Installing NoSpamProxy on a Cloud Service
Note: As part of changes in the infrastructure, new IP addresses and a new FQDN come into effect. This article has been extended so that you can continue to use the TCP Proxy for NoSpamProxy. Make sure that you make all necessary changes.
With some cloud-based systems, for instance in Microsoft Azure, it is possible that port 25 outbound is blocked by the provider. However, port 25 is needed to send emails, which prevents NoSpamProxy from running on such a system.
For this purpose, we offer an alternative to use such systems in form of our TCP proxy. This system can be activated in NoSpamProxy in the way described below. In doing so, every outbound connection to a routable IPv4 address on TCP level is routed through the TCP Proxy for NoSpamProxy. The emails are then sent from the server to the TCP proxy via port 443 and then routed from there to the recipient system via port 25.
How to integrate the TCP proxy
- Stop the Gateway Role service via the NoSpamProxy Management Console or the Windows services.
- As administrator, open a text editor on the system on which the Gateway Role is installed.
- Open the configuration file Gateway Role.config from the directory C:\ProgramData\Net at Work Mail Gateway\Configuration\.
- In the file, search for
<smtpServicePointConfiguration
and change/add the valuesisProxyTunnelEnabled="true" proxyTunnelAddress="proxy.nospamproxy.com
as attributes. Alternatively, if<smtpServicePointConfiguration
cannot be found, search for<netatwork.nospamproxy.proxyconfiguration
and add the following line directly below this value:<smtpServicePointConfiguration isProxyTunnelEnabled="true" proxyTunnelAddress="proxy.nospamproxy.com" />
. - Save the file and close the editor.
- Place the Root CA certificate in the Microsoft certificate store in the computer account under Trusted Root Certification Authorities > Certificates on the server on which the Gateway Role is installed.
- In the NoSpamProxy Management Console, under Configuration > NoSpamProxy Components > Gateway Roles, edit the corresponding Gateway Role and change the value for SMTP Server Name to the value
outboundproxy.nospamproxy.com
. - Start the Gateway Role service.
- Open the Gateway Role.config file and check that the value has been retained.
Adjusting the SPF entry
- If the TCP proxy is implemented, it acts as the sending system. Therefore, the TCP proxy must also be included in your SPF entry. We strongly recommend adding the following entry to your SPF entry:
include:_spf.proxy.nospamproxy.com
Importing the Root CA Certificate
- Download the above certificate and import it to the system with the NoSpamProxy Gateway Role as “Trusted Root Certificate” in the Microsoft Certificate Management of the computer account.
Changing the SMTP server name in the properties of the Gateway Role
- In the NoSpamProxy Management Console, go to Configuration > NoSpamProxy Components.
- Under Gateway Roles, edit all Gateway Roles that are operated in Microsoft Azure as follows:
- Double-click the corresponding entry for the Gateway Role.
- Under SMTP Server Name, enter the value outboundproxy.nospamproxy.com.
- Click Save and close.
(Optional) Customise Office 365
If you send emails from Azure to your own Office 365 instance where a connector is bound to the IP addresses, please update the IP addresses to match the name outboundproxy.nospamproxy.com. Since with Office 365 the TLS certificates are checked against the HELO domain, it is only possible to implement this accordingly with significantly increased effort. We therefore recommend validation based on the name.