info icon

Changing NoSpamProxy Notifications

,

Changing user notifications NoSpamProxy version 10.1 and higher

This article describes how you can customise the templates for the design of the PDF Mails/user notifications to your needs. The corresponding template files are located in the program directory of the Intranet Role and the Gateway Role. The changes only have to be made in the directory of the Intranet Role. The contents are automatically replicated to all connected gateway roles.

The corresponding CSHTML files are located in the directory %Program Files%\Net at Work Mail Gateway\Intranet Role\Templates, or for new installations with version 10 in the directory %Program Files%\NoSpamProxy\Intranet Role\Templates.

IMPORTANT

You need at least rudimentary HTML skills to make the adjustments.

Overview of the available template files

The following list provides an overview of the function of the individual files:

ApplySymmetricEncryptionPasswordNotice.cshtml

If a user sends an email as PDF Mail, he will receive a notification of the password used, or information that the password was sent to the recipient by SMS or that the creation of the PDF Mail failed. The text of the notification is in this file. The appearance is defined via the CommonMailTemplate.

AttachmentManager.cshtml

When NoSpamProxy removes a file attachment from an email, a replacement file is attached to the email to notify the user that the original file has been removed. The corresponding message text can be edited in the Attachment Manager.cshtml file.

AttachmentQuarantine.cshtml

When NoSpamProxy removes a file attachment from an email and quarantines it, a replacement file is attached to the email to notify the user that the original file has been removed. The user has the option to download the removed file directly from the quarantine via a download link. The corresponding notification text can be edited in the Attachment Quarantine.cshtml file.

AttachmentQuarantineApproval.cshtml

When NoSpamProxy removes a file attachment from an email and quarantines it, a replacement file is attached to the email to notify the user that the original file has been removed. The user has the option to download the removed file from the quarantine via a download link after it has been approved by the administrator. The corresponding notice text can be edited in the QuarantineApproval.cshtml attachment file.

CommonMailTemplate.cshtml

This file defines the general appearance of notifications. Here, for example, the colors and the logos to be used are stored as HTML tags. All other files except the “ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml” contain only the text modules.

ConvertMailContentToPdfAttachmentActionPdfHeader.cshtml

The appearance of the PDF file is defined in this file. Colors and logos must be defined here again.

ConvertMailContentToPdfAttachmentActionTeaser.cshtml

This file contains the text for the carrier email of the PDF file. The recipient of a PDF email is informed that the actual content of the email is contained in the attached PDF document. The appearance is defined via the CommonMailTemplate.

DeliveryNotificationReport.cshtml

This is the content of the send report if a user has requested it in Outlook. The appearance is defined via the CommonMailTemplate.

DeMailConnectorIssueEscalationMail.cshtml

If NoSpamProxy is unable to download De-Mails from the DMDA for a certain period of time, a notification will be sent to the administrative email address. The content of this notification can be edited here.

English.HtmlProcessCardTemplate

The contents of the German test report can be edited in this file. Test reports are generated at the administrator’s request, if an email, for example, was signed and/or encrypted.

​EncryptedMailNotificationTemplate.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the recipient will be informed. This info email states which options he or she has. The content of this email is recorded in this template. The appearance is defined via the CommonMailTemplate.

EncryptionDelayedNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and enQsig does not have a cryptographic key, the sender is informed about the delay. The content of the delay message is defined here. The appearance is defined via the CommonMailTemplate.

EncryptionFailureNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt” and an encryption error occurs, the sender is informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

EncryptionSucceededNotificationForSender.cshtml

If a user marks an email as “Automatically encrypt”, he or she will receive a notification as soon as the email has been encrypted. The appearance is defined via the CommonMailTemplate.

English.HtmlProcessCardTemplate

The contents of the English test report can be edited in this file. Test reports are generated at the administrator’s request, if an email, for example, was signed and / or encrypted.

LargeFileDownloadNotification.cshtml

If a user sends a file via Large Files, he or she will be notified as soon as the recipient has downloaded the file. The content of the notification can be edited here.

MailOnHoldExpired.cshtml

If a user marks an email as “Automatically encrypt” and enQsig has no cryptographic key and the recipient of the email does not deposit a cryptographic key within 5 days, the email will be discarded and the sender informed. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

MailValidationError.cshtml

If a De-Mail cannot be sent via the De-Mail connector, the sender is notified. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

PolicyFailureNonDeliveryMessage.cshtml

The sender will be notified if an email violates the rules of the rules. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

QualifiedSignatureIssueEscalationMail.cshtml

If the verification or creation of a qualified signature fails, a notification is sent to a specified address. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

SampleAutoReply.cshtml

Since NoSpamProxy 10 it is possible to generate an automatic reply if, for example, a certain email address is written to. The content of this automatic reply can be adjusted here.
You can copy this file and save it under a different name. In the rules of NoSpamProxy you then specify the template file for the respective purpose.

SymmetricPasswordUpdateNotification.cshtml

If an external recipient has stored a password for the PDF Mail on the Web Portal, he or she will be notified of the change. The content of this message can be found here. The appearance is defined via the CommonMailTemplate.

WordFilterMatchNotification.cshtml

Since NoSpamProxy 10 it is possible to send a notification to a certain email address as soon as certain words appear in an email. In this file you define the content of the notification.

Customizing the template files

Start with the file “CommonMailTemplate”. Here you determine the appearance of all emails. Customize the style sheets in the respective files according to your needs. The corresponding logo is also included in this file. In later live operation, the logo files with the correct name must also be available in the Templates folder.

All other files only contain the text modules.

After restarting the intranet role, the new designs are used and replicated to the gateway role(s).

IMPORTANT

Note that the files can be overwritten during patching or upgrading. After a patch/upgrade, check whether your customized files still exist.

/by
info icon

Upgrade recommendations

,

Recommendations regarding upgrade paths

In practice, it is often the case that one or more versions of NoSpamProxy are skipped and the question arises whether an upgrade or even a new installation to the current version makes sense. This article is intended to help you make the right decision based on the experience of our support team and to help you avoid future problems.

Please note that this article does not deal in detail with the individual upgrade steps, for information on this you can find further articles and installation and upgrade instructions in our Knowledge Base under “Update Information”.

General information about 32-bit Windows installations

Since newer versions of NoSpamProxy from version 10 do not support 32-bit Windows installations, these systems must first be migrated to a 64-bit Windows from Windows 2008 R2 or later if an upgrade to the current version is still desired. Windows 2008 SP2 is not sufficient, because this system has some limitations, which stand in the way of an effective operation.

Upgrading from versions older than 7.6

An upgrade from versions older than 7.6 is rarely useful. An upgrade also carries the risk that database errors have crept in, which will lead to problems in later operation. A completely new installation on a new system is recommended. The configuration wizard helps you to create a new set of rules, which you can supplement with a white and black list and other special rules that are still needed. In practice, the new Level of Trust system is formed so quickly that no increase in the false positive rate must be expected.

Upgrading from versions 7.6 to 7.8

If there are no major changes to the rules or if not too many certificates (>200 currently active) are used in the NoSpamProxy encryption component (formerly enQsig), a complete reinstallation is recommended.

If you decide to upgrade, please upgrade to version 8.5 first and then run the article “Error 4503, 5372 or 1213 in the Event Viewer after update to version 7.8 or newer”. You can then upgrade to version 9.2, from which you can seamlessly jump to version 10. Please note the installation and upgrade notes of version 10 and the changes since version 9.0!

Upgrading from version 8.0 to 8.5

Again, a complete reinstall is usually the better choice.

If you have updated from version 7.x to this version and haven’t yet performed the instructions given in the article “Error 4503, 5372 or 1213 in the Event Viewer after update to version 7.8 or newer”, it is recommended to perform this preventive once before upgrading to version 9.2. Please note that you cannot upgrade directly from version 8.0 to version 9.2, but must first perform the 8.5 step. In this case, if you have not already done so, you should carry out the above article after upgrading to 8.5.

Upgrading from version 9.0 to 9.2

Please follow the installation and upgrade instructions for version 10! A few things have changed that require manual intervention or documentation of the previous settings (e.g. for the action “Manage attachments”). Since a direct upgrade to version 11 is not possible, you have to take the intermediate step via the 10.1 offered below. If you are not using 9.2, the system must be upgraded to 9.2 first.

Upgrade from version 10.0

Please pay attention to the installation and upgrade instructions of version 10! There have been some changes which require manual intervention or documentation of the previous settings (e.g. for the action “Manage attachments”). From version 11.0 you need at least SQL Server 2008 R2 Express. Please update it before upgrading.

Upgrading from version 11.1

Before updating, you should make sure that .NET Framework version 4.6.2 is installed and that the SQL Server version is at least 2008 R2.

Required legacy versions for an upgrade

In the Knowledge Base article NoSpamProxy Software Archive you can find all required legacy versions for an upgrade to the current version, should you choose to do so. Please follow the installation and upgrade instructions of the respective old version, as manual intervention may be necessary. If you upgrade from version 7.6 to 8.0, for example, you will also have to make changes if you decide to upgrade from 7.6 to 8.5.

/by
info icon

How to set up header-based routing

,

Starting with NoSpamProxy 9.2, header-based routing is available. The setting is only configurable via the configuration file itself. In order to use header-based routing, proceed as follows:

  1. Create a connector for the respective emails.
  2. Edit the files “Intranet Role.config” and “Gateway Role.config” in the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration\” as explained in steps 3 to 5.
  3. In the respective files, search for the connector that you created in the first step.
  4. In the connector settings, find the following tag:
    <headerMatches comparisonMode="Or" />
  5. Modify the tag to look like this:
    <headerMatches comparisonMode="Or">
    <match headerName="name" value="value" />
    </headerMatches>

Now you can make the appropriate settings. You can also search for several header values and combine the search function with an AND operator. The entry will look as follows:
<headerMatches comparisonMode="And">
<match headerName="name" value="value" />
<match headerName="name" value="value" />
<match headerName="name" value="value" />
</headerMatches>

Also make this change in the “Gateway Role.config” file.

IMPORTANT
Before you save the configuration file, you must stop the corresponding service. Only then can you save the configuration file properly.

/by
info icon

How to configure a web proxy

,

Configuration of a web proxy for NoSpamProxy Version 9.2 and higher

This article describes how to configure a proxy server for NoSpamProxy version 9.x and higher. The Cyren filter and antivirus also works via port 80, but this is configured separately:

How to configure Cyren services

Queries via Windows components

In order to be able to use the proxy for queries that are made directly via Windows components, such as a possible CRL check, you must store the proxy in the system. To do this, execute the following command as an administrator. This command adopts the proxy settings from Internet Explorer for the system components:

netsh winhttp import proxy source=ie

This is necessary on the server with the Intranet and Gateway Role of NoSpamProxy.

Gateway Role

To enter the proxy, the file NetatworkMailGatewayGatewayRole.exe.config from the directory “..\Net at Work Mail Gateway\Gateway Role” must be edited. The following lines must be added.

Copy and Paste does not work because invisible control characters are also copied.

<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>

Adjust the IP address of your proxy server accordingly. The file should look similar to the following. However, please edit a copy of the original file!
Copy and Paste does not work because invisible control characters are also copied.

<?XML version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<gcServer enabled="true" />
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.Unity" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.1.505.0" newVersion="2.1.505.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.3.1.0" newVersion="4.3.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.2.0" newVersion="5.6.2.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>​​
</configuration>

If you want to define exceptions, add the following section directly above the line </defaultProxy>

<bypasslist>
<add address="[a-z]+\.contoso\.com$" />
<add address="192\.168\.\d{1,3}\.\d{1,3}" />
<add address="intranet.nospamproxy.de" />
</bypasslist>​

If it is absolutely necessary to say that NO web proxy is to be used, the following must be entered:

<system.net>
<defaultProxy enabled="false" />
</system.net>

After you have modified the file, restart the Gateway Role.

Please note that the file may be overwritten with each patch/upgrade and the changes must be made again.

Intranet Role

If you want to assign a proxy to the Intranet role, this can be done in the same way as described above using the NetatworkMailGatewayIntranetRole.exe.config from the directory “..\Net at Work Mail Gateway\Intranet Role”. Please note that the Intranet Role requires direct communication with the Gateway Role. You should therefore define proxy exceptions for the Gateway Role(s).

Outlook Add-in

If a Web Proxy with authentication is used on the client PC, it is possible that the NoSpamProxy Outlook add-in cannot upload files to the Web Portal from the client PC because the information from the system variables do not apply here. To make this information available to the add-in, however, you must perform the following steps:

    1. In the Microsoft Outlook installation directory, create a new file named “Outlook.exe.config” next to the “Outlook.exe” file.
    2. Enter the following information into this file and save it:
      <configuration>
      <system.net>
      <defaultProxy useDefaultCredentials="true" />
      </system.net>
      </configuration>
    3. Restart Outlook.

Find more information on the Microsoft Website.

/by
info icon

General update information

,

General information concerning NospamProxy updates

Whenever you install an update of NoSpamProxy, you need to consider the following points, regardless of whether it is an update within a version or a larger version jump.

Proxy settings

The proxy settings are done in a configuration file. In the How Tos category you will find the article How to configure a web proxy for NoSpamProxy Version 9.2 or higher with the exact procedure. Unfortunately these settings are overwritten with each update and must be carried out again afterwards. Therefore, copy the corresponding configuration files into a backup directory in advance in order to be able to use them again afterwards.

IMPORTANT: For updates within e.g. 10.1 or 10.0 the files can be used 1:1. For updates from 9.x to 10.x, the changes must be made on the basis of the new files. Please refer to the above mentioned article.

Template adaptations

If you update from NoSpamProxy 10.x or earlier to a newer version, you still have to save the template files of NoSpamProxy manually. The articles on customising the Web Portal theme and the notification theme describe how to customise each file. These are overwritten for version 10.x with each update and must be saved in advance. After the update, copy the files back to the original directory. With version 11.x a template designer is integrated in NoSpamProxy. From this point on, this step is no longer necessary, unless you have adapted the texts in the templates.

Please note: For updates within e.g. 10.1 or 10.0 the files can be used 1:1. For updates from 9.x to 10.x, the changes must be made on the basis of the new files. Please refer to the above mentioned articles.

Web Portal

If the Web Portal was installed on a server without the Gateway Role, the configuration link https://<server-url>/enqsig/admin/configurecyren must be called again after the update. The NoSpamProxy CYREN Service service must then be restarted on the Web Portal.

/by

How to set up a Reserved IP Address in Microsoft Azure

,

If you want to run NoSpamProxy, or parts of it, in a virtual machine in a Microsoft Azure environment, you need an IP address that will be retained even after the machine restarts. To achieve this, you must set up a Reserved IP Address. If you fail to do this, there is a very good chance that a different IP address will be assigned after the machine restarts.

To set up a Reserved IP address, please use the information in the following Microsoft article:
https://azure.microsoft.com/de-de/blog/reserved-ip-addresses/

/by

Update to version 12.1

,

Updating from version 12.0

Please pay attention to the notes in the installation manual and the general update notes here in the Knowledge Base.

Before updating make sure that .NET Framework 4.6.2 or later is installed and the SQL Server version corresponds to at least 2008 R2.

Upgrade NSP

When updating from version 12.0 to version 12.1, all settings and user information are retained. Only the proxy settings and content adjustments of the template files must be saved as usual and reinstalled after the update. This procedure is described in the general update notes.

Outlook Add-In

The update of the gateway and the Web Portal also requires an update of the Outlook Add-In; otherwise the communication with the Web Portal is no longer possible.

Updating from version 11.1

Please pay attention to the notes in the installation manual and the general update notes here in the Knowledge Base.

Before updating make sure that .NET Framework 4.6.2 or later is installed and the SQL Server version corresponds to at least 2008 R2.

Upgrade NSP

When updating from version 11.1 to version 12.1, all settings and user information are retained during the update, with one small exception. Only the proxy settings and content adjustments of the template files have to be saved as usual and reinstalled after the update. This procedure is described in the general update notes.

Upgrading the content filter settings

The settings made so far for the content filters are fully adopted and converted to the new format. For this, the actions configured in 11.1 are migrated to the new “Content filter actions” and then linked in the content filters. The new actions have the function in their name so that they are easy to identify. Please check the correct configuration after the successful setup.

There is now an option to distinguish between an SMTP action and a Web Portal action. This makes it possible to distinguish whether a file attached to an SMTP email arrives at the NoSpamProxy gateway or is to be sent directly via the Web Portal. After the update, only SMTP actions are available. As long as nothing else is configured, the same settings apply to attachments that arrive via the Web Portal.

Note: Content filtering can be switched on/off on a rule basis in the rule settings on the “General” tab. If no content filter is configured and in use, this should be set to off.

Upgrading message tracking

The format of message tracking in the database has changed fundamentally. Only after the successful update to version 12.1, the Intranet role will migrate the old data into the new format. This means that the message tracking data created before the update will only be available about 15 minutes after the update. This time varies strongly and depends essentially on the available data and the load capacity of the machine. If the migration fails, a warning is displayed on the initial page.

New “Reputation Filter” Filter

NoSpamProxy 12.1 introduces the reputation filter for the first time. This new system has a total of 9 different checks, all of which focus on the origin of the email. After the update to version 12.1 this filter is not activated. Please add the “Reputation filter” filter manually to your ruleset and ideally adopt the pre-set values.

Outlook Add-In

The update of the gateway and the web portal also requires an update of the Outlook Add-In, because otherwise the communication with the web portal is no longer possible.

NoSpamProxy Management Console

As of version 12.1, it is necessary to additionally enable port 6061/HTTPS on the intranet role for the access of the management console from another system.

/by
Info Icon

How to modify SSL certificates to access the disclaimer page

,

You can use a custom SSL certificate to secure the management website of the disclaimer tool. To do this, the desired certificate with the private key must be stored in the certificate store of the computer account on the Intranet role under “Personal certificates”. In the training video for integrating your own TLS certificate, this is explained for the Gateway Role, among other things. However, the manual rights adjustment for the Intranet role is not necessary, this is accomplished by the Powershell shown below.

If the certificate is located in the certificate store on the Intranet Role, run Powershell with admin rights as local administrator. Then execute the following command:

Set-NspWebApiConfiguration -ShowCertificateSelectorUI

A window opens in which the available certificates are displayed. Select the desired certificate and confirm your selection. Now restart the Intranet Role. Your certificate is now active on the Disclaimer website.

/by