blank

Upgrade to Version 13.2

,

Always follow the instructions in the installation manual and the general upgrade instructions here in the Knowledge Base.

​Before upgrading make sure that the .NET Framework version 4.7.2 or higher (we reommend .NET Framework version 4.8) is installed and that the SQL Server version is 2008 R2 (we recommend 2017 or later). All supported versions can be found here.

Important note for upgrade version 13.0 and later versions

Do not install this beta version in productive environments!

As of Version 13.2.20083.1640, a script for enhancing the address searching is included. This may cause the setup not to respond for a some time during database update. 

The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.

Upgrading from version 12.2 and earlier versions

Please install version 13.1.19330.1217 or higher before upgrading to version 13.2. You can download this version here.
Please also note all upgrade articles for older versions in our Knowledge Base under “Update Information”.

Upgrade NoSpamProxy

When upgrading from version 13.1 to version 13.2, all settings and user information are retained. Only the proxy settings and content adjustments of the template files (templates) must be saved as usual and reinstalled after the upgrade. This procedure is described under General update information.
For security reasons, please export existing DKIM keys from the console under “People and identities > DKIM Keys” BEFORE upgrading.

Additionally, please check the following points after the upgrade:

  • Content filter: As there have been changes to the file types (MIME Types), please check all content filters and their content filter entries
  • The reputation filter in the rule set has been extended in version 13.2 compared to version 13.1. This modification enables further, additional checks
    • Four additional checks on the HEADER-FROM
    • One additional check whether the transmission was secured with TLS
  • Starting with version 13.2, the incident to the Spam URI Realtime Blocklists is converted from an error to a warning
  • URL Safeguard: It is now possible to disable URLs
  • Cryptographic key provider: You can now also request certificates from the German National Research and Education Network (DFN)
  • Greylisting is now a policy violation
  • BATV addresses are now included in the license count
  • Calculation of the license values for the Encryption and Large Files modules has been changed. From now on inbound and outbound emails are considered. See License management in version 13 and higher.
  • Note: Discontinuation of the Office 365 client “Deutsche Azure Cloud”
    From version 13.2.20258.1435 a notification is displayed at the NoSpamProxy console start page that the client is no longer supported from version 14. All users who still have such a client active must not upgrade to version 14 until the migration on Microsoft side has been made. Further information is available here:

License type change

As of version 13.0 we have changed the integration of the license from license file to license key. This change is done automatically and no further action is required.
In case of problems, please refer to the Knowledge Base article How to install a new license.

Outlook Add-In

The upgrade of the gateway and the Web Portal necessarily requires an upgrade of the Outlook Add-In as well, otherwise communication with the Web Portal is no longer possible.

/by
blank

System requirements

Hardware

  • Communication via the SMTP protocol for inbound and outbound messages is allowed.
  • Moreover, NoSpamProxy Encryption also supports the receipt of messages via the POP3 protocol.
  • An own full-featured email server is available.
  • 4GB RAM main storage
  • 2 CPU cores (virtualised or physical)
  • The required hard drive space depends on the number of received emails and the deployed functions (NoSpamProxy Protection, NoSpamProxy Encryption, NoSpamProxy Large Files etc.) of NoSpamProxy. For support during the organisation, please contact our support team.
  • Port redirection or relay system is available. Instead of your former email server, NoSpamProxy accepts emails on port 25. If the email server and NoSpamProxy are installed on the same system, the former port of the email server must be redirected.

System and infrastructure

For the Gateway Role and the Intranet Role, you need an SQL server. You can either install the free SQL Server 2012 Express Edition during the installation or use an already existing SQL Server. NoSpamProxy supports SQL Server starting from version 2008 in Express, Standard or Enterprise Edition.

All components and roles and services of NoSpamProxy require the .NET Framework 4.7.2. It can be installed subsequently if it is selected during the installation of NoSpamProxy. The installation program provides you with a link to the required .NET-Framework setup.

If NoSpamProxy and Microsoft Exchange are installed on the same server, make sure that Exchange supports the respective version of the .NET Framework before installing or upgrading. The Exchange Server Supportability Matrix offers an overview of supported versions.

We recommend the deployment of Windows Server in the latest version. The minimum requirements are listed in the following:

NoSpamProxy Protection

Windows Server 2008 R2

NoSpamProxy Encryption

Windows Server 2008 R2

NoSpamProxy Large Files

Windows Server 2008 R2

Please ensure that the following requirements are met for the installation of the Gateway Role:

  • Working DNS resolution is available. DNS resolution is used by NoSpamProxy Protection for the realtime blacklists and spam URL blocklists. NoSpamProxy Encryption requires a DNS resolution for the verification of certificates (access to ‘Certificate Revocation Lists’ and ‘OCSP’).
  • HTTP and HTTPS as well as LDAP access to the Internet is possible. NoSpamProxy Protection requires these protocols for one of the realtime blocklists and the ‘Cyren AntiSpam’ filter. NoSpamProxy Encryption uses HTTP and HTTPS as well as LDAP for the verification of certificates (access to ‘Certificate Revocation Lists’ and ‘OCSP’).
  • If you use a firewall, the ports designated for NoSpamProxy must be opened (usually, this is port 25).
  • TCP connection via port 6060 and HTTPS connection via port 6061 from the client to the Gateway Role. These ports are required for initial connection establishment between Gateway Roles and the Intranet Role. After all Gateway Roles have been connected, the communication to them ensues via the Intranet Role only.
  • Optional: any file-based OnAccess virus scanner is installed.

Note: If you activate ports, please activate them on the Windows firewall as well as on your Perimeter firewall.

Please ensure that the following requirements are met for the installation of the Intranet Role:

  • TCP connection via port 6060 and HTTPS connection via port 6061 from the client to the Intranet
    Role is possible.
  • TCP connection via port 6060 and HTTPS connection via port 6061 from the Intranet Role to the
    Gateway Role is possible.
  • Optional: TCP connection to the domain controller via LDAP or Global Catalog is available.
  • Optional: TCP connection to the Web Portal via HTTPS is available.

Please ensure that the following requirements are met for the installation of the management console:

  • TCP connection via port 6060 and HTTPS connection via port 6061 from the client to the Intranet Role
  • Microsoft Report Viewer 2010. The package can be installed subsequently if selected during the installation of NoSpamProxy. The installation program provides you with the link to the required setup.

Outlook Add-In

For the installation of the Outlook add-in, you need the components listed below. These components are provided via the setup file. If you provide users with the Add-In via software distribution, please ensure that these components are installed as well.

  • Outlook 2010 with Service Pack 2
  • Visual Studio Tools for Office 2010 Runtime (VSTO) or later
  • .NET Framework 4.7.2.

Note: Make sure that all third-party applications you use that connect to NoSpamProxy are covered by the respective vendor support. If this is not the case, the NoSpamProxy support team cannot provide support.

Note: If NoSpamProxy and Microsoft Exchange are installed on the same server, make sure that Exchange supports the respective version of the .NET Framework before installing or upgrading. The Exchange Server Supportability Matrix offers an overview of supported versions.

Note: For further details on the installation of the Add-In, please refer to the manual Outlook Add-In installation and group policies (German). The installation via MSI file for software distribution is discussed there.

 

 

/by
blank

License management in version 13 and higher

New licensing procedure

In order to further prepare NoSpamProxy for hybrid and cloud deployment scenarios, version 13 and higher will no longer require the familiar import and regular replacement of the license file for maintenance extensions. Instead, all license information is made available in a secure database in a cloud service. NoSpamProxy installations access this cloud service at regular intervals. In this pull procedure, only information about the NoSpamProxy version used and the operating system is transmitted to the manufacturer.

With the conversion of the licensing procedure in preparation for NoSpamProxy version 13, we have introduced various improvements.

  • All licenses are managed in a central and secure database and are therefore always up-to-date.
  • When purchased via providers such as ALSO Cloud Marketplace, the monthly and user-specific purchase of NoSpamProxy can now also be automatically implemented without repeated sending and importing of new licenses.
  • Discrepancies between orders and issued licenses are immediately noticeable and can be clarified.
  • By sending the unique link to a license certificate that is always available online, no PDF file sent as an attachment can be lost.
  • The license certificate now also contains the customer’s current maintenance period – as desired by many partners.
  • The licensing of the Sandbox service is also evident in the certificate.
  • The familiar PDF file with the certificate can, for example, simply be generated by the standard “Print to PDF” printer on all Windows clients.

Calculation of license values

All values are measured over a period of 90 days, except the value for the Sandbox for which a period of 30 days is considered. All values are aggregated based on users, if possible. If an assignment to users is not possible, each email address is counted individually. The email addresses stored under “Configuration > Email routing > Corporate email servers” are also taken into account. This also applies to emails that are sent from an external source but are still sent with the company’s own email domain.

  • Protection module: Number of outbound emails
  • Encryption module: Number of addresses that signed and/or encrypted at least one email via S/MIME or PGP or sent PDF Mails
    Note: From version 13.2 on, incoming emails are also considered! This requires a separate inbound and outbound set of rules for users who are allowed to use Encryption.
  • Disclaimer module: Number of addresses with applied disclaimers on emails
  • Large Files module: Number of addresses for which attachments were processed by Large Files
    Note: From version 13.2 on, inbound emails are also considered! This requires a separate inbound and outbound set of rules for users who are allowed to use Large Files.
  • Sandbox: Number of addresses whose associated emails contained files that were uploaded to the Sandbox

On our GitHub page https://github.com/noSpamProxy/Reports/tree/master/Get-NspLicenseReport you will find a script that gives you an overview via Powershell. Alternatively you can use the included Powershell CmdLet PS> Get-NspFeatureUsage.

Procedure in case of licensing problems or sublicensing

Should licensing problems occur with individual customers of partners after the switch, these will be issued as a warning in the NoSpamProxy console and sent to the administrator via email. Several warning levels and sufficient reaction times are allowed for (several weeks) in order to clarify discrepancies. In no case will there be immediate functional restrictions or standstills in the processing of emails. The following causes could be the reason for reported license problems:

  • Since licensing is based on the number of actual users and NoSpamProxy can only recognise the number of different email addresses from which emails were sent, a high number of functional mailboxes can lead to the tolerance of 20% being exceeded. In this case, the customer must subsequently license through the reseller.

/by
blank

Upgrading to Version 13.0 and 13.1

Before upgrading, please make sure that the .NET Framework is installed in version 4.7.2 and that the SQL Server version matches at least2008 R2, better 2012 or later. All supported versions can be found here.

Important note for upgrade version 12.2 and later versions

As of upgrade version 12.2.18253.1152, a script for cleaning up the message tracking is included- This script deletes orphaned entries in the database. This may cause the setup not to respond for a some time. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.

If the Protection module is licensed, it is possible that the Cyren services do not work and no viruses and spam checks are performed after the update to version 13, although the NoSpamProxy license itself has been correctly validated. To correct this, in the NoSpamProxy Management Console go to Configuration/NoSpamProxy Components/Gateway Roles, select the gateway role(s) and click on Synchronize configuration.

Synchronize configuration

Upgrading from version 11.1, 12.0 or 12.1

Please install at least version 12.2.18253.1152 or higher before upgrading to version 13.0. Please also refer to all upgrade articles for older versions in our Knowledge Base under General update information.

Upgrading NoSpamProxy

When upgrading from version 12.2 to version 13.0, all settings and user information are retained. Only the proxy settings and content adjustments of the template files (templates) have to be saved as usual and reinstalled after the upgrade. For security reasons please export existing DKIM keys BEFORE the upgrade from the console under “People and Identities > DKIM Keys”.

In addition, please check the following points after the upgrade:

  • Content filter: Since there were some changes to the file types (MIME Types), please check all content filters.
  • The reputation filter in the rules has been extended and allows additional checks.
  • Since the actions for malware detection have been combined in one action, please check whether all desired checks are still active in the “Malware Scanner” action.
  • LAB features that were activated via the system variable before the upgrade may have to be reconfigured after the upgrade, as these have been included in the product as official features.
    • Cyren Sandbox
    • Content Disarm and Reconstruction (CDR) for PDF files (PDF-2-PDF)
    • The ICAP Filter  has been integrated into the Malware Scanner action
    • Advanced “Header-From” validation in the Reputation Filter
  • In a future version of NoSpamProxy,the “Direct Delivery” option for inbound send connectors will no longer be supported. We will inform you of this as of version 13 if you still have this delivery option activated.
    The following message will be displayed: Direct delivery of inbound emails is deprecated and will be removed in future versions. You should switch to queued delivery instead. This can be configured on the Email routing node. You can find more info on this in our Knowledge Base.Direct delivery deprecated
    To change this, refer to the article Switching to queued delivery in our Knowledge Base.
  • In version 13, the DKIM function has been enhanced. This adds a second key to existing DKIM keys during an upgrade. All further information can be found in the Knowledge Base article Using DKIM from version 13.
  • Extended Notifications can be activated/deactivated under “Configuration > User Notifications > Email Notifications”.

Modified license type

Starting with version 13.0, the license type has been changed from a license file to a license key. This change is performed automatically and no further action is required. Find more information in our Knowledge Base article How to install a new license.

Outlook Add-In

Gateway and Web Portal upgrades require an upgrade of the Outlook Add-In. Otherwise, communication with the Web Portal is not possible.

/by
blank

Currently supported software

, , ,

This article provides an overview of the versions currently covered by our support as well as information on general software requirements.

Please understand that in order to be eligible for support, you must have a contract in place.

General Requirements

It is not possible to operate NoSpamProxy in combination with Microsoft Exchange on a domain controller.

NoSpamProxy can be installed on a regular server in parallel with Exchange. However, this combination is not recommended, since duplicate port assignments often result in problems:

  • Port 6060/6061 TCP (internal communication between the roles of NoSpamProxy)
  • Port 25 (also used by Exchange)
  • Port 443 (required for the Web Portal but can be modified)

NoSpamProxy

  • Version 13
  • Version 12.2
  • Version 12.1
  • Version 12.0
  • Version 11.1

NoSpamProxy Outlook Add-in

  • Outlook 2010 and later
  • Outlook 2007 (supported until June 30, 2019)

Microsoft Operating Systems

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 / R2
  • Microsoft Windows Server 2008 R2 (no longer supported as of version 13.1)

Microsoft .NET Framework

  • .NET Framework 4.7.2, mandatory as of NoSpamProxy 12.2
  • .NET Framework 4.6.2, supported up to version 12.1
  • .NET Framework 4.5.7, supported up to version 11.1

Microsoft SQL

  • Microsoft SQL Server 2017 incl. Express Version
  • Microsoft SQL Server 2014 incl. Express Version
  • Microsoft SQL Server 2012 incl. Express Version
  • Microsoft SQL Server 2008 R2 incl. Express version (no longer supported as of version 13.1)

Microsoft Report Viewer

For the installation of the Intranet Role the following tools are required:

  • Microsoft Report Viewer 2010

Microsoft Visual Studio Tools for Office

For the installation of the Outlook Add-In the following tools are required:

  • Visual Studio Tools for Office 2010 Runtime or later

/by
blank

NoSpamProxy Software Archive

, , , , , ,

Here you can find all versions that are required to upgrade to the current version. When upgrading, be sure to follow the installation and upgrade instructions for the respective version, as you may need to make manual changes. Also note that changes that you must make when upgrading from version 7.6 to 8.0, for example, are also required for a direct upgrade from 7.6 to 8.5.

The current version is available under Software Download.

12.2 (Fast Channel)

12.1 (Fast Channel)

12.1 (Regular Channel)

12.0

11.1

11.0

10.1

9.2

8.5

/by
blank

General update information

,

General information concerning NospamProxy updates

Whenever you install an update of NoSpamProxy, you need to consider the following points, regardless of whether it is an update within a version or a larger version jump.

Proxy settings

The proxy settings are done in a configuration file. In the How Tos category you will find the article How to configure a web proxy for NoSpamProxy Version 9.2 or higher with the exact procedure. Unfortunately these settings are overwritten with each update and must be carried out again afterwards. Therefore, copy the corresponding configuration files into a backup directory in advance in order to be able to use them again afterwards.

IMPORTANT: For updates within e.g. 10.1 or 10.0 the files can be used 1:1. For updates from 9.x to 10.x, the changes must be made on the basis of the new files. Please refer to the above mentioned article.

Template adaptations

If you update from NoSpamProxy 10.x or earlier to a newer version, you still have to save the template files of NoSpamProxy manually. The articles on customising the Web Portal theme and the notification theme describe how to customise each file. These are overwritten for version 10.x with each update and must be saved in advance. After the update, copy the files back to the original directory. With version 11.x a template designer is integrated in NoSpamProxy. From this point on, this step is no longer necessary, unless you have adapted the texts in the templates.

Please note: For updates within e.g. 10.1 or 10.0 the files can be used 1:1. For updates from 9.x to 10.x, the changes must be made on the basis of the new files. Please refer to the above mentioned articles.

Web Portal

If the Web Portal was installed on a server without the Gateway Role, the configuration link https://<server-url>/enqsig/admin/configurecyren must be called again after the update. The NoSpamProxy CYREN Service service must then be restarted on the Web Portal.

/by
blank

Upgrade recommendations

,

Recommendations regarding upgrade paths

In practice, it is often the case that one or more versions of NoSpamProxy are skipped and the question arises whether an upgrade or even a new installation to the current version makes sense. This article is intended to help you make the right decision based on the experience of our support team and to help you avoid future problems.

Please note that this article does not deal in detail with the individual upgrade steps, for information on this you can find further articles and installation and upgrade instructions in our Knowledge Base under “Update Information”.

General information about 32-bit Windows installations

Since newer versions of NoSpamProxy from version 10 do not support 32-bit Windows installations, these systems must first be migrated to a 64-bit Windows from Windows 2008 R2 or later if an upgrade to the current version is still desired. Windows 2008 SP2 is not sufficient, because this system has some limitations, which stand in the way of an effective operation.

Upgrading from versions older than 7.6

An upgrade from versions older than 7.6 is rarely useful. An upgrade also carries the risk that database errors have crept in, which will lead to problems in later operation. A completely new installation on a new system is recommended. The configuration wizard helps you to create a new set of rules, which you can supplement with a white and black list and other special rules that are still needed. In practice, the new Level of Trust system is formed so quickly that no increase in the false positive rate must be expected.

Upgrading from versions 7.6 to 7.8

If there are no major changes to the rules or if not too many certificates (>200 currently active) are used in the NoSpamProxy encryption component (formerly enQsig), a complete reinstallation is recommended.

If you decide to upgrade, please upgrade to version 8.5 first and then run the article “Error 4503, 5372 or 1213 in the Event Viewer after update to version 7.8 or newer”. You can then upgrade to version 9.2, from which you can seamlessly jump to version 10. Please note the installation and upgrade notes of version 10 and the changes since version 9.0!

Upgrading from version 8.0 to 8.5

Again, a complete reinstall is usually the better choice.

If you have updated from version 7.x to this version and haven’t yet performed the instructions given in the article “Error 4503, 5372 or 1213 in the Event Viewer after update to version 7.8 or newer”, it is recommended to perform this preventive once before upgrading to version 9.2. Please note that you cannot upgrade directly from version 8.0 to version 9.2, but must first perform the 8.5 step. In this case, if you have not already done so, you should carry out the above article after upgrading to 8.5.

Upgrading from version 9.0 to 9.2

Please follow the installation and upgrade instructions for version 10! A few things have changed that require manual intervention or documentation of the previous settings (e.g. for the action “Manage attachments”). Since a direct upgrade to version 11 is not possible, you have to take the intermediate step via the 10.1 offered below. If you are not using 9.2, the system must be upgraded to 9.2 first.

Upgrade from version 10.0

Please pay attention to the installation and upgrade instructions of version 10! There have been some changes which require manual intervention or documentation of the previous settings (e.g. for the action “Manage attachments”). From version 11.0 you need at least SQL Server 2008 R2 Express. Please update it before upgrading.

Upgrading from version 11.1

Before updating, you should make sure that .NET Framework version 4.6.2 is installed and that the SQL Server version is at least 2008 R2.

Required legacy versions for an upgrade

In the Knowledge Base article NoSpamProxy Software Archive you can find all required legacy versions for an upgrade to the current version, should you choose to do so. Please follow the installation and upgrade instructions of the respective old version, as manual intervention may be necessary. If you upgrade from version 7.6 to 8.0, for example, you will also have to make changes if you decide to upgrade from 7.6 to 8.5.

/by