To move versions 10.x and 11.x to another computer, proceed as follows:

  1. Copy the Intranet Role.config and the license.xml to the new computer.
  2. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” and copy Intranet Role.config and license.xml into it.
  3. Customize the Intranet Role.config.
  4. Install the SQL server.
  5. a) Backup the database files and restore them to the target SQL server OR
    b)Move the database files to the new directory and mount them in the SQL server.
  6. Execute the NoSpamProxy Setup.
  7. Connect the Intranet role to the Gateway role.
  8. Then check all previously set passwords and certificates and reassign the connectors.

The steps in detail

  1. Copy the Intranet Role.config and license.xml to the new computer.
  2. First, stop the NoSpamProxy services on the source computer and then stop the SQL database instance. These can usually be found under the Windows services as “SQL Server (NOSPAMPROXY)”. Then stop all Net at Work Mail Gateway services.
    Copy the Intranet Role.config and license.xml from “C:\ProgramData\Net at Work Mail Gateway\Configuration” to the target computer.
    Please copy ONLY the mentioned files from the directories, otherwise problems could occur during installation.
  3. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” and copy Intranet Role.config and license.xml into it.
    Customize the Intranet Role.config.
    Open the file with an editor, such as Notepad, and search for the following entry:
    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
    <CipherData>
    <CipherValue>AQAAANCMnd...==</CipherValue>
    </CipherData>
    </EncryptedData>
    </connectionStrings>

    Modify it to look like this:
    <connectionStrings>
    </connectionStrings>

    Search the file for
    encryptedPassword=
    and change entries similar to
    encryptedPassword="AQAAANCM...W9b17"
    in
    encryptedPassword=""
    Do the same for the entries
    tlsCertificatePin="AQAAANCM...W9b17"
    and
    tlsCertificateThumbprint="AQAAANCM...W9b17"
    and
    password="AQAAANCM...W9b17"
    and
    privateKey="AQAAANCM...W9b17"
    Save the file.

 

  1. Install the SQL Server.
    Now install the SQL Server in the version you want starting with SQL Server 2008. Do not forget to install the administration tools, especially SQL Management Studio.
  2. a) Back up the database files and restore them to the target SQL Server.
    With the help of SQL Management Studio you first create a backup of the SQL database “NoSpamProxyAddressSynchronization” on the source server.
    Right-click on the database and select “Task / Backup”. A dialog opens.
    Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section.
    Then start the backup. Copy the resulting backup file to the target server and restore it.
    To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
    First select “Device” and add a new “File” in the dialog that appears. This file is the backup file that has just been copied. Now start the recovery.
    b) Move the database files to the new directory and mount them in the SQL server.
    The SQL database files are usually located in the path “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name that begins with NoSpamProxy.
    Copy both the NoSpamProxyAddressSynchronization.mdf and NoSpamProxyAddressSynchronization.ldf files to the target computer.
    Now move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server. Then open SQL Management Studio.
    After logging on to the server, right-click Databases and select Add (or Databases and Attach).
    In the following dialog, add the first database file from the desired directory.
    The associated log file is automatically recognized.
  3. Execute the NoSpamProxy Setup.
    Now start the setup of the NoSpamProxy. Be sure to select Advanced Installation.
    When prompted for which SQL Server is used, select that an SQL Server is already installed and set the appropriate connection parameters. The setup then recognizes all further configuration files and adapts them.
  4. Connect the Intranet role to the Gateway role.
    As soon as the setup has been completed successfully, reconnect the intranet role under Gateway Components to the gateway role and, if necessary, to the web portal.
    To do this, delete the existing connections, then restart the Intranet role and reconnect it.
  5. Then check all previously set passwords and certificates and reassign the connectors.
    With the conversion, the device-dependent encrypted passwords were deleted or can no longer be decrypted. This applies in particular to the password for protecting sensitive data, with which the private keys of S/MIME and PGP are protected.
    Set the old password again in the interface to restore access. The same applies to SSL certificates configured in the receive connector.
    Therefore, check all passwords and SSL certificates that were previously stored and reset them.
    In addition, the send and receive connectors must be reassigned to corresponding gateway roles.

Note

The gateway role and the web portal get all information from the intranet role. Therefore, they are simply reinstalled during an upcoming migration.

When integrating SwissSign as a certificate provider, consider the following:

Together with our colleagues from SwissSign we have created the following document, which lists all points to consider when integrating a Managed PKI from SwissSign into the NoSpamProxy.

This document will be updated if necessary.

FAQNetAtWork.pdf

 

This article describes how to configure a proxy server version 9.x or later of NoSpamProxy. The Cyren filter and antivirus also works on port 80, but it is configured separately:

Configuration CYREN Premium AntiVirus

Gateway Role

To enter the proxy, the file NetatworkMailGatewayGatewayRole.exe.config from the directory “..\Net at Work Mail Gateway\Gateway Role” must be edited. The following lines must be added.

Copy&Paste does not work because invisible control characters are also copied.

<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>

Adjust the IP address of your proxy server accordingly. The file should look similar to the following. However, please edit a copy of the original file!
Copy&Paste does not work because invisible control characters are also copied.

<?XML version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<gcServer enabled="true" />
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.Unity" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.1.505.0" newVersion="2.1.505.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.3.1.0" newVersion="4.3.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.2.0" newVersion="5.6.2.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>​​
</configuration>

If you want to define exceptions, add the following section directly above the line </defaultProxy>

<bypasslist>
<add address="[a-z]+\.contoso\.com$" />
<add address="192\.168\.\d{1,3}\.\d{1,3}" />
<add address="intranet.nospamproxy.de" />
</bypasslist>​

After you have modified the file, restart the Gateway Role.

Please note that the file may be overwritten with each patch/upgrade and the changes must be made again.

In order to be able to use the proxy for queries that are made directly via Windows components, such as a possible CRL check, you must store the proxy in the system. To do this, execute the following command as an administrator. This command adopts the proxy settings from Internet Explorer for the system components:

netsh winhttp import proxy source=ie

Intranet Role

If you want to assign a proxy to the Intranet role, this can be done in the same way as described above using the NetatworkMailGatewayIntranetRole.exe.config from the directory “..\Net at Work Mail Gateway\Intranet Role”. Please note that the Intranet Role requires direct communication with the Gateway Role. You should therefore define proxy exceptions for the Gateway Role(s).

Outlook add-in

If a Web Proxy with authentication is used on the client PC, it is possible that the NoSpamProxy Outlook add-in cannot upload files to the Web Portal from the client PC because the information from the system variables do not apply here. To make this information available to the add-in, however, you must perform the following steps:

    1. In the Microsoft Outlook installation directory, create a new file named “Outlook.exe.config” next to the “Outlook.exe” file.
    2. Enter the following information into this file and save it:
      <configuration>
      <system.net>
      <defaultProxy useDefaultCredentials="true" />
      </system.net>
      </configuration>
    3. Restart Outlook.

Find more information on the Microsoft Website.

You can use a custom SSL certificate to secure the management website of the disclaimer tool. To do this, the desired certificate with the private key must be stored in the certificate store of the computer account on the Intranet role under “Personal certificates”. In the training video for integrating your own TLS certificate, this is explained for the Gateway Role, among other things. However, the manual rights adjustment for the Intranet role is not necessary, this is accomplished by the Powershell shown below.

If the certificate is located in the certificate store on the Intranet Role, run Powershell with admin rights as local administrator. Then execute the following command:

Set-NspWebApiConfiguration -ShowCertificateSelectorUI

A window opens in which the available certificates are displayed. Select the desired certificate and confirm your selection. Now restart the Intranet Role. Your certificate is now active on the Disclaimer website.