How to change the WebPort for NoSpamProxy

The WebPort is the port to which the MMC connects when accessing the individual roles. Furthermore, the roles connect via the configured port and count 1. If the WebPort is configured to 6060, the services connect via 6061. You should only change this port if it is necessary.

To change the WebPort, proceed as follows:

First, stop all NoSpamProxy services. The corresponding setting is made in all configuration files. These files can be found in the configuration directory under “C:\ProgramData\Net at Work Mail Gateway\Configuration\”. If you also use the WebPortal, you will find the corresponding configuration files under “%Program Files%\Net at Work Mail Gateway\enQsig Webportal\App_Data\”.

Look for the line that begins with the following characters:
<netatwork.nospamproxy.webservices
Add the following attribute:

port="6060" (the new port value must be entered here).

The line should now look like this:
<netatwork.nospamproxy.webservices serverCertificateThumbprint="xxx" port="6060" />
The attribute serverCertificateThumbprint will look different on each NoSpamProxy server.

Now, change the URL reservation via netssh. The HTTPSYSMANAGER tool from http://httpsysmanager.codeplex.com/ makes this easy. Alternatively, enter the following command on the command line:

netsh http add urlacl url=http://+:8060/NoSpamProxy/ sddl=D:(A;;GX;;;LS)(A;;GX;;;NS)

Restart all services now.

Switch to the new port in the MMC.

Then re-create the role connections.

/by

How to set up header-based routing

,

Starting with NoSpamProxy 9.2, header-based routing is available. The setting is only configurable via the configuration file itself. In order to use header-based routing, proceed as follows:

  1. Create a connector for the respective emails.
  2. Edit the files “Intranet Role.config” and “Gateway Role.config” in the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\” as explained in steps 3 to 5.
  3. In the respective files, search for the connector that you created in the first step.
  4. In the connector settings, find the following tag:
    <headerMatches comparisonMode="Or" />
  5. Modify the tag to look like this:
    <headerMatches comparisonMode="Or">
    <match headerName="name" value="value" />
    </headerMatches>

Now you can make the appropriate settings. You can also search for several header values and combine the search function with an AND operator. The entry will look as follows:
<headerMatches comparisonMode="And">
<match headerName="name" value="value" />
<match headerName="name" value="value" />
<match headerName="name" value="value" />
</headerMatches>

Also make this change in the “Gateway Role.config” file.

IMPORTANT
Before you save the configuration file, you must stop the corresponding service. Only then can you save the configuration file properly.

/by

How to set up a Reserved IP Address in Microsoft Azure

,

If you want to run NoSpamProxy, or parts of it, in a virtual machine in a Microsoft Azure environment, you need an IP address that will be retained even after the machine restarts. To achieve this, you must set up a Reserved IP Address. If you fail to do this, there is a very good chance that a different IP address will be assigned after the machine restarts.

To set up a Reserved IP address, please use the information in the following Microsoft article:
http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/

/by

How to check database integrity

,

This article explains how to check database integrity and repair it if necessary.

Microsoft SQL Server Management Studio is required to do this.

    1. Open Microsoft SQL Server Management Studio.
    2. Expand the Databases menu item.
    3. Click on the database “NoSpamProxyDB” and then on New Query in the upper left area. A white window now appears on the right side. To check a suspicious database for errors, you can use the following command in SQL Management Studio:
      DBCC CHECKDB ('NoSpamProxyDB')

    The next command would then correct these errors. You must set the Restrict Access mode from MULTI_USER to SINGLE_USER under Options in the database's Properties before running the command.
    DBCC CHECKDB ('NoSpamProxyDB', REPAIR_REBUILD)
    The success is checked again with the following command.
    DBCC CHECKDB ('NoSpamProxyDB')
    No red error messages should appear in the output now. If the database could not be successfully repaired and red error messages still appear, execute the more aggressive command
    DBCC CHECKDB ('NoSpamProxyDB', REPAIR_ALLOW_DATA_LOSS)
    You should also check the success with the above command afterwards. If the database cannot be repaired, you can also create a new database via the NoSpamProxy interface. The point can be found under the node “Troubleshooting”.

    If problems with the SQL Server occur often, a defect on the SQL Server is likely.

/by

How to change the delivery attempts/repeat intervals of the Gateway Role

,

The default settings are as follows:

  • The first attempt takes place after 5 minutes.
  • The second attempt takes place after 10 minutes.
  • The third attempt takes place after 15 minutes.
  • Each additional attempt is made every 30 minutes.
  • The first delivery delay notification is generated after 6 hours.
  • The delivery is stopped after 1 day.
  1. Stop the gateway role. The corresponding settings are saved in the file “Gateway Role.config” in the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on all your installed gateway roles. S
  2. Search for the following line in the file:
    <netatwork.nospamproxy.proxyconfiguration ... >
  3. Add the following entry directly below this line if it does not already exist in a similar form:
    <queueConfiguration firstRetryInterval="00:15:00" secondRetryInterval="00:30:00" thirdRetryInterval="01:00:00" subsequentRetryInterval="04:00:00" expirationTimeout="3.00:00:00" sendDelayNotificationAfter="12:00:00" />
  4. Adjust the values to the desired value and save the file.
  5. Restart the previously stopped gateway role(s).
/by

How to change the SMTP connection properties

,

How to change the SMTP connection properties of the gateway role

This article describes how to change the SMTP connection properties of the Gateway Role. The corresponding settings are made in the file “Gateway Role.config” in the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\”.

  1. Search for the following line in the file:
    <netatwork.nospamproxy.proxyconfiguration ... >
  2. Add the following entry directly below this line:
    <smtpServicePointConfiguration maxActiveConnectionsPerEndPoint="25" maxConnectionIdleTime="00:01:00" isServicePointRecyclingEnabled="false" maximumMailsPerSession="2" />
  3. Now adjust the values to the desired value.

Please note

Before you save the “Gateway Role.config” file, you must stop the “NoSpamProxy – Gateway Role” service. Only then you can save the configuration file properly.

/by

When does Level of Trust assign bonus points for the sender domain?

,

This article describes the behavior of the Level of Trust Filter with regard to the domain bonus point awarding starting with NoSpamProxy version 11.1.

The bonus points as such can be assigned to the respective domains in two different ways:

  1. Automatically as a result of an outbound email
  2. Manually via the GUI (in the Partner menu item) or via PowerShell (Set-NspPartnerTrustDetails).

In order for an inbound email from this domain to receive the stored bonus points, the following conditions must be met (it is an OR operation):

  • the SPF check is successful
  • the DKIM check is successful
  • the DMARC check is successful
  • the email is S/MIME or PGP-signed and the signature is valid (and matches the domain in the email header!)
  • the IP address appears in the domain properties. This list is automatically populated at night with the IP addresses that NoSpamProxy can read from the MX and A records of the respective domain. However, the addresses are only collected if there is no DMARC record for the sender domain.

Furthermore, please note that if the email domain in the Envelope-From differs from the domain in the Header-From, NoSpamProxy will always use the header domain for the check.

Important

For the scenario described above to work, the action “Check SPF, DKIM and DMARC” (only version 11.1) or the reputation filter (from version 12) must also be activated in every rule in which the Level of Trust is active.

In version 11.x, the action does not affect the scoring, but only logs the data.

/by

Changing NoSpamProxy Notifications

,

Changing user notifications NoSpamProxy version 10.1 and higher

This article describes how you can customise the templates for the design of the PDF Mails/user notifications to your needs. The corresponding template files are located in the program directory of the Intranet Role and the Gateway Role. The changes only have to be made in the directory of the Intranet Role. The contents are automatically replicated to all connected gateway roles.

The corresponding CSHTML files are located in the directory %Program Files%\Net at Work Mail Gateway\Intranet Role\Templates, or for new installations with version 10 in the directory %Program Files%\NoSpamProxy\Intranet Role\Templates.

IMPORTANT

You need at least rudimentary HTML skills to make the adjustments.

Overview of the available template files

The following list provides an overview of the function of the individual files:

ApplySymmetricEncryptionPasswordNotice.cshtml

If a user sends an email as PDF Mail, he will receive a notification of the password used, or information that the password was sent to the recipient by SMS or that the creation of the PDF Mail failed. The text of the notification is in this file. The appearance is defined via the CommonMailTemplate.

AttachmentManager.cshtml

When NoSpamProxy removes a file attachment from an email, a replacement file is attached to the email to notify the user that the original file has been removed. The corresponding message text can be edited in the Attachment Manager.cshtml file.

AttachmentQuarantine.cshtml

When NoSpamProxy removes a file attachment from an email and quarantines it, a replacement file is attached to the email to notify the user that the original file has been removed. The user has the option to download the removed file directly from the quarantine via a download link. The corresponding notification text can be edited in the Attachment Quarantine.cshtml file.

AttachmentQuarantineApproval.cshtml

When NoSpamProxy removes a file attachment from an email and quarantines it, a replacement file is attached to the email to notify the user that the original file has been removed. The user has the option to download the removed file from the quarantine via a download link after it has been approved by the administrator. The corresponding notice text can be edited in the QuarantineApproval.cshtml attachment file.

CommonMailTemplate.cshtml

This file defines the general appearance of notifications. Here, for example, the colors and the logos to be used are stored as HTML tags. All other files except the “ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml” contain only the text modules.

ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml

The appearance of the PDF file is defined in this file. Colors and logos must be defined here again.

ConvertMailContentToPdfAttachmentActionTeaser.cshtml

This file contains the text for the carrier email of the PDF file. The recipient of a PDF email is informed that the actual content of the email is contained in the attached PDF document. The appearance is defined via the CommonMailTemplate.

DeliveryNotificationReport.cshtml

This is the content of the send report if a user has requested it in Outlook. The appearance is defined via the CommonMailTemplate.

DeMailConnectorIssueEscalationMail.cshtml

If NoSpamProxy is unable to download De-Mails from the DMDA for a certain period of time, a notification will be sent to the administrative email address. The content of this notification can be edited here.

English.HtmlProcessCardTemplate

The contents of the German test report can be edited in this file. Test reports are generated at the administrator’s request, if an email, for example, was signed and/or encrypted.

​EncryptedMailNotificationTemplate.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the recipient will be informed. This info email states which options he or she has. The content of this email is recorded in this template. The appearance is defined via the CommonMailTemplate.

EncryptionDelayedNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the sender is informed about the delay. The content of the delay message is defined here. The appearance is defined via the CommonMailTemplate.

EncryptionFailureNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and an encryption error occurs, the sender is informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

EncryptionSucceededNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt”, he or she will receive a notification as soon as the email has been encrypted. The appearance is defined via the CommonMailTemplate.

English.HtmlProcessCardTemplate

The contents of the English test report can be edited in this file. Test reports are generated at the administrator’s request, if an email, for example, was signed and / or encrypted.

LargeFileDownloadNotification.cshtml

If a user sends a file via Large Files, he or she will be notified as soon as the recipient has downloaded the file. The content of the notification can be edited here.

MailOnHoldExpired.cshtml

If a user marks an email as “Automatically encrypt” and enQsig has no cryptographic key and the recipient of the email does not deposit a cryptographic key within 5 days, the email will be discarded and the sender informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

MailValidationError.cshtml

If a De-Mail cannot be sent via the De-Mail connector, the sender is notified. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

PolicyFailureNonDeliveryMessage.cshtml

The sender will be notified if an email violates the rules of the rules. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

QualifiedSignatureIssueEscalationMail.cshtml

If the verification or creation of a qualified signature fails, a notification is sent to a specified address. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

SampleAutoReply.cshtml

Since NoSpamProxy 10 it is possible to generate an automatic reply if, for example, a certain email address is written to. The content of this automatic reply can be adjusted here.
You can copy this file and save it under a different name. In the rules of NoSpamProxy you then specify the template file for the respective purpose.

SymmetricPasswordUpdateNotification.cshtml

If an external recipient has stored a password for the PDF Mail on the Web Portal, he or she will be notified of the change. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

WordFilterMatchNotification.cshtml

Since NoSpamProxy 10 it is possible to send a notification to a certain email address as soon as certain words appear in an email. In this file you define the content of the notification.

Customizing the template files

Start with the file “CommonMailTemplate”. Here you determine the appearance of all emails. Customize the style sheets in the respective files according to your needs. The corresponding logo is also included in this file. In later live operation, the logo files with the correct name must also be available in the Templates folder.

All other files only contain the text modules.

After restarting the intranet role, the new designs are used and replicated to the gateway role(s).

IMPORTANT

Note that the files can be overwritten during patching or upgrading. After a patch/upgrade, check whether your customized files still exist.

/by