Here you can find all versions that are required to upgrade to the current version. When upgrading, be sure to follow the installation and upgrade instructions for the respective version, as you may need to make manual changes. Also note that changes that you must make when upgrading from version 7.6 to 8.0, for example, are also required for a direct upgrade from 7.6 to 8.5.

The current version is available under Software Download.

12.2 (Fast Channel)

12.1 (Fast Channel)

12.1 (Regular Channel)














When receiving and decrypting a 5MB email, the email is rejected and the error “ASN1 not enough memory” is displayed. The same error is also displayed in message tracking.


This problem occurs because a buffer size is not properly increased by the .NET framework. This problem is known to Microsoft and can be fixed with the hotfix below.


To resolve this problem, install the following Microsoft hotfix:

How to set the number of concurrent connections manually

This article describes how to change the number of outbound connections of the Gateway role.

The corresponding settings are specified in the file “Gateway Role.config” in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective gateway role. To edit the file, first stop the gateway role.

Below the tag

<netatwork.nospamproxy.proxyconfiguration ... >

find the tag <queueConfiguration> and add the attributes maxConcurrentConnections="xx" and maxConcurrentConnectionsPerDomain="xx" to it. It should look like this:
<queueConfiguration maxConcurrentConnections="100" maxConcurrentConnectionsPerDomain="10" />

This limits the number of concurrent connections to 100, with a maximum of 10 concurrent connections allowed per domain.

This article describes how to manually set the number of concurrent connections. Since version 7.0, NoSpamProxy determines this number dynamically by itself. The basis for the decision is the CPU and memory usage. To prevent this behavior, proceed as follows:

First stop the Gateway Role. The corresponding setting is made in the “Gateway Role.config”. This file can be found in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective Gateway Role.

Look for the line beginning with the following characters:


Insert the following value directly below:
<connectionLimits hardUpperConnectionLimit="" minimumNumberOfConcurrentSessions="" />

If the values are not specified as in this example, the dynamic limit applies (depending on the CPU utilisation).

The values are both integer values.

The value hardUpperConnectionLimit setermines the maximum number of connections.
The value minimumNumberOfConcurrentSessions determines the maximum number of concurrent connections.

<connectionLimits hardUpperConnectionLimit="100" minimumNumberOfConcurrentSessions="50" />

Finally, save the configuration file and restart the Gateway Role.

Important information on integrating SwissSign as a certificate provider

The following document was created in collaboration with SwissSign. It contains all relevant information on the integration of a Managed PKI from SwissSign into NoSpamProxy.


This document will be updated if necessary.

Last updated 03.09.2015.

SwissSign Silver ID products supported by NoSpamProxy

NoSpamProxy currently supports two out of three Silver ID products offered:

  • Silver certificates without state, organisation and country field
    • Name in the order process: Email ID Silver, email address validated (web interface or partner application)
  • Silver certificates without state field
    • Name in the order process: Email ID Silver, email address validated, organization, country (partner application only)

Products not supported

The following Silver ID product is not supported:

  • Silver certificates with state field
    • Name in the order process: Email ID Silver, email address validated, organization, canton/state, country (partner application only)

Please take note of this information when ordering and make sure to only order the supported products!

If you have ordered the wrong product, you will find the form with which you can request the change from SwissSign under the following link:

From version 9.0

When updating from version 9.0 to version 9.1 or 9.2, all settings and user information are retained during the update.

From version 8.5

When upgrading to version 9.0, the subdivision into the new areas Monitoring, People and Identities and Configuration is immediately noticeable. For each of these areas, users can be explicitly allowed access via security groups. This means that you can assign the rights to a person in your company, e.g. to only use the Monitoring area. This person would then have no access to People and Identities or Configuration. The installation program of the Net at Work Mail Gateway automatically makes the user logged on during the installation a member of all three groups.

The security groups mentioned above are explained in more detail below.

Mail Gateway Monitoring Administrators

Members of this user group may use the Monitoring area. This area displays email statistics, email queues, or key figures about the performance of your server.

Mail Gateway People and Identities Administrators

Members of this user group may use the People and Identities area. This area manages internal and external communication partners and their cryptographic keys.

Mail Gateway Configuration Administrators

Members of this user group may use the Configuration area. This area contains the settings of the Net at Work Mail Gateway and its gateway roles, such as connectors, rules, notifications, and connections to other systems.

The new structure consistently combines previously redundant configuration settings and enables task-oriented administration. This means that the management console of version 9.0 no longer focuses on the roles of the Net at Work Mail Gateway, but on the task you have to perform.

This allowed many areas to be merged and simplified. An example: The address rewriting area of version 8.5 had to be configured to match the local users and their email addresses. The address transcriptions have now been moved to the email addresses of the local users, so that the assignment between email addresses and address transcriptions is made automatically.

Finally, the Commtouch service has been renamed to CYREN. CYREN continues to provide you with a high level of service.

An upgrade to version 9.0 is currently only supported by version 8.5.

Some changes of version 9.0 have a strong effect on the installation of the update. This is the replication of all configuration data between the intranet role and the connected gateway roles. In particular, installations with more than one gateway role must be updated to version 9.0 with great care.

Furthermore, the roles “Reporting Role” and “UserManagement Role” have been combined and are now managed as “Intranet Role”. The new Intranet role will continue to work with the previous database of the UserManagement role. This database will be extended by the update by the tables of the previous reporting role.

In the previous versions, a separate certificate with the name of the service was created for each service and used for the connection between the individual roles. Since version 9.0, a certificate with the server name is created in the CN.

Please note
If you use a custom MSC file instead of the Management Console (MSC file) shortcut created by Setup, this file may not work after the upgrade and the interface may display errors. In this case, please delete your custom MSC file and recreate it.

From version 8.0

When updating from version 8.0 to version 8.5, all settings and user information are retained during the update.