blank

On our download page we offer you different versions of NoSpamProxy. These versions differ – even within one release cycle – due to different test strategies.

Regular channel

The versions in the regular channel usually include new functions in addition to bug fixes. Since all functions are extensively tested, these versions have a longer throughput time in quality assurance. In addition, these versions are deployed as productive installations to selected users about four weeks before release.

Fast channel

These versions contain only bug fixes, which is why the throughput time in quality assurance is shorter. The tests are limited to the basic functions including installation and update. In addition, the functions that have received an error correction are tested. After the quality assurance tests, these versions also run as productive installations for about two weeks before being released to selected users.

Beta versions

These versions are deployed before a release and contain new or changed features. The deployment phase is announced via our blog, where all partners and end users have the opportunity to register for such a version.

Beta versions may not be used in productive environments!

Other versions

For individual customers, we release versions at irregular intervals that are specially tailored to them. These versions are not released publicly, but are only distributed to the respective customers.

These versions also go through quality assurance.

blank

This article provides an overview of the minimum requirements that must be met in order to run NoSpamProxy.

Note: In order for you to receive support services,

  • the listed requirements must be fulfilled and
  • a corresponding manufacturer support contract must be in effect.

We do not guarantee the completeness of the following information on third-party products. In any case, make sure to check the manufacturer’s pages for updates!

General requirements

  • A corporate email server, either in the company network or in the cloud.
  • NoSpamProxy can NOT be operated using the combination “Domain Controller + Exchange + NoSpamProxy” on one single system, because the operation of Exchange on a domain controller is prohibited. See Exchange Server Supportability Matrix.
  • NoSpamProxy can be installed on a system in parallel with the email server. However, this combination is not recommended, because of duplicate port assignments (mostly ports 25, 443 and 6060/6061), which can cause problems during operation. We recommend to always change the ports of the email server in case of parallel operation, so that NoSpamProxy can be reached from outside via the standard ports.

NoSpamProxy uses the following standard ports:

  • Port 6060/6061 TCP
    • internal communication between the Intranet Role and the Gateway Roles
  • Port 25 TCP
    • SMTP
    • inbound and outbound
    • modifyable
    • also used by Exchange during parallel operation
  • Port 443 TCP
    • SSL
    • internal and external communication with the Web Portal
    • modifyable
  • Port 465 TCP
    • POP3
    • to retrieve POP3 messages
    • no support for NoSpamProxy Protection

Hardware requirements

The following specifications are minimum requirements. The recommended configuration depends on the email volume and the use of individual NoSpamProxy functions.

  • 4GB RAM
  • 2 processor cores
    • virtualized or physical
  • Hard disk space
    • should be discussed individually with the support or presales team
    • If Intranet and Gateway Role are operated on one single system with no Web Portal present, 100GB should be sufficient.

Supported NoSpamProxy versions

The following versions are currently covered by our support:

  • Version 13.2
  • Version 13.1
  • Version 13.0
  • Version 12.2
  • Version 12.1 (no longer supported with release of version 14)
  • Version 12.0 (no longer supported with release of version 14)
  • Version 11.1 (no longer supported with release of version 14)

NoSpamProxy Outlook Add-In

  • Outlook 2010 and later

Microsoft Operating Systems

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012 (no longer supported with version 14)
  • Microsoft Windows Server 2008 R2 (no longer supported with version 14)

Microsoft .NET Framework

  • .NET Framework 4.8, supported as of NoSpamProxy version 13, mandatory as of version 14
  • .NET Framework 4.7.2, mandatory supported from NoSpamProxy 12.2 onwards
  • .NET Framework 4.6.2, supported up to version 12.1 and older
  • .NET Framework 4.5.7, supported up to version 11.1 and older

Microsoft SQL Server Express Version

  • Microsoft SQL Server 2019 Express Version (supported for Windows Server 2016 and above)
  • Microsoft SQL Server 2017 Express Version (supported for Windows Server 2012 R2 and Windows Server 2016)
  • Microsoft SQL Server 2014 Express Version (no longer supported with version 14)
  • Microsoft SQL Server 2012 Express Version (no longer supported with version 14)
  • Microsoft SQL Server 2008 R2 Express Version (no longer supported with version 14)

For details on supported combinations, please refer to the official Microsoft pages for each product.

Microsoft SQL-Server Standard/Enterprise

  • Microsoft SQL-Server 2012 SP4 and later
  • Microsoft SQL-Server 2012 SP3 and older (no longer supported with version 14)

Microsoft Report Viewer

Microsoft Report Viewer 2010 is required to install the Intranet Role.

Microsoft Visual Studio Tools for Office

Visual Studio Tools for Office 2010 Runtime or higher is required to install the Outlook Add-In.

Further notes

  • Make sure that any third-party applications you use that connect to NoSpamProxy are covered by their respective manufacturer’s support. If this is not the case, the NoSpamProxy support team will not be able to provide support.
  • Make sure that the necessary exceptions are set in the local Windows Defender (and other AV scanners used) to allow NoSpamProxy to run smoothly.
  • If you have installed NoSpamProxy and Microsoft Exchange on the same server, make sure that the respective version of the framework is supported by Exchange before installing or updating the Microsoft .NET framework. An overview of supported versions is provided in the Exchange Server Supportability Matrix.
  • Further details about the installation of the add-in can be found in the Outlook Add-In Installation and Group Policy manual. There, the installation with the MSI file for software distributions is also addressed.

blank

The Cyren IP Reputation filter is available if NoSpamProxy Protection is licensed. This filter performs the check of the IP address of the sending system, classifies it according to the classification received from Cyren and assigns corresponding SCL points:

  • No known risk (0 SCL points)
  • Medium risk (1 SCL points)
  • High risk (3 SCL points)

Depending on the setting of the evaluation criteria and additional classifications of the other filters in the applied rule, an IP address can thus lead to the rejection of the emails. This rejection can already take place during the envelope phase, so that further information – for example, the subject – is no longer transmitted.

NoSpamProxy has no influence on these evaluations. However, every affected sender can have their IP address and its classification checked and adjusted via the Cyren support page.

Further information

 

blank

The Cyren Premium AntiVirus scanner is part of the Malware Scanner action and can be used if NoSpamProxy Protection is licensed. Cyren Premium AntiVirus checks attachments that are attached to an email. In doing so, it carries out two basic checks:

  • Local checks against definitions
    • The definitions are regularly downloaded from the Cyren servers. In case of access problems to the Cyren servers, the definitions must not be older than two days.
    • During the check, the attachment is placed in the directory C:\ProgramData\Net at Work Mail Gateway\Cyren\Temp, checked and deleted again.
  • Live checks – Zero Hour Protection
    • Check for conspicuous attachments in the recent past. A hash value is generated and sent to Cyren, which then sends a response with the corresponding classification by Cyren.

Unlike with the Cyren AntiSpam filter, the NoSpamProxy support has no way of influencing this behaviour in the case of a misclassification.
In the case of misclassifications – i.e. false positives or false negatives – the sender or the recipient of the email must always contact Cyren and have this corrected accordingly.

A description of the process can be found on the respective Cyren support page.

In case of local problems or missing definitions, please refer to the Knowledge Base article Cyren Engines – Troubleshooting

Note

To ensure parallel operation with other locally installed virus scanners on the gateway role, please refer to the Knowledge Base article How to configure on-access virus scanners and define the exceptions as described!

Further information

Info Icon

It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers. This article shows you ways to test the communication and function.

Details about the three Cyren engines in NoSpamProxy

NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.

Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctasd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctasd.conf
  • Service name: NetatworkMailGatewayCyrenService
  • Service display name: NoSpamProxy – CYREN Service
  • Definitions folder: C:\ProgramData\Net at Work Mail Gateway\Cyren\Definitions
  • Definitions files: aivsecon-v2.def, antivir-v2.def, antivir-v2.ini, antivir-v2-hit.ini
    • these four files should always be in the directory
    • The file “antivir-v2-hit.ini” should never be older than 2 hours
    • To re-update,restart the service
  • External access: resolver1.netat.ctmail.com, resolver [2…5] .netat.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren IP Reputation (ctipd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctipd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctipd.conf
  • Service Name: NetatworkMailGatewayCyrenIpReputationService
  • Service Display Name: NoSpamProxy – CYREN IP Reputation Service
  • External access: Iprep1.t.ctmail.com,Iprep[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren URL Categorization (ctwsd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctwsd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctwsd.conf
  • Service Name: NetatworkMailGatewayCyrenUrlService
  • Service Display Name: NoSpamProxy – CYREN URL Categorization Service
  • External access: webres1.t.ctmail.com,webres[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Note: All paths are the default paths and may differ from your installation.

Troubleshooting

In the following section you will find a small checklist, which you should always check before the first request to the support

  • Is the necessary module licensed in NoSpamProxy? If not, you don’t need the services and can disable them on the system in the Windows services.
  • Has the Knowledge Base article How to configure on-access virus scanners been applied to all systems with the appropriate services?
  • Is a web proxy required for Internet communication in your company and is it registered according to the knowledge base article How to configure CYREN services?
    • This must be checked and re-entered after each NoSpamProxy Update/Upgrade.
    • Always edit the newly created file, never overwrite it with an old version of the file.
  • Is it possible to communicate with and/or without web proxy to all mentioned external systems of Cyren?
  • Are there any exceptions on the firewall to access all sub-domains from ctmail.com? These connections must not be used for virus scanning, content filtering, or other checks!
  • Are there any error messages when the services are running interactively via the command prompt (CMD)? To run interactively, please follow these steps aus and attach a screenshot of the request’s communication to support.
    1. Stop each service from Microsoft Windows services.
    2. Open a prompt with administrator privileges.
    3. Run the command for the service, to be tested. Use the path to the corresponding executable if you do not have NoSpamProxy installed in the default directory
      • Ctasd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
      • Ctipd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
      • Ctwsd
        CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
    4. Copy the output or take a screenshot of the output.

If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.

information thumbnail social media

Configuring the CYREN Services for use with a Web Proxy

This article describes how to configure a proxy server for the CYREN services with the Protection module in all NoSpamProxy versions from version 9.2 onwards. To do this you have to download the files

  • ctasd.conf
  • ctipd.conf (additionally available from version 12.x)
  • ctwsd.conf (additionally available as of version 13.x)

from the directory “C:\ProgramData\Net at Work Mail Gateway\CYREN\”.

The following section is responsible for this:

#   If you connect to the Internet through a proxy server, you
#   should uncomment the following parameters and assign appropriate
#   values.
#ProxyPort = 80
#ProxyServerAddress = myproxy
#ProxyAuth = NoAuth
#ProxyUserName = user@proxy
#ProxyPassword = 1234
#ProxyAccess = 1

If you are using a proxy server without authentication, remove the # character before the lines “ProxyPort”, “ProxyServerAddress”, “ProxyAuth” and “ProxyAccess”. Enter the corresponding port of your proxy server in ” ProxyPort”. Behind the entry “ProxyServerAddress” you configure either the IP address or the FQDN of your proxy server. For “ProxyAuth” leave the entry at “NoAuth”.

If you are using a proxy server with authentication, you must additionally configure the options “ProxyUserName” and “ProxyPassword”. Enter the corresponding logon information for “ProxyUserName” and “ProxyPassword”. Additionally, you must change the value “ProxyAuth” to “Basic”.

After you have saved the file, you must restart the services NoSpamProxy – CYREN Service (ctasd.conf), NoSpamProxy – CYREN IP Reputation Service (ctipd.conf) and NoSpamProxy – CYREN URL Categorization Service (ctwsd.conf) in order for the changes to take effect.

Note

In order for all Cyren services to function properly, unrestricted access to *.ctmail.com must be given. Also a virus scan on these connections must not be done, because the definitions for the Cyren Premium AntiVirus are downloaded there as well!

blank

To set a reverse DNS entry (RDNS entry) in Microsoft Azure, do the following:

  1. Open portal.azure.com.
  2. Go to Dashboard > Resource groups > [YourVirtualComputer] > Configuration.
  3. Enter a name for the public IP address.
    DNS-Namensbezeichnung
  4. Open Azure Shell.
    Oeffnen der Azure Shell
  5. Enter the following command:
    az network public-ip update –[NameOfTheResourceGroupWhereTheComputerIsLocated] –[NameOfTheResourceGroupThatCorrespondsToThePublicIP] –[MXName, for example mail.netatwork.de] –[TheDNSName].

 

blank

In most cases, the support team needs files to analyze a problem. This article describes how to simplify and speed up the analysis of problems.

The following information can be collected in advance and made directly available to support:

  • The NoSpamProxy version installed
    Th version number can be found on the start page of the console on the right side of the screen.
    blank
  • Description of the problem
    Brief description of the problem and how it manifests itself. The following information is useful for analysis (if available):

      • Warnings and/or errors that occurred at the time of the problem and was displayed in the NoSpamProxy console under Monitoring > Event Viewer.
      • Message Tracking Details (Message Track)
        If there are delivery problems, these can be exported as follows:
      1. Go to Monitoring > Message tracking.
      2. Double-click the relevant entry.
      3. On the bottom-left of the new window, click Export message track.
      4. Save the JSON file.
  • Information from Monitoring > Email queues and/or Monitoring > Emails on hold in the NoSpamProxy console.
  • Other information and/or screenshots describing the problem.
  • For unrecognized emails that clearly contain spam or viruses, please refer to the Knowledge Base article Recognition of emails by the Cyren AntiSpam filter

Email delivery issues

In most cases, the above information is sufficient to identify the reason for delivery problems. In individual cases, however, it is necessary to create a log file of the communication. To do this, the problem must be reproducible.

Please note: Logging should not be permanently activated, since log files are only written, but not automatically deleted. This must be monitored by the administrator himself.

To create a log file, proceed as follows:

  1. Go to  Troubleshooting > Log settings.
  2. Select a gateway role and click Modify.
  3. On the tab Log settings, enable logging, specify the location of the log file and activate the following protocols:
    • AntiSpam service
    • Mailvalidation
    • DNS Service
    • Proxy System
      blank
  4. Repeat step 3 for each gateway role if multiple gateway roles are licensed and active.
  5. Replicate the problem.
  6. Wait 5 minutes until you go to step 7.
  7. Undo steps 3 and 4 (disable logging).
  8. Collect the generated log files from the location of the log file from the gateway roles (ideally compress as a ZIP file) and make them available to support at ticket creation or after opening.