To set a reverse DNS entry (RDNS entry) in Microsoft Azure, do the following:

  1. Open portal.azure.com.
  2. Go to Dashboard > Resource groups > [YourVirtualComputer] > Configuration.
  3. Enter a name for the public IP address.
    DNS-Namensbezeichnung
  4. Open Azure Shell.
    Oeffnen der Azure Shell
  5. Enter the following command:
    az network public-ip update –[NameOfTheResourceGroupWhereTheComputerIsLocated] –[NameOfTheResourceGroupThatCorrespondsToThePublicIP] –[MXName, for example mail.netatwork.de] –[TheDNSName].

 

In most cases, the support team needs files to analyze a problem. This article describes how to simplify and speed up the analysis of problems.

The following information can be collected in advance and made directly available to support:

  • The NoSpamProxy version installed
    Th version number can be found on the start page of the console on the right side of the screen.
  • Description of the problem
    Brief description of the problem and how it manifests itself. The following information is useful for analysis (if available):

      • Warnings and/or errors that occurred at the time of the problem and was displayed in the NoSpamProxy console under Monitoring > Event Viewer.
      • Message Tracking Details (Message Track)
        If there are delivery problems, these can be exported as follows:
      1. Go to Monitoring > Message tracking.
      2. Double-click the relevant entry.
      3. On the bottom-left of the new window, click Export message track.
      4. Save the JSON file.
  • Information from Monitoring > Email queues and/or Monitoring > Emails on hold in the NoSpamProxy console.
  • Other information and/or screenshots describing the problem.
  • For unrecognized emails that clearly contain spam or viruses, please refer to the Knowledge Base article Recognition of emails by the Cyren AntiSpam filter

Email delivery issues

In most cases, the above information is sufficient to identify the reason for delivery problems. In individual cases, however, it is necessary to create a log file of the communication. To do this, the problem must be reproducible.

Please note: Logging should not be permanently activated, since log files are only written, but not automatically deleted. This must be monitored by the administrator himself.

To create a log file, proceed as follows:

  1. Go to  Troubleshooting > Log settings.
  2. Select a gateway role and click Modify.
  3. On the tab Log settings, enable logging, specify the location of the log file and activate the following protocols:
    • AntiSpam service
    • Mailvalidation
    • DNS Service
    • Proxy System
  4. Repeat step 3 for each gateway role if multiple gateway roles are licensed and active.
  5. Replicate the problem.
  6. Wait 5 minutes until you go to step 7.
  7. Undo steps 3 and 4 (disable logging).
  8. Collect the generated log files from the location of the log file from the gateway roles (ideally compress as a ZIP file) and make them available to support at ticket creation or after opening.

In NoSpamProxy it is possible to request and revoke certificates via a managed PKI of an external certificate provider. In addition, certificates can be promoted to a domain certificate – also called gateway certificate – for your own domains or for partner domains. With a domain certificate, all emails are encrypted/decrypted or signed, depending on the certificate and direction, if there is no separate certificate for the recipient/sender.

Requirements:

  • The Encryption module is licensed.
  • Certificate provider is set up (for requesting and revoking).
  • Certificate can be used by the entire company (upgrade for certificate).

Request certificates (manually via user)

  1. Go to People and identities > Domains and users > Corporate users.
  2. Highlight the contact.
  3. Click Request cryptographic keys for selected users and follow the instructions in the dialog.

 

Request certificates (automatically via a user group)

  1. Go to People and identities > Domains and users > Corporate users.
  2. Click Automatic user import.
  3. Highlight the relevant Active Directory import and click Modify.
  4. On the Groups tab, highlight the Active Directory group and klick Add.
  5. In the dialog Automatic key request, select the relevant provider and confirm.

Each time an Active Directory import (scheduled or manual) is performed, the system checks whether a new certificate is required for a user in the group.

 

Revoking certificates

  1. Go to People and identities > domains and users > Corporate users.
  2. Highlight the contact and click Modify.
  3. On the Email addresses tab, select the email address with the certificate and click Modify.
  4. On the Certificates tab, select the certificate to be revoked.
  5. Click Revoke.
  6. Follow the indstructions from the dialog.

The following two descriptions lead to one certificate being used for an entire company.

Please note: The other end must always support this and allow the certificate to be used for it. If you have any questions about the certificate, please contact the issuing authority.

 

Promoting certificates for a partner domain 

  1. Go to People and identities > Partners.
  2. Select the partner domain and click Modify.
  3. On the User entries tab, select the user with the domain certificate and click Modify.
  4. On the Certificates tab, select the certificate to be promoted and click Promote to domain certificates.
  5. Follow the instructions from the dialog.

Please note: The certificate is no longer available in the user entry, but on the Domain entry tab under End-to-end encryption > Modify on the Certificates tab.

 

Promoting certificates for owned domains

  1. Go to People and identities > Domains and users > Corporate users.
  2. Highlight the contact and click Modify.
  3. On the Email Addresses tab, select the email address with the certificate and click Modify.
  4. On the Certificates tab, select the certificate to be promoted.
  5. Click Promote to domain certificates.
  6. Follow the instructions from the dialog.

Please note: The certificate is no longer available in the contact, but under Owned domains in the relevant domain on the Certificates tab.

It is possible that in cloud-based systems – for example in Microsoft Azure – port 25 is blocked by the provider. However, port 25 is required to send emails, which prevents the operation of NoSpamProxy on such a system. We offer an alternative to use such systems anyway: our “TCP Proxy”. This system can be activated in NoSpamProxy as described below. Then the emails are sent from the server via port 443 to the TCP Proxy and from there via port 25 to the recipient system.

General information on using the TCP proxy

  • If the TCP proxy is implemented, it appears as the sending system. Therefore, the TCP proxy must also be included in your SPF record using a:proxy.nospamproxy.de
  • You must download the certificate mentioned below and import it into the Microsoft certificate management system of the computer account on the system with the NoSpamProxy gateway role as a “Trusted Root Certificate”.

Integrating the TCP Proxy

  1. Stop the service of the gateway role via the NoSpamProxy console or the Windows services.
  2. Open as administrator a text editor on the system on which the gateway role is installed..
  3. Open the configuration file “Gateway Role.config” from the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\”.
  4. Look for <smtpServicePointConfiguration in the file. If you cannot find <smtpServicePointConfiguration, alternatively search for <netatwork.nospamproxy.proxyconfiguration and add the following line directly below: <smtpServicePointConfiguration isProxyTunnelEnabled="true" />
  5. Save the file and close the editor.
  6. Place the root CA certificate in the Microsoft certificate store in the computer account under “Trusted Root Certification Authorities > Certificates” on the server where the gateway role is located.
  7. Edit the corresponding gateway role in the NoSpamProxy console under “Configuration > NoSpamProxy components > Gateway roles” and change the value for “SMTP server name” to the “proxy.nospamproxy.de”.
  8. Start the gateway role service again.
  9. Open the file “Gateway Role.config” again and check whether the value was retained at startup.

It is common that not only the user who originally performed the installation needs to perform updates, but also other administrator accounts. To do this, it is necessary to set up the appropriate permissions for these additional users. The corresponding steps are described below:

  1. Notes
      • All steps apply to all roles of NoSpamProxy; they differ only in the database names.
        • Database Intranet Role: NoSpamProxyAddressSynchronization
        • Database Gateway Role: NoSpamProxyDB
        • Database Web Portal: enQsigPortal
      • Users and user groups (local or in the domain) can be registered.
    • Log on with the user with which the installation was performed.
  2. Install the SQL Management Studio.
  3. Open SQL Management Studio and log on to the local instance  that contains the NoSpamProxy database(s), using Windows authentication.
  4. Expand the Security folder and the Logins folder.
  5. Right-click on the “Logins” folder and select “New Login” from the context menu.
  6. Under “General”, select the user to be added, but keep the “Windows Authentication” item.
    Database Rights - General
  7. Under “Server Roles” tick the checkbox for “sysadmin”.
    Database Rights - Server Roles
  8. Under “User Mapping”, check the corresponding database and additionally activate the role “db_owner”.
    Database Rights - User Mapping
  9. All other settings are optional.
  10. Save the new login and close SQL Management Studio.

To verify access, log on to the system with the added user, open SQL Management Studio, and check whether you can view the database tables. If this works, access is set up.

This article describes how you can customize the templates for the design of the system emails of NoSpamProxy (including the PDF mails) starting with NoSpamProxy 11.x so that different designs are used based on the sender domain. NoSpamProxy uses the template engine for .NET “Razor” as basis for the dynamic change.

The CSHTML files to be edited are located in the directory %Program Files%\Net at Work Mail Gateway\Intranet Role\Templates. After the change, the files are automatically replicated to all connected gateway roles.

IMPORTANT
You need at least rudimentary HTML knowledge in order to make the adjustments.

Adaptation of the template files

You are welcome to request prefabricated sample files with different designs from NoSpamProxy Support. This file can only be used as of NoSpamProxy 11.0. In this example two different designs are used for the sender domains netatwork.de and nospamproxy.de. You can extend or reduce the number of domains at any time.

After downloading, unpack the ZIP file into a temporary folder. It contains the following files:

  • CommonMailTemplate.cshtml
  • CommonMailTemplateNaw.cshtml
  • CommonMailTemplateNsp.cshtml
  • ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml
  • ConvertMailContentToPdfAttachmentActionTeaser.cshtml
  • EncryptedMailNotificationTemplate.cshtml

Start with the files that begin with “CommonMailTemplate”. Here you determine the appearance of all emails that are required for the PDF Mail. Make sure that you store the standard design in the CommonMailTemplate.cshtml. Customize the style sheets in the respective files according to your needs. The corresponding logos will also be included in these files. In later live operation, the logo files with the correct name must also be available in the Templates folder.

Then adjust the file “ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml”. This file determines the layout of the PDF file as such. In contrast to the CommonMail template files, you only need one file here to define the exceptions. The adjustments take place in the upper part. An example for three different designs is included. What is important is that you specify the design for the different domains. If NoSpamProxy does not find the corresponding sender domain during live operation, it uses the default design, which you can define with the template editor in the admin GUI.

When all files are adjusted, copy all CSHTML files into the Templates folder of your program version. Make a backup of all contained files beforehand!
Please note that the files will be overwritten when patching or upgrading. After a version upgrade, please do not copy the older, modified files over the newer ones, but modify them again. Otherwise there is a risk that new, necessary information will be missing in the template files.

Overview of available template files

The following list provides an overview of the function of the individual files:

ApplySymmetricEncryptionPasswordNotice.cshtml

If a user sends an email as PDF Mail, he will receive a notification of the password used, or information that the password was sent to the recipient by SMS or that the creation of the PDF Mail failed. The text of the respective notification is in this file. The appearance regarding colors and logo is defined via the CommonMailTemplate.

AttachmentManager.cshtml

If a file is removed from an email using the content filter rules, the recipient receives information about it. The attachment can either be removed and deleted, it can be uploaded to the Web Portal, and it can be uploaded to the Web Portal and assigned an admin share. A separate text is available for each of the three actions, which can be edited in this file. The appearance regarding colors and logo is defined via the CommonMailTemplate.

AttachmentManagerNotificationForBlockedAttachmentsModel.cshtml

If emails with certain file attachments are rejected via the content filter rules, the sender receives information about the rejection. The content of this message can be defined in this file. The appearance regarding colors and logo is defined via the CommonMailTemplate.

AttachmentQuarantine.cshtml

If a file is moved to the Web Portal using the content filter rules and assigned an admin share, the administrator receives an info mail about it. The content of this email is defined in this file. The appearance with regard to colors and logo is determined via the CommonMail template.

AttachmentQuarantineApproval.cshtml

If a file is moved to the Web Portal using the content filter rules, assigned an admin release, and then released by the administrator, the actual recipient of the file receives information about the release. The content of this email is defined in this file. The appearance with regard to colors and logo is determined by the CommonMail template.

CommonMailTemplate.cshtml

This file defines the general appearance of notifications. Here, for example, the colors and the logos to be used are stored as HTML tags. All other files except the “ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml” contain only the text modules.

ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml

The appearance of the PDF file is defined in this file. Colors and logos must be defined here again.

ConvertMailContentToPdfAttachmentActionTeaser.cshtml

This file contains the text for the carrier email of the PDF file. The recipient of a PDF Mail is informed that the actual content of the email is in the attached PDF document. The appearance is defined via the CommonMailTemplate.

ConvertOfficeDocumentToPdfPreface.cshtml

With the “ConvertOfficeDocumentToPDF” action, it is possible to convert Office documents to PDF to provide the recipient with a preview without active content. Information is placed in front of the generated PDF document. The content of this information is defined with this file.

DeliveryNotificationReport.cshtml

This is the content of the send report if a user has requested it in Outlook. The appearance is defined via the CommonMailTemplate.

DeMailConnectorIssueEscalationMail.cshtml

If NoSpamProxy cannot retrieve or send De-Mail repeatedly, an administrator will be notified. The content of this message can be defined here.

EncryptedMailNotificationTemplate.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the recipient will be informed. This info mail states which options he has. The content of this email is recorded in this template. The appearance is defined via the CommonMailTemplate.

EncryptionDelayedNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the sender is informed about the delay. The content of the delay message is defined here. The appearance is defined via the CommonMailTemplate.

EncryptionFailureNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and an encryption error occurs, the sender is informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

EncryptionSucceededNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt”, he will receive a notification as soon as the email has been encrypted. The appearance is defined via the CommonMailTemplate.

​LargeFileDownloadNotification.cshtml

If the recipient of a file that was previously moved to the Web Portal downloads it, the sender is notified. The content of this information is determined by this file.

MailOnHoldExpired.cshtml

If a user marks an email as “Automatically encrypt” and enQsig has no cryptographic key and the recipient of the email does not deposit a cryptographic key within 5 days, the email will be discarded and the sender informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

MailValidationError.cshtml

If a De-Mail cannot be sent via the De-Mail connector, the sender is notified. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

PolicyFailureNonDeliveryMessage.cshtml

The sender will be notified if an email violates the policy in the rules. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

QualifiedSignatureIssueEscalationMail.cshtml

If the verification or creation of a qualified signature fails, a notification is sent to a specified address. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

SampleAutoReply.cshtml

With the action “AutoReply” it is possible to answer e-mails with an automatically generated email. The content of this reply is defined here.

SymmetricPasswordUpdateNotification.cshtml

If an external recipient has stored a password for the PDF mail on the WebPortal, he will be notified of the change. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

WordFilterMatchNotification.cshtml

The word filter provides the ability to notify any email address when certain words are found in emails. The content of this notification can be defined here.

How to set the number of concurrent connections manually

This article describes how to change the number of outbound connections of the Gateway role.

The corresponding settings are specified in the file “Gateway Role.config” in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective gateway role. To edit the file, first stop the gateway role.

Below the tag

<netatwork.nospamproxy.proxyconfiguration ... >

find the tag <queueConfiguration> and add the attributes maxConcurrentConnections="xx" and maxConcurrentConnectionsPerDomain="xx" to it. It should look like this:
<queueConfiguration maxConcurrentConnections="100" maxConcurrentConnectionsPerDomain="10" />

This limits the number of concurrent connections to 100, with a maximum of 10 concurrent connections allowed per domain.

This article describes how to manually set the number of concurrent connections. Since version 7.0, NoSpamProxy determines this number dynamically by itself. The basis for the decision is the CPU and memory usage. To prevent this behavior, proceed as follows:

First stop the Gateway Role. The corresponding setting is made in the “Gateway Role.config”. This file can be found in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective Gateway Role.

Look for the line beginning with the following characters:

<netatwork.nospamproxy.proxyconfiguration...

Insert the following value directly below:
<connectionLimits hardUpperConnectionLimit="" minimumNumberOfConcurrentSessions="" />

If the values are not specified as in this example, the dynamic limit applies (depending on the CPU utilisation).

The values are both integer values.

The value hardUpperConnectionLimit setermines the maximum number of connections.
The value minimumNumberOfConcurrentSessions determines the maximum number of concurrent connections.

Example
<connectionLimits hardUpperConnectionLimit="100" minimumNumberOfConcurrentSessions="50" />

Finally, save the configuration file and restart the Gateway Role.