was out of range.
25446: All zip files in large files detect as unprocessable+archive
25408: Cyren IP reputation filter configuration is reset after editing the rule using the MMC
25440: URL Safeguard applies HTML base URL to absolute URLs
25513: Message Tracking search is slow when searching for sender/recipient
25537: TempDB database uses enormous amounts of space during database cleanup
25538: Message Track cleanup doesn’t delete a lot of details if the detail retention time is much shorter than the summary retention time
We are currently registering awave of attacks with obsolete Microsoft Office formats that are no longer available as a file type in NoSpamProxyand should generally no longer be used.
Note
The content of this article is only arecommendation. Every NoSpamProxyusershould make the settings as required or appropriate for the company in question. The article can also be appliedto all other combinations and is not onlyrelevantforMicrosoft Officeformats.
Configuring the content filter
Basic information on setting up content filters can be found in ourtraining videos.
The configuration recommended here follows a whitelisting approach. This means that only file formats will be allowedthat ware wanted, and that all others will be blocked.
Create content filter entries for all file types (also called MIME types)that you want to allow. These content filter entries should only be configured for file types, not for file names.
Now create a content filter entry that filters for file names and rejects all attachments with a certain file extension.
In the content filter itself, the order should then be such that the allowed entries are at the top and the rejecting entry below:
We have released the Version 13.2.20171.1151 on June 30th, 2020. This Version is an upgrade release where the following Bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons!
As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.20171.1151 (June 30th, 2020)
includes changes and bug fixes from Regular Channel Version 13.2.20141.1435
Fixed
24397: A replication artifact could not be deserialized
24444: Message tracks could not be retrieved from the Intranet Role
24514: Intranet Role database updates fails: Failed to execute an SQL command. Error: String or binary data would be truncated.
23966: “Error: Invalid algorithm specified” when importing a certificate with rsaSignatureWithripemd160 signature algorithm
24400: Office365 detection fails when an Office 365 accepted domain is used instead of an Guid
24138: Update TLS Best Practices for Windows 2012R2
24503: Sign and Encrypt action incorrectly uses SHA-512 although the certificate only supports SHA-256
24468: Object reference not set to an instance of an object.
24544: Stripping batv data can lead to failures to update message tracking data
24496: Missing data for signature validation. SignedContent is empty and no data stream has been provided.
24520: Attachments in nested EML attachments are not detected if the content type of the nested EML is not message/rfc822
24530: Improve the Mail to many recipient with out- or inbound content filter configured
24504: URL Safeguard details are incorrectly marked as deleted in Message Tracking which causes the cleanup to fail
24547: A lot of inbound Duplicate mails, if it was a mail to 626 recipients
23928: Gateway Role crashes / ARSoft DNS lookup causes stackoverflow exception
23967: CDR file not send if files over size limit should be uploaded to the web portal
23638: Email is put on hold with “Error: A clone of the specified mimepart was not found.” if the content filter removes a file from an attached EML file
23913: Base64 decoder doesn’t ignore extra padding characters if configured to ignore extra characters
24076: Inbound Large Files links are also password protected
24008: Message Tracking cleanup doesn’t finish in cleanup period
23640: Spam URI Realtime Blocklist filter error: Object reference not set to an instance of an object
24030: Disclaimer keyword replacement is slow for larger HTML bodies
23888: URL Safeguard rewrite part of email addresses in attached eml file
24134: Improve notification info
24204: Legacy Excel 4.0 macros are not detected
24191: Spelling errors in message details
24245: CorporateMailOffice365TenantTests unit tests are failing because of an expired certificate
Configuring the CYREN Services for use with a Web Proxy
This article describes how to configure a proxy server for the CYREN services with the Protection module in all NoSpamProxy versions from version 9.2 onwards. To do this you have to download the files
ctasd.conf
ctipd.conf (additionally available from version 12.x)
ctwsd.conf (additionally available as of version 13.x)
from the directory “C:\ProgramData\Net at Work Mail Gateway\CYREN\”.
The following section is responsible for this:
# If you connect to the Internet through a proxy server, you
# should uncomment the following parameters and assign appropriate
# values.
#ProxyPort = 80
#ProxyServerAddress = myproxy
#ProxyAuth = NoAuth
#ProxyUserName = user@proxy
#ProxyPassword = 1234
#ProxyAccess = 1
If you are using a proxy server without authentication, remove the # character before the lines “ProxyPort”, “ProxyServerAddress”, “ProxyAuth” and “ProxyAccess”. Enter the corresponding port of your proxy server in ” ProxyPort”. Behind the entry “ProxyServerAddress” you configure either the IP address or the FQDN of your proxy server. For “ProxyAuth” leave the entry at “NoAuth”.
If you are using a proxy server with authentication, you must additionally configure the options “ProxyUserName” and “ProxyPassword”. Enter the corresponding logon information for “ProxyUserName” and “ProxyPassword”. Additionally, you must change the value “ProxyAuth” to “Basic”.
After you have saved the file, you must restart the services NoSpamProxy – CYREN Service (ctasd.conf), NoSpamProxy – CYREN IP Reputation Service (ctipd.conf) and NoSpamProxy – CYREN URL Categorization Service (ctwsd.conf) in order for the changes to take effect.
Note
In order for all Cyren services to function properly, unrestricted access to *.ctmail.com must be given. Also a virus scan on these connections must not be done, because the definitions for the Cyren Premium AntiVirus are downloaded there as well!
Always follow the instructions in the installation manual and the general upgrade instructions here in the Knowledge Base.
Before upgrading make sure that the .NET Framework version 4.7.2 or higher (we reommend .NET Framework version 4.8) is installed and that the SQL Server version is 2008 R2 (we recommend 2017 or later). All supported versions can be found here.
Important note for upgrade version 13.0 and later versions
Do not install this beta version in productive environments!
As of Version 13.2.20083.1640, a script for enhancing the address searching is included. This may cause the setup not to respond for a some time during database update.
The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Upgrading from version 12.2 and earlier versions
Please install version 13.1.19330.1217 or higher before upgrading to version 13.2. You can download this version here. Please also note all upgrade articles for older versions in our Knowledge Base under “Update Information”.
Upgrade NoSpamProxy
When upgrading from version 13.1 to version 13.2, all settings and user information are retained. Only the proxy settings and content adjustments of the template files (templates) must be saved as usual and reinstalled after the upgrade. This procedure is described under General update information. For security reasons, please export existing DKIM keys from the console under “People and identities > DKIM Keys” BEFORE upgrading.
Additionally, please check the following points after the upgrade:
Content filter: As there have been changes to the file types (MIME Types), please check all content filters and their content filter entries
The reputation filter in the rule set has been extended in version 13.2 compared to version 13.1. This modification enables further, additional checks
Four additional checks on the HEADER-FROM
One additional check whether the transmission was secured with TLS
Starting with version 13.2, the incident to the Spam URI Realtime Blocklists is converted from an error to a warning
URL Safeguard: It is now possible to disable URLs
Cryptographic key provider: You can now also request certificates from the German National Research and Education Network (DFN)
Greylisting is now a policy violation
BATV addresses are now included in the license count
Calculation of the license values for the Encryption and Large Files modules has been changed. From now on inbound and outbound emails are considered. See License management in version 13 and higher.
Note: Discontinuation of the Office 365 client “Deutsche Azure Cloud” From version 13.2.20258.1435 a notification is displayed at the NoSpamProxy console start page that the client is no longer supported from version 14. All users who still have such a client active must not upgrade to version 14 until the migration on Microsoft side has been made. Further information is available here:
As of version 13.0 we have changed the integration of the license from license file to license key. This change is done automatically and no further action is required. In case of problems, please refer to the Knowledge Base article How to install a new license.
Outlook Add-In
The upgrade of the gateway and the Web Portal necessarily requires an upgrade of the Outlook Add-In as well, otherwise communication with the Web Portal is no longer possible.
https://www.nospamproxy.de/wp-content/uploads/2015/07/makefg1.png256256Stefan Feisthttps://www.nospamproxy.de/wp-content/uploads/2015/03/logo.pngStefan Feist2020-04-07 08:27:412020-09-28 12:47:07Upgrade to Version 13.2
We have released the version 13.1.20071.1529 on March 16th, 2020. This version is an upgrade release where the following bugs are fixed and new features are added or changed.
Important Information
As of update Version 12.2.18253.1152, a script for cleaning up the message tracking is included, which deletes orphaned entries in the database and from Version 13.0.19169.1943, a script for improving Table Indexes was added. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
If the Protection module is licensed, it is possible that the Cyren services do not work and no viruses and spam checks are performed after the update to version 13, although the NoSpamProxy license itself has been correctly validated. To correct this, in the NoSpamProxy Management Console go to Configuration/NoSpamProxy Components/Gateway Roles, select the gateway role(s) and click on Synchronize configuration.
It is possible in combination with some Domain names, that the Reputation filter will block emails due to an obfuscated owned Domain. Only in this case we will recommend to reduce the SCL Points to maximum 2 SCL Points (Default is 4 SCL Points) for the test ‘Header-From’ is an owned Domain at the Reputation filter, to be found on the tab Filters at the applied rule, on tab ‘Header-From’ Tests. This will be improved within the next Major Version. Example: Owned Domain = example.com, but the Reputation filter will also detect my-example.com as an obfuscated owned Domain.
Version 13.1.20071.1529 (March 16th, 2020)
based on Fast Channel Version 13.1.20048.1517
In order to prevent the error message “Unable to relay”, this version is required if emails are to be sent from Office 365 via NoSpamProxy.
Fixed
Cleaned up the Office 365 certificate check and changed the default behaviour to exclude the Root certificate from the revocation check
Remove check for self-signed UID from PGP key import
Charset decoding is performed incorrectly when extracting body from winmail.dat
Version number in PDF metadata is detected as URL and checked by the Spam URI Realtime Blocklist filter
Email is put on hold with “Error: A clone of the specified mime part was not found.” if the content filter removes a file from an attached EML file
Outlook Add-In does not handle Content Filters correctly
ICAP Malware scanner does not work with Symantec Endpoint Protection
URLSafeGuard: Links with umlaut could not be complete rewritten
Disclaimer is not positioned correctly when replying to Gmail emails
PGP encrypted attachment having Content-Type header with long media type and encoded file name can’t be serialized after decryption
Adobe cannot open the Attachment from PDF
GlobalSign certificates could not be revoked
Homographic attack detection does not work
Content filter in partner domain/user is not detect in outlook addin
Sending an administrative notification for CPU or HDD stress level failed. Error: Value cannot be null.
Resolution of the dependency failed by sending an administrative notification for CPU or HDD
Converted files are not approved if it is a Web Portal mail
Error in webportal template for redirection
Failed to update health statistics. Error: System.ArgumentNullException
Different content filters for partner users are not working correctly also in Add-In
Cyren Engines – Troubleshooting
Troubleshooting 10.x, 11.x, 12.x, 13.x, 9.2It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers. This article shows you ways to test the communication and function.
Details about the three Cyren engines in NoSpamProxy
NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.
Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)
Cyren IP Reputation (ctipd)
Cyren URL Categorization (ctwsd)
Note: All paths are the default paths and may differ from your installation.
Troubleshooting
In the following section you will find a small checklist, which you should always check before the first request to the support
CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.
Locally signed emails are permanently rejected due to invalid S/MIME signatures
Known errorsProblem
Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.
Analysis
RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:
To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.
However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.
This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.
Workarounds
Workaround 1: Enable opaque signing
Microsoft Outlook
Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.
Do the following:
By disabling this option, you have enabled opaque signing.
Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online
You can also configure opaque signing using PowerShell:
For more information click here.
Workaround 2: Remove local signatures
Configure NoSpamProxy to remove locally applied signatures.
Release Notes – NoSpamProxy 13.2 (Fast Channel)
Release Notes 13.2We have released version 13.2.20296.1426 on November 09th, 2020. This version is an upgrade release where the following bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons!
As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.20296.1426 (November 09th, 2020)
based on Fast Channel Version 13.2.20258.1435
Fixed
NOTE: If the TempDB will not shrinked automatically, use the SQL tools to do this manually
Version 13.2.20258.1435 (September 28th, 2020)
based on Fast Channel Version 13.2.20199.1826
Changed
Fixed
Version 13.2.20199.1826 (July 27th, 2020)
based on Regular Channel Version 13.2.20171.1151
Fixed
How to reject unwanted Office formats
How-tosWe are currently registering a wave of attacks with obsolete Microsoft Office formats that are no longer available as a file type in NoSpamProxy and should generally no longer be used.
Note
The content of this article is only a recommendation. Every NoSpamProxy user should make the settings as required or appropriate for the company in question. The article can also be applied to all other combinations and is not only relevant for Microsoft Office formats.
Configuring the content filter
Basic information on setting up content filters can be found in our training videos.
The configuration recommended here follows a whitelisting approach. This means that only file formats will be allowed that ware wanted, and that all others will be blocked.
In the content filter itself, the order should then be such that the allowed entries are at the top and the rejecting entry below:
Release Notes – NoSpamProxy 13.2 (Regular Channel)
Release Notes 13.2, 13.2We have released the Version 13.2.20171.1151 on June 30th, 2020. This Version is an upgrade release where the following Bugs are fixed and new features are added or changed.
Important Information
If you have previously installed a beta version 13.2, please upgrade to the official release version 13.2.20141.1435 or later for support reasons!
As of version 13.2.20083.1640, a script for enhancing the address searching is included. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Version 13.2.20171.1151 (June 30th, 2020)
includes changes and bug fixes from Regular Channel Version 13.2.20141.1435
Fixed
Version 13.2.20141.1435 (June 2nd, 2020)
includes changes and bug fixes from Fast Channel Version 13.1.20071.1529
New / Changed
Discontinuations
Fixed
How to configure CYREN services
How-tos 10.x, 11.x, 12.x, 13.x, 9.2Configuring the CYREN Services for use with a Web Proxy
This article describes how to configure a proxy server for the CYREN services with the Protection module in all NoSpamProxy versions from version 9.2 onwards. To do this you have to download the files
from the directory “C:\ProgramData\Net at Work Mail Gateway\CYREN\”.
The following section is responsible for this:
# If you connect to the Internet through a proxy server, you
# should uncomment the following parameters and assign appropriate
# values.
#ProxyPort = 80
#ProxyServerAddress = myproxy
#ProxyAuth = NoAuth
#ProxyUserName = user@proxy
#ProxyPassword = 1234
#ProxyAccess = 1
If you are using a proxy server without authentication, remove the # character before the lines “ProxyPort”, “ProxyServerAddress”, “ProxyAuth” and “ProxyAccess”. Enter the corresponding port of your proxy server in ” ProxyPort”. Behind the entry “ProxyServerAddress” you configure either the IP address or the FQDN of your proxy server. For “ProxyAuth” leave the entry at “NoAuth”.
If you are using a proxy server with authentication, you must additionally configure the options “ProxyUserName” and “ProxyPassword”. Enter the corresponding logon information for “ProxyUserName” and “ProxyPassword”. Additionally, you must change the value “ProxyAuth” to “Basic”.
After you have saved the file, you must restart the services NoSpamProxy – CYREN Service (ctasd.conf), NoSpamProxy – CYREN IP Reputation Service (ctipd.conf) and NoSpamProxy – CYREN URL Categorization Service (ctwsd.conf) in order for the changes to take effect.
Note
In order for all Cyren services to function properly, unrestricted access to *.ctmail.com must be given. Also a virus scan on these connections must not be done, because the definitions for the Cyren Premium AntiVirus are downloaded there as well!
Upgrade to Version 13.2
Update Information 13.2, 13.2Always follow the instructions in the installation manual and the general upgrade instructions here in the Knowledge Base.
Before upgrading make sure that the .NET Framework version 4.7.2 or higher (we reommend .NET Framework version 4.8) is installed and that the SQL Server version is 2008 R2 (we recommend 2017 or later). All supported versions can be found here.
Important note for upgrade version 13.0 and later versions
Do not install this beta version in productive environments!
As of Version 13.2.20083.1640, a script for enhancing the address searching is included. This may cause the setup not to respond for a some time during database update.
The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
Upgrading from version 12.2 and earlier versions
Please install version 13.1.19330.1217 or higher before upgrading to version 13.2. You can download this version here.
Please also note all upgrade articles for older versions in our Knowledge Base under “Update Information”.
Upgrade NoSpamProxy
When upgrading from version 13.1 to version 13.2, all settings and user information are retained. Only the proxy settings and content adjustments of the template files (templates) must be saved as usual and reinstalled after the upgrade. This procedure is described under General update information.
For security reasons, please export existing DKIM keys from the console under “People and identities > DKIM Keys” BEFORE upgrading.
Additionally, please check the following points after the upgrade:
From version 13.2.20258.1435 a notification is displayed at the NoSpamProxy console start page that the client is no longer supported from version 14. All users who still have such a client active must not upgrade to version 14 until the migration on Microsoft side has been made. Further information is available here:
License type change
As of version 13.0 we have changed the integration of the license from license file to license key. This change is done automatically and no further action is required.
In case of problems, please refer to the Knowledge Base article How to install a new license.
Outlook Add-In
The upgrade of the gateway and the Web Portal necessarily requires an upgrade of the Outlook Add-In as well, otherwise communication with the Web Portal is no longer possible.
Release Notes – NoSpamProxy 13.1 (Fast Channel)
Release NotesWe have released the version 13.1.20071.1529 on March 16th, 2020. This version is an upgrade release where the following bugs are fixed and new features are added or changed.
Important Information
As of update Version 12.2.18253.1152, a script for cleaning up the message tracking is included, which deletes orphaned entries in the database and from Version 13.0.19169.1943, a script for improving Table Indexes was added.
These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
If the Protection module is licensed, it is possible that the Cyren services do not work and no viruses and spam checks are performed after the update to version 13, although the NoSpamProxy license itself has been correctly validated. To correct this, in the NoSpamProxy Management Console go to Configuration/NoSpamProxy Components/Gateway Roles, select the gateway role(s) and click on Synchronize configuration.
It is possible in combination with some Domain names, that the Reputation filter will block emails due to an obfuscated owned Domain. Only in this case we will recommend to reduce the SCL Points to maximum 2 SCL Points (Default is 4 SCL Points) for the test ‘Header-From’ is an owned Domain at the Reputation filter, to be found on the tab Filters at the applied rule, on tab ‘Header-From’ Tests. This will be improved within the next Major Version.
Example: Owned Domain = example.com, but the Reputation filter will also detect my-example.com as an obfuscated owned Domain.
Version 13.1.20071.1529 (March 16th, 2020)
based on Fast Channel Version 13.1.20048.1517
In order to prevent the error message “Unable to relay”, this version is required if emails are to be sent from Office 365 via NoSpamProxy.
Fixed
Version 13.1.20048.1517 (February 26th, 2020)
based on Regular Channel Version 13.1.19330.1217
New / Changed
Fixed