Below you will find a number of popular key servers operated by established manufacturers, along with the corresponding settings for the integration in NoSpamProxy.

These directories are automatically queried via the Open Keys server.

Provider: A trust
Hostname: ldap.a-trust.at:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: Arbeitsagentur (For further information about this LDAP server please contact us: IT-Systemhaus.Vertrauensdienste@arbeitsagentur.de)
Hostname: cert-download.arbeitsagentur.de:389
Registration: CN=Username,OU=BA,O=Bundesagentur für Arbeit,C=de
LDAP search: In container OU=BA,O=Bundesagentur für Arbeit,C=de on (mail=%e)
LDAP fields: userCertificate;binary

Supplier: Federal Office for IT Security
Hostname: x500.bund.de:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: D-TRUST
Hostname: directory.d-trust.net:389
Registration: Anonymous
LDAP search: In container c=de on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: Datev
Hostname: ldap.crl.esecure.datev.de:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: DFN
Hostname: ldap.pca.dfn.de:389
Registration: Anonymous
LDAP search: In the container with the base DN: o=DFN-Verein,c=DE search for (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: S Trust
Hostname: directory.s-trust.de:389
Registration: Anonymous
LDAP search: In container dc=s-trust,dc=de on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: Siemens PKI
Hostname: cl.siemens.com:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: T-Systems Mailpass
Hostname: ldap.t-mailpass.de:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: DigiCert, Inc
Hostname: ldap://directory.pki.digicert.com:389
Registration: Anonymous
LDAP Search: Unlimited search on (mail=%e)
LDAP Fields: userCertificate;binary

Supplier: SwissSign AG
Hostname: directory.swisssign.net:389
Registration: Anonymous
LDAP search: In container o=SwissSign,c=CH on (mail=%e)
LDAP Fields: userCertificate;binary

When integrating the WebPortal into the configuration, the following settings must be observed for various scenarios. These settings are outside the NoSpamProxy but are mandatory for integration.

Scenarios

  • NoSpamProxy WebPortal is operated parallel to the gateway role and/or intranet role on the same system
    The Microsoft KB926642 article must be applied. Method 1 (recommended): Create the Local Security Authority host names that can be referenced in an NTLM authentication request is recommended, especially for production environments. Method 2: Disable the authentication loopback check should only be applied to test environments!
    Note: The articles at Microsoft swap the methods in the English and German versions. Always check the exact description!
  • NoSpamProxy WebPortal is operated on a system in the DMZ / on computer(s) outside the domain
    The Microsoft KB951016 article must be applied

This article describes how you can use the debugging tools to create log files for the analysis of high processor loads, which can then be evaluated by NoSpamProxy Support.

First install the Windows debugging tools on the server under high processor load. You can download them at https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/

Then, enter the following command into the command line:

cdb.exe -pv -pn NetatWorkMailGatewayGatewayRole.exe -c ".load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll;!EEStack -ee;qd" > NoSpamProxyStack_%date:~-4.4%%date:~-7.2%%date:~-10.2%_%time:~0.2%%time:~3.2%%time:~6.2%.log


If necessary, replace the NetatWorkMailGatewayGatewayRole.exe process with the process that causes the high processor load. Execute the command several times and then send the resulting log files in zipped form to NoSpamProxy Support.

Error:

When receiving and decrypting a 5MB email, the email is rejected and the error “ASN1 not enough memory” is displayed. The same error is also displayed in message tracking.

Status:

This problem occurs because a buffer size is not properly increased by the .NET framework. This problem is known to Microsoft and can be fixed with the hotfix below.

Solution:

To resolve this problem, install the following Microsoft hotfix: http://support.microsoft.com/kb/2480994/de

http://support.microsoft.com/kb/2480994/de