Error:

When establishing the connection between the intranet role and the gateway role the error message “The security protocol cannot verify the incoming message” is displayed. The dialog terminates in an error message and the connection object is not created afterwards.

Status:

This problem occurs if the two roles were installed on different servers and the times differ by more than 5 minutes.

Solution:

Adjust the times on both systems.

Error:

When receiving and decrypting a 5MB email, the email is rejected and the error “ASN1 not enough memory” is displayed. The same error is also displayed in message tracking.

Status:

This problem occurs because a buffer size is not properly increased by the .NET framework. This problem is known to Microsoft and can be fixed with the hotfix below.

Solution:

To resolve this problem, install the following Microsoft hotfix: http://support.microsoft.com/kb/2480994/de

http://support.microsoft.com/kb/2480994/de

Error:
Emails are rejected by NoSpamProxy even though the Level of Trust Filter has marked them as trusted. In message tracking and in NDR the following reason is given:
“A part of the email could not be decoded. System.formatException: Invalid character in a Base-64 string.”

The following error message is displayed in message tracking:
“The Base64 encoded content was invalid.”

Status:
The problem with the email in question is the NoSpamProxy security check. NoSpamProxy detects a conflict with the RFC’s in the body. It does not have a Base64 encoding and is therefore rejected. This security check can only be disabled in the configuration file of NoSpamProxy.

Solution 1:
Version 7.x and 8.x:

The configuration file to be changed is called “antispamrole.config” and is located in the program directory of NoSpamProxy under “..\nospamproxy\AntiSpam Role\config”. Please note that you can only save the file when the NoSpamProxy service is finished. Otherwise the change will be discarded.

Please search for the following line in the file first:

</netatwork.nospamproxy.proxyconfiguration>

Insert the following key directly above this line:
<dispatchInvalidMails isEnabled="true" />

The result should look as follows:
<dispatchInvalidMails isEnabled="true" />
</netatwork.nospamproxy.proxyconfiguration>

Save the file and restart the NoSpamProxy Service. Now the emails should be received.

From version 9.x:

From Net at Work Mail Gateway 9.x or NoSpamProxy 10.x:
The configuration file to be changed is called “Gateway Role.config” and is located under “C:\ProgramData\Net at Work Mail Gateway\Configuration”. Please note that you can only save the file when the gateway role is finished. Otherwise the change will be discarded. The change must be made on all gateway roles.

Please search for the following line in the file first:

</netatwork.nospamproxy.proxyconfiguration>

Insert the following key directly above this line:
<dispatchInvalidMails isEnabled="true" />

The result should look as follows:
<dispatchInvalidMails isEnabled="true" />
</netatwork.nospamproxy.proxyconfiguration>

Save the file and restart the Gateway Role. Now the emails should be received.

Solution 2:

Version 7.x and 8.x:

Alternatively or additionally there is the possibility of a repair attempt by the Net at Work Mail Gateway. It will then try to ignore the superfluous characters or to fill in the missing characters to get a valid encoding. This does not always work, but can be helpful.

The configuration file to be changed is called “antispamrole.config” and is located in the program directory of NoSpamProxy under “..\nospamproxy\AntiSpam Role\config”. Please note that you can only save the file when the NoSpamProxy service is finished. Otherwise the change will be discarded.

Please search for the following line in the file first:

</netatwork.nospamproxy.proxyconfiguration>

Insert the following key directly above this line:
<encodingOptions invalidBase64LengthHandling="IgnoreExtraCharacters" />

The result should look as follows:
<encodingOptions invalidBase64LengthHandling="IgnoreExtraCharacters" />
</netatwork.nospamproxy.proxyconfiguration>

Save the file and restart the NoSpamProxy Service. Now the emails should be received.

From version 9.x.

The configuration file to be changed is called “Gateway Role.config” and is located under “C:\ProgramData\Net at Work Mail Gateway\Configuration”. Please note that you cannot save the file until the gateway role is closed. Otherwise the change will be discarded. The change must be made on all gateway roles.

Please search for the following line in the file first:

</netatwork.nospamproxy.proxyconfiguration>

Insert the following key directly above this line:
<encodingOptions invalidBase64LengthHandling="IgnoreExtraCharacters" />

The result should look as follows:
<encodingOptions invalidBase64LengthHandling="IgnoreExtraCharacters" />
</netatwork.nospamproxy.proxyconfiguration>

Save the file and restart the Gateway Role. Now the emails should be received.

Both solutions do not work together until version 9.2. If you choose solution 2, there is no fallback to solution 1 if the Base64 decoder cannot repair the email. Starting with NoSpamProxy 10 both can be used together.

Starting with NoSpamProxy 9.2, header-based routing is available. The setting is only configurable via the configuration file itself. In order to use header-based routing, proceed as follows:

  1. Create a connector for the respective emails.
  2. Edit the files “Intranet Role.config” and “Gateway Role.config” in the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\” as explained in steps 3 to 5.
  3. In the respective files, search for the connector that you created in the first step.
  4. In the connector settings, find the following tag:
    <headerMatches comparisonMode="Or" />
  5. Modify the tag to look like this:
    <headerMatches comparisonMode="Or">
    <match headerName="name" value="value" />
    </headerMatches>

Now you can make the appropriate settings. You can also search for several header values and combine the search function with an AND operator. The entry will look as follows:
<headerMatches comparisonMode="And">
<match headerName="name" value="value" />
<match headerName="name" value="value" />
<match headerName="name" value="value" />
</headerMatches>

Also make this change in the “Gateway Role.config” file.

IMPORTANT
Before you save the configuration file, you must stop the corresponding service. Only then can you save the configuration file properly.

This article describes how to configure a proxy server for the CYREN Premium AntiVirus in all NoSpamProxy versions from version 9.2 onwards. To do this you have to download the file ctasd.conf from the directory “C:\ProgramData\Net at Work Mail Gateway\CYREN\”.

Find the following section:

#   If you connect to the Internet through a proxy server, you
#   should uncomment the following parameters and assign appropriate
#   values.
#ProxyPort = 80
#ProxyServerAddress = myproxy
#ProxyAuth = NoAuth
#ProxyUserName = user@proxy
#ProxyPassword = 1234
#ProxyAccess = 1

If you are using a proxy server without authentication, remove the # sign before the lines “ProxyPort”, “ProxyServerAddress”, “ProxyAuth” and “ProxyAccess”. Under “ProxyPort”, enter the corresponding port of your proxy server. After the entry “ProxyServerAddress” you configure either the IP address or the FQDN of your proxy server. For “ProxyAuth” leave the entry at “NoAuth”.

If you are using a proxy server with authentication, you must also select the options “ProxyUserName” and “ProxyPassword”. Enter the corresponding credentials for “ProxyUserName” and “ProxyPassword”. In addition you have to change the value “ProxyAuth” to “Basic”.

After saving the file, restart the “NoSpamProxy – CYREN Service” in order to apply the changes.