To move version 12.x or 13.x to another computer, proceed as follows:

  1. Export and delete existing DKIM keys on the source server if necessary (only available with NoSpamProxy Protection).
  2. Copy your own stored logo image files to the new computer
  3. Copy the files Intranet Role.config and license.xml from the directory C:\ProgramData\Net at Work Mail Gateway\Configuration to the new computer.
  4. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” on the target server and copy Intranet Role.config and license.xml into it.
  5. Customize the Intranet Role.config.
  6. Install the SQL server.
  7. Stop the Intranet Role service.
  8. a) Back up the database files and restore them to the target SQL server.
    OR
    b) Move the database files to the new directory and mount them in the SQL server.
  9. Execute the NoSpamProxy Setup on the target server.
  10. Connect the Intranet role to the Gateway role.
  11. Then check all previously set passwords and certificates and reassign the connectors.
  12. Import the DKIM keys exported in step 1) to the target server.

The steps in detail

  1. Export and delete existing DKIM keys on the source server.
  2. In the NoSpamProxy Management Console, go to People and Identities > DKIM Keys and export existing DKIM Keys (if any) and delete them afterwards.
  3. Copy your own, stored logo image files to the new computer
    You can find the logo image file under the name Logo.png on the Intranet Role in the directory “C:\ProgramData\Net at Work Mail Gateway\Intranet\Theme\”. Create this directory on the new computer and place the file Logo.png in it.
  4. Copy the Intranet Role.config and license.xml to the new computer.
    First stop all NoSpamProxy services on the source computer and then stop the SQL database instance. This is usually found under the Windows services under the name “SQL Server (NOSPAMPROXY)”.
    Now copy the Intranet Role.config and license.xml from the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” to the target computer.
    Please copy ONLY the mentioned files from the directories, otherwise problems could occur during installation.
  5. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” on the target server and copy Intranet Role.config and license.xml into it.
  6. Edit the Intranet Role.config
    Open the file with an editor, such as Notepad, and search for the following entry:
    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
    <CipherData>
    <CipherValue>AQAAANCMnd...==</CipherValue>
    </CipherData>
    </EncryptedData>
    </connectionStrings>

    Change it to look like this at the end:
    <connectionStrings>
    </connectionStrings>

    Search the entire file for
    encryptedPassword=
    and change the occurrences that look similar to
    encryptedPassword="AQAAANCM...W9b17"inencryptedPassword=""

    Do the same for all occurrences of

    tlsCertificatePin="AQAAANCM...W9b17" and

    tlsCertificateThumbprint="AQAAANCM...W9b17"

    as well as

    password="AQAAANCM...W9b17".

    If De-Mail was configured, please search for

    certificatePin="AQKLM....D87W"

    and change the entry in

    certifcatePin="".

    Finally, search for any DKIM keys that may be available. Search for the following entry:

    <dkimKeys>
    <key domain="example.com" selector="key1" privateKey="AAAAcVARJk3pG0SsnJkmR2FK..." />
    </dkimKeys>

    Change the entry so that it looks like this:

    <dkimKeys>
    </dkimKeys>

    Now save the file.

  7. Install the SQL Server.
    Now install the SQL Server in the version you want starting with SQL Server 2008 R2.
    Do not forget to install the administration tools, in particular SQL Management Studio.
  8. Stop the Intranet Role Service
    Stop the Intranet roles service via the NoSpamProxy console or via the Windows services to exclude access to the database and entries in the database of the Intranet role.
  9. a) Back up the database files and restore them to the target SQL server.
    With the help of SQL Management Studio you first create a backup of the SQL database “NoSpamProxyAddressSynchronization” on the source server.
    Right-click on the database and select “Task / Backup”. A dialog opens. Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section.
    Then start the backup.
    Copy the resulting backup file to the target server and restore it.
    To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
    First select “Device” and add a new “File” in the dialog that appears. This file is the currently copied backup file.
    Now start the recovery.
    OR
    b) Move the database files to the new directory and mount them in the SQL server.
    The SQL database files are usually located in the path “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name that begins with NoSpamProxy.
    Copy both the NoSpamProxyAddressSynchronization.mdf and NoSpamProxyAddressSynchronization.ldf files to the target computer and move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server.
    Then open SQL Management Studio. After logging on to the server, right-click Databases and select Add (or Databases and Attach).
    In the following dialog, add the first database file from the desired directory. The associated log file is automatically recognized.
  10. Execute the NoSpamProxy Setup for the same version.
    Now start the setup of the NoSpamProxy. Make sure to select Advanced Installation.
    In the query which SQL Server is used, select that a SQL Server is already installed and set the corresponding connection parameters. The setup then recognizes all further configuration files and adapts them.
  11. Connect the Intranet role to the Gateway role.
    As soon as the setup has been completed successfully, reconnect the intranet role under Gateway Components with the gateway role and, if necessary, the web portal.
    To do this, delete the existing connections, then restart the Intranet role and reconnect it.
  12. Then check all previously set passwords and certificates and reassign the connectors.
    With the conversion, the device-dependent encrypted passwords were deleted or can no longer be decrypted. This applies in particular to the password for protecting sensitive data, with which the private keys of S/MIME and PGP are protected.
    In the interface, set the old password again to restore access.
    The same applies to any SSL certificates configured in the receive connector.
    Therefore, check all passwords and SSL certificates that were previously stored and reset them.
    In addition, the send and receive connectors must be reassigned to corresponding gateway roles.
  13. Import the DKIM keys exported in step 1) to the target server.

Migration of the NoSpamProxy Web Portal

If the NoSpamProxy WebPortal is in use and this is to be migrated to another server, there are two different ways of doing this which are described below:

Migration by installing another Web Portal

  1. Install the NoSpamProxy Web Portal on the new server including a new database and set it up according to the installation instructions.
  2. Include the new Web Portal parallel to the existing WebPortal in the NoSpamProxy console under Configuration > NoSpamProxy Components > Web Portal.
  3. Change the accessibility of the Web Portal from the outside so that the standard link points to the new Web Portal, so that only this can be addressed from the outside / from the gateway role. Thus all files are exchanged between the Web Portals via the service “NoSpamProxy – FileSynchronizationService”.
  4. After the set storage time period under Configuration > NoSpamProxy Components > Web Portal > Web Portal Settings > Modify on the  Large Files tab, the old Web Portal can then be switched off because no new files have been stored there or all existing files have expired.

Please note: If you switch off the system with the old WebPortal, also remove it under Configuration > NoSpamProxy Components > WebPortal, otherwise the Intranet role will still try to communicate with the Web Portal, resulting in memory overflow of the database.

Migration by relocation of the data

  1. Install the SQL Server in the version you want starting from SQL Server 2012. Do not forget to install the management tools, especially SQL Management Studio.
  2. Stop the “NoSpamProxy – FileSynchronizationService” service via the Windows computer administration (Windows services) and the Internet Information Service (IIS) via the command line “CMD> iisreset /stop” to exclude access to the database and entries in the database of the web portal.
  3. a) Back up the database files and restore them to the target SQL server.
    Using the SQL Management Studio, you first create a backup of the SQL database “enQsigPortal” on the source server. To do this, right-click on the database and select “Task / Backup”. A dialog opens. Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section. Then start the backup. Copy the resulting backup file to the target server and restore it.
    To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
    First select “Device” and add a new “File” in the dialog that appears. This file is the currently copied backup file. Now start the recovery.
    OR
    b) Move the database files to the new directory and mount them in the SQL server.
    The SQL database files are usually located under “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name “enQsigPortal”. Copy both the enQsigPortal.mdf and enQsigPortal.ldf file to the target computer. Now move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server. Then open SQL Management Studio. After logging on to the server, right-click Databases and select Add (or Databases and Attach). In the following dialog, add the first database file from the desired directory. The associated log file is automatically recognized.
  4. Copy the storage folder of the files from the source server to the destination server. Where the files are stored on the source server can be found in the NoSpamProxy console under Configuration > NoSpamProxy Components > Web Portal in the integrated WebPortal. Please note the folder structure and store the files on the target server where they should be stored in the future.
  5. Install the WebPortal on the target server and set up the access in IIS according to your environment. Make sure that you select the existing instance on the SQL Server and do NOT install a new instance!
  6. Remove the old WebPortal from the Intranet role and add the new WebPortal accordingly in the NoSpamProxy console under “Configuration > NoSpamProxy Components > WebPortal”.
    After inserting the components, make sure that you adjust the storage location accordingly!
    If the access to the new WebPortal works and your users can also download the files, you can still see in the NoSpamProxy console under “Monitoring > Suspended e-mails” whether there in the meantime have accumulated e-mails that are still waiting for processing by the content filter. To do this, restart the processing.

Notes

  • All certificates that can be found in the console under “People and Identities > Certificates” are in the database and are automatically moved by the relocation of the intranet roles database “NoSpamProxyAddressSynchronization” during a migration.
  • The gateway role gets all information from the intranet role. Therefore this role is simply reinstalled during an upcoming migration.
  • If template adjustments were made manually, you must copy the changed templates to the target system.
  • If the disclaimer is licensed and configured, please note the following Knowledge Base article http://kb.nospamproxy.de/Wiki-Seiten/DisclaimerSSLCert.aspx and copy the templates for the disclaimer from the directory “C:\ProgramData\Net at Work Mail Gateway\Intranet\Templates” to the target system

To move versions 10.x and 11.x to another computer, proceed as follows:

  1. Copy the Intranet Role.config and the license.xml to the new computer.
  2. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” and copy Intranet Role.config and license.xml into it.
  3. Customize the Intranet Role.config.
  4. Install the SQL server.
  5. a) Backup the database files and restore them to the target SQL server OR
    b)Move the database files to the new directory and mount them in the SQL server.
  6. Execute the NoSpamProxy Setup.
  7. Connect the Intranet role to the Gateway role.
  8. Then check all previously set passwords and certificates and reassign the connectors.

The steps in detail

  1. Copy the Intranet Role.config and license.xml to the new computer.
  2. First, stop the NoSpamProxy services on the source computer and then stop the SQL database instance. These can usually be found under the Windows services as “SQL Server (NOSPAMPROXY)”. Then stop all Net at Work Mail Gateway services.
    Copy the Intranet Role.config and license.xml from “C:\ProgramData\Net at Work Mail Gateway\Configuration” to the target computer.
    Please copy ONLY the mentioned files from the directories, otherwise problems could occur during installation.
  3. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” and copy Intranet Role.config and license.xml into it.
    Customize the Intranet Role.config.
    Open the file with an editor, such as Notepad, and search for the following entry:
    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
    <CipherData>
    <CipherValue>AQAAANCMnd...==</CipherValue>
    </CipherData>
    </EncryptedData>
    </connectionStrings>

    Modify it to look like this:
    <connectionStrings>
    </connectionStrings>

    Search the file for
    encryptedPassword=
    and change entries similar to
    encryptedPassword="AQAAANCM...W9b17"
    in
    encryptedPassword=""
    Do the same for the entries
    tlsCertificatePin="AQAAANCM...W9b17"
    and
    tlsCertificateThumbprint="AQAAANCM...W9b17"
    and
    password="AQAAANCM...W9b17"
    and
    privateKey="AQAAANCM...W9b17"
    Save the file.

 

  1. Install the SQL Server.
    Now install the SQL Server in the version you want starting with SQL Server 2008. Do not forget to install the administration tools, especially SQL Management Studio.
  2. a) Back up the database files and restore them to the target SQL Server.
    With the help of SQL Management Studio you first create a backup of the SQL database “NoSpamProxyAddressSynchronization” on the source server.
    Right-click on the database and select “Task / Backup”. A dialog opens.
    Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section.
    Then start the backup. Copy the resulting backup file to the target server and restore it.
    To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
    First select “Device” and add a new “File” in the dialog that appears. This file is the backup file that has just been copied. Now start the recovery.
    b) Move the database files to the new directory and mount them in the SQL server.
    The SQL database files are usually located in the path “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name that begins with NoSpamProxy.
    Copy both the NoSpamProxyAddressSynchronization.mdf and NoSpamProxyAddressSynchronization.ldf files to the target computer.
    Now move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server. Then open SQL Management Studio.
    After logging on to the server, right-click Databases and select Add (or Databases and Attach).
    In the following dialog, add the first database file from the desired directory.
    The associated log file is automatically recognized.
  3. Execute the NoSpamProxy Setup.
    Now start the setup of the NoSpamProxy. Be sure to select Advanced Installation.
    When prompted for which SQL Server is used, select that an SQL Server is already installed and set the appropriate connection parameters. The setup then recognizes all further configuration files and adapts them.
  4. Connect the Intranet role to the Gateway role.
    As soon as the setup has been completed successfully, reconnect the intranet role under Gateway Components to the gateway role and, if necessary, to the web portal.
    To do this, delete the existing connections, then restart the Intranet role and reconnect it.
  5. Then check all previously set passwords and certificates and reassign the connectors.
    With the conversion, the device-dependent encrypted passwords were deleted or can no longer be decrypted. This applies in particular to the password for protecting sensitive data, with which the private keys of S/MIME and PGP are protected.
    Set the old password again in the interface to restore access. The same applies to SSL certificates configured in the receive connector.
    Therefore, check all passwords and SSL certificates that were previously stored and reset them.
    In addition, the send and receive connectors must be reassigned to corresponding gateway roles.

Note

The gateway role and the web portal get all information from the intranet role. Therefore, they are simply reinstalled during an upcoming migration.

When integrating SwissSign as a certificate provider, consider the following:

Together with our colleagues from SwissSign we have created the following document, which lists all points to consider when integrating a Managed PKI from SwissSign into the NoSpamProxy.

This document will be updated if necessary.

FAQNetAtWork.pdf

 

This article describes how to configure a proxy server version 9.x or later of NoSpamProxy. The Cyren filter and antivirus also works on port 80, but it is configured separately:

Configuration CYREN Premium AntiVirus

Queries via Windows components

In order to be able to use the proxy for queries that are made directly via Windows components, such as a possible CRL check, you must store the proxy in the system. To do this, execute the following command as an administrator. This command adopts the proxy settings from Internet Explorer for the system components:

netsh winhttp import proxy source=ie

Gateway Role

To enter the proxy, the file NetatworkMailGatewayGatewayRole.exe.config from the directory “..\Net at Work Mail Gateway\Gateway Role” must be edited. The following lines must be added.

Copy&Paste does not work because invisible control characters are also copied.

<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>

Adjust the IP address of your proxy server accordingly. The file should look similar to the following. However, please edit a copy of the original file!
Copy&Paste does not work because invisible control characters are also copied.

<?XML version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<gcServer enabled="true" />
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.Unity" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.1.505.0" newVersion="2.1.505.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.3.1.0" newVersion="4.3.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.2.0" newVersion="5.6.2.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>​​
</configuration>

If you want to define exceptions, add the following section directly above the line </defaultProxy>

<bypasslist>
<add address="[a-z]+\.contoso\.com$" />
<add address="192\.168\.\d{1,3}\.\d{1,3}" />
<add address="intranet.nospamproxy.de" />
</bypasslist>​

If it is absolutely necessary to say that NO web proxy is to be used, the following must be entered:

<system.net>
<defaultProxy enabled="false" />
</system.net>

After you have modified the file, restart the Gateway Role.

Please note that the file may be overwritten with each patch/upgrade and the changes must be made again.

Intranet Role

If you want to assign a proxy to the Intranet role, this can be done in the same way as described above using the NetatworkMailGatewayIntranetRole.exe.config from the directory “..\Net at Work Mail Gateway\Intranet Role”. Please note that the Intranet Role requires direct communication with the Gateway Role. You should therefore define proxy exceptions for the Gateway Role(s).

Outlook add-in

If a Web Proxy with authentication is used on the client PC, it is possible that the NoSpamProxy Outlook add-in cannot upload files to the Web Portal from the client PC because the information from the system variables do not apply here. To make this information available to the add-in, however, you must perform the following steps:

    1. In the Microsoft Outlook installation directory, create a new file named “Outlook.exe.config” next to the “Outlook.exe” file.
    2. Enter the following information into this file and save it:
      <configuration>
      <system.net>
      <defaultProxy useDefaultCredentials="true" />
      </system.net>
      </configuration>
    3. Restart Outlook.

Find more information on the Microsoft Website.

You can use a custom SSL certificate to secure the management website of the disclaimer tool. To do this, the desired certificate with the private key must be stored in the certificate store of the computer account on the Intranet role under “Personal certificates”. In the training video for integrating your own TLS certificate, this is explained for the Gateway Role, among other things. However, the manual rights adjustment for the Intranet role is not necessary, this is accomplished by the Powershell shown below.

If the certificate is located in the certificate store on the Intranet Role, run Powershell with admin rights as local administrator. Then execute the following command:

Set-NspWebApiConfiguration -ShowCertificateSelectorUI

A window opens in which the available certificates are displayed. Select the desired certificate and confirm your selection. Now restart the Intranet Role. Your certificate is now active on the Disclaimer website.