The filter “Cyren AntiSpam” is available if NoSpamProxy Protection is licensed. This filter does the main work of checking emails for spam regarding content and structure of the email. It generates a Reference ID, which is sent to Cyren when an email is received and checked against a database. If this check reveals no characteristics of spam emails, the email will be accepted. Otherwise, the filter assigns 4 SCL (Spam Confidence Level) points, which in the default settings already rejects the email.

In order to continuously improve the recognition of emails of this type, we have the option of reporting to Cyren emails that have not been recognised as spam or have been incorrectly recognised as spam as false negatives or false positives. To enable us to do so, please send us the necessary information – as indicated below – to the email address spamreport@nospamproxy.de.

Please note:

  • Do not keep emails stored and please do not send us ZIP archives.
  • The false positives and false negatives should always be reported promptly so that further delivery attempts are filtered correctly.
  • Reports should not be older than 7 days.

False Negatives

These are unrecognized spam emails that were delivered by NoSpamProxy in spite of all checks.

  • For the analysis of false negatives, please send us the original email as .eml or .msg files, as it arrived at the recipient’s mailbox, as a direct attachment to a newly written email.
  • It must not be an internally forwarded email, since the headers of the email may no longer be complete, or changed.

False Positives

These are desired emails that have been classified as spam and have therefore not been delivered, but rejected.

  • Please send us the exported message track from message tracking. To export it, go to the NoSpamProxy console under “Monitoring > Message Tracking”, double-click on the corresponding entry so that the details of the message open, and then click on “Export message track” in the bottom left corner of the window. This will save a .XML file up to version 11.1 and a .JSON file from version 12.0. Please send us this exported file.
  • Starting with version 13, you also have the option of activating the file directly from the NoSpamProxy console. To do this, go to “Monitoring > Message Tracking” in the console, mark the corresponding entry in the message tracking and then click on the link “Report as ‘False Positive’ to Cyren” below the list.

It is common that not only the user who originally performed the installation needs to perform updates, but also other administrator accounts. To do this, it is necessary to set up the appropriate permissions for these additional users. The corresponding steps are described below:

  1. Notes
      • All steps apply to all roles of NoSpamProxy; they differ only in the database names.
        • Database Intranet Role: NoSpamProxyAddressSynchronization
        • Database Gateway Role: NoSpamProxyDB
        • Database Web Portal: enQsigPortal
      • Users and user groups (local or in the domain) can be registered.
    • Log on with the user with which the installation was performed.
  2. Install the SQL Management Studio.
  3. Open SQL Management Studio and log on to the local instance  that contains the NoSpamProxy database(s), using Windows authentication.
  4. Expand the Security folder and the Logins folder.
  5. Right-click on the “Logins” folder and select “New Login” from the context menu.
  6. Under “General”, select the user to be added, but keep the “Windows Authentication” item.
    Database Rights - General
  7. Under “Server Roles” tick the checkbox for “sysadmin”.
    Database Rights - Server Roles
  8. Under “User Mapping”, check the corresponding database and additionally activate the role “db_owner”.
    Database Rights - User Mapping
  9. All other settings are optional.
  10. Save the new login and close SQL Management Studio.

To verify access, log on to the system with the added user, open SQL Management Studio, and check whether you can view the database tables. If this works, access is set up.

PDF conversion as part of Content Disarm and Reconstruction (CDR), converts Microsoft Word, Microsoft Excel and PDF documents into secure PDF files by removing any active content. The PDF file can then be opened without any concerns, with the original file either left attached to the email or removed. CDR is a feature in NoSpamProxy Protection and in conjunction with NoSpamProxy Large Files provides an optimal way to disarm unsafe documents and retain the original files.

CDR is configured in the “Content filter actions” and then applied to the corresponding emails via the “Content filters”. A training video on the content filters can be found at https://www.nospamproxy.de/de/support/trainingsvideos/ (German only).

This conversion process is very time-consuming and not all documents can be converted. We have built in a protection mechanism so that the unsafe attachments are not delivered, even if the conversion fails.

  • If only Protection, but not Large Files, is licensed, the email for which the conversion did not work is first stored under “Monitoring > Emails on hold” and the configured administrator is informed. The administrator then has the task of checking the email and can then either download it as an EML file and forward it via Outlook or deactivate/change the content filter for this email for a limited time and force delivery again.
  • If Protection and Large Files are licensed, the original file will be uploaded to the Web Portal if the conversion fails (if desired even if the conversion was successful), but it will be locked there, so that it must also be released by the administrator, deviating from the settings for the successful conversion.
    The email itself is delivered to the recipient, with the corresponding information for downloading, but without the converted PDF file, as this was not possible.

This protective mechanism cannot be changed or influenced.

This Knowledge Base article describes the integration of the NoSpamProxy Performance Counter in PRTG.

The following performance counters are available on the server with the NoSpamProxy Gateway Role and can be integrated into PRTG.

——————————————————————————————————

\NoSpamProxy Queues(_total)\Currently active

\NoSpamProxy Queues(_total)\Delay notifications sent

\NoSpamProxy Queues(_total)\Network failures

\NoSpamProxy Queues(_total)\Non delivery Reports sent

\NoSpamProxy Queues(_total)\Pending mails

\NoSpamProxy Queues(_total)\Relay notifications sent

—————————————————————————————————–

In PRTG, select the device (Gateway Role Server) and add a “PerfCounter Custom” sensor (right-click).

When searching for the sensor to be created, restrict it via Custom Sensors/Performance Counters.

  • The sensor name can be freely assigned
  • Under “List of Counters” one of the above (cut and paste) must be specified.
  • The interval is inherited from the host by default, but can also be defined (see below).
    Then, click Create.

NoSpamProxy Performance Counter für PRTG

Due to the increasing requirement of the Delivery via queues mode within the incoming send connectors of NoSpamProxy we will discontinue the direct delivery.

What is Delivery via queues?

In this mode, emails are received by NoSpamProxy, checked and then committed directly to the sending server. Only then will emails be forwarded to the downstream systems.
This procedure is particularly important for content filtering and forwarding to Office 365 tenants. It also offers the advantage that of keeping the incoming mails in the queue if the following system is not reachable and forwarding them directly if they can be reached again.

How can it be configured?

Please go to “Configuration > Email routing > Inbound send connectors” and click  “Switch to Delivery via queue”.

 

The following list provides only a small selection of apps able to display PDF Mails correctly.

Windows:

  • Adobe Acrobat Reader (Desktop version, free version available)

Android:

  • Foxit (free version available)
  • xodo PDF (free version available)

iOS:

  • Foxit (free version available)
  • xodo PDF (free version available)
  1. Installing the root certificates:
    In order to verify signed documents, the root certificates used by the trust centers must be installed. You can download a zip archive with the certificates recommended by Secrypt using the following link: http://www.secrypt.de/downloads/6wb8212103bd/secrypt/certificates/secrypt_issuer_certificates.zip
    Unpack the ZIP file into the certificate folder of your digiSeal product on your hard disk.
    If you are using the digiSeal server, please use the configured directories. These can be found in the Administration/Basic configuration/Exhibitor certificate directory section and for each verification process in the Process configuration/Verification/Certificate directory section. Update these directories with the new certificates and restart the processes.
    If you are using digiSeal Reader, you can find the folders here:
    Win 7/Vista: C:\ProgramData\digiseal ****\certificates\issuer_certificates
    Win XP: C:\Documents and Settings\All Users\Application Data\digiSeal ***\certificates\issuer_certificates
  2. Checking the authenticity of the ZIP archive:
    To verify the authenticity of the Zip archive you can use the following signature: http://www.secrypt.de/downloads/6wb8212103bd/secrypt/certificates/secrypt_issuer_certificates.zip.p7s
    The digiSeal reader is available to you free of charge as test software. The authenticity of the ZIP archive is confirmed when the verification has been carried out successfully and the signature has been created by us.

The following is an excerpt from the Cisco Knowledge Base:

Note

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

CiscoASA# config t
CiscoASA(config)# policy-map global_policy
CiscoASA(config-pmap)# class inspection_default
CiscoASA(config-pmap-c)# no inspect esmtp
CiscoASA(config-pmap-c)# exit
CiscoASA(config-pmap)# exit
CiscoASA(config)# exit
CiscoASA# wr me

Note

In ASA version 8.0.3 and later, the allow-tls command is available to allow TLS email with inspect esmtp enabled as shown:

config t
policy-map type inspect esmtp tls-esmtp
parameters
allow-tls action log
exit

policy-map global_policy
class inspection_default
no inspect esmtp
inspect esmtp tls-esmtp
Exit