Information and notes version 14

System requirements

General requirements

Hardware

  • Dedicated email server (cloud-based or on-premises)
  • 4GB RAM Main memory
  • 2 CPU cores (virtualized or physical)
  • Sufficient storage space. The size required depends on the number of emails received and on the modules used. Contact our support team for assistance with planning.

Communication

  • Communication via the SMTP protocol for inbound and outbound emails. NoSpamProxy Encryption also supports the receipt of messages via the POP3 protocol.
  • Port redirection or relay system. NoSpamProxy accepts the emails on port 25 instead of your previous email server. If the email server and NoSpamProxy are installed on the same system, the previous email server port must be redirected.

NOTE: NoSpamProxy cannot be operated in the combination Domain Controller + Exchange + NoSpamProxy on a single system, because the operation of Exchange on a domain controller is prohibited.

NOTE: NoSpamProxy can be installed on a system in parallel with Exchange. However, this combination is not recommended, since problems are often encountered during operation due to double port assignments:

  • Port 6060/6061 TCP (internal communication between the NoSpamProxy roles)
  • Port 25 (SMTP, also used by Exchange)
  • Port 443 (SSL, is required for the Web Portal, but can be changed)
  • Port 110 TCP (POP3, no support for NoSpamProxy Server Protection)

Troubleshooting

TIP: We recommend using Telnet Client or PuTTY on all servers (to test network connectivity).

NoSpamProxy

NOTE: For the Gateway Role and the Intranet Role, you need a Microsoft SQL Server. You can use either Microsoft SQL Express or Microsoft Server Standard/Enterprise.

NOTE: If you use Microsoft SQL Server Express and upgrade to NoSpamProxy Server version 14 or higher, the utilization of the used database must not exceed 70 percent (7 GB).

  • Windows Server 2012 R2
  • Microsoft SQL Server Standard/Enterprise 2012 Service Pack 4 or Microsoft SQL Express 2019 (on Windows Server 2016 or later) or Microsoft SQL Express 2017 (on Windows Server up to and including 2012 R2), respectively
  • How to update SQL Server can be found on the Microsoft Website.
  • Microsoft .NET Framework 4.8
  • Microsoft Visual Studio 2010 Tools for Office Runtime

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, make sure that the respective version of the framework is supported by Exchange before installing or updating the Microsoft .NET framework. An overview of supported versions is provided in the Exchange Server Supportability Matrix.

Gatewayrolle

  • Working DNS resolution. This is used by NoSpamProxy Protection for resolving Realtime Blocklists and Spam URL Blocklists. NoSpamProxy Encryption requires DNS resolution for certificate verification (access to ‘Certificate Revocation Lists’ and ‘OCSP’).
  • HTTP, HTTPS and LDAP access to the Internet. NoSpamProxy Protection requires access for one of the real-time blocklists and the ‘Cyren Antispam’ filter. NoSpamProxy Encryption uses HTTP and HTTPS as well as LDAP for certificate checking (access to ‘Certificate Revocation Lists’ and ‘OCSP’ ).
  • If a firewall is used, appropriate port releases for all ports intended for NoSpamProxy (usually this is port 25).
  • TCP connection via port 6060 and HTTPS connection via port 6061 from the interface to the Gateway Role. These ports are needed for the initial connection setup between Gateway roles and the Intranet role. After all Gateway Roles are connected, communication to them is done only via the Intranet Role.
  • Optional: Any file-based on-access virus scanner.

NOTE: When you share ports, share them on both the Windows firewall and your perimeter firewall.

Intranet Role

  • TCP connection via port 6060 and HTTPS connection via port 6061 from interface to the Intranet Role
  • TCP connection via port 6060 and HTTPS connection via port 6061 from intranet role to the Gateway Role
  • Optional: TCP connection to a Domain Controller via LDAP or Global Catalog
  • Optional: TCP connection to the Web Portal via HTTPS.

NoSpamProxy Command Center

  • TCP connection via port 6060 and HTTPS connection via port 6061 from interface to Intranet Role

Outlook Add-In

  • Outlook 2010 mit Service Pack 2
  • Microsoft Visual Studio 2010 Tools for Office Runtime
  • Microsoft .NET Framework 4.8

NOTE: Make sure that all third-party applications you use that connect to NoSpamProxy are covered by the respective manufacturer support. If this is not the case, the NoSpamProxy support team cannot provide support services.

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, before installing or upgrading the Microsoft .NET framework, make sure that the appropriate version of the framework is supported by Exchange. For an overview of supported versions, see the Exchange Server Supportability Matrix.

TIP: For further information, see Outlook Add-In – Installation and Group Policies.

Web Portal

  • Windows Server 2012 R2
  • Microsoft .NET Framework 4.8
  • Microsoft SQL Server Standard/Enterprise 2012 Service Pack 4 or Microsoft SQL Express 2019 (on Windows Server 2016 or later) or Microsoft SQL Express 2017 (on Windows Server up to and including 2012 R2), respectively.

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, before installing or upgrading the Microsoft .NET framework, make sure that the appropriate version of the framework is supported by Exchange. For an overview of supported versions, see the Exchange Server Supportability Matrix.

Preparations

Depending on the planned installation environment, different preparations are necessary.

  •  If you use a firewall, the port intended for the NoSpamProxy Web Portal must be open. Usually this is port 443.
  •  If the IIS are installed on the same system as one of the Gateway Roles, disable SSL loopback checking. The procedure is described in the Microsoft Knowledge Base.
    • Use method 1 to set up an exception for the connection to this address.
    • Method 2 is not recommended as it would disable an essential security feature of your server.
  •  If the Web Portal is installed on a computer in the DMZ or on a computer outside the domain, please disable the UAC remote restrictions. The procedure is described in the Microsoft Knowledge Base.

Starting the update

Sequence for updating

  1. Update the Intranet Role. This may take some time. A temporary increase in the allocated RAM may be helpful.
  2. Update the Gateway Role(s). If you are using multiple Gateway Roles, update them one at a time.
  3. Update the Web Portal.

NOTE: Uninstall the preview version of the NoSpamProxy 13.2 Web App, if you have installed it.

Before updating

  • Check for any unreleased Disclaimer changes and apply or discard them.
  • Close all Windows programs.

Click the setup file. The wizard guides you through the update process.

Changes and recommendations

General changes

Altered names of NoSpamProxy services

The NoSpamProxy services have new names. You may need to make adjustments in monitoring. The following names are used from version 14 (the previous names are in brackets):

  • NoSpamProxyCyrenIpReputationService (NetatworkMailGatewayCyrenIpReputationService)
  • NoSpamProxyCyrenService (NetatworkMailGatewayCyrenService)
  • NoSpamProxyCyrenUrlService (NetatworkMailGatewayCyrenUrlService)
  • NoSpamProxyGatewayRole (NetatworkMailGatewayGatewayRole)
  • NoSpamProxyIdentityService (-)
  • NoSpamProxyIntranetRole (NetatworkMailGatewayIntranetRole)
  • NoSpamProxyLargeFileSynchronization (NetatworkMailGatewayFileSynchronizationService)
  • NoSpamProxyManagementService (NetatworkMailGatewayManagementService)
  • NoSpamProxyMessageTrackingService (-)
  • NoSpamProxyPrivilegedService (NetatworkMailGatewayPrivilegedService)
  • NoSpamProxyWebApp (NoSpamProxyIntranetRoleWebApp)

Altered names of NoSpamProxy processes

The NoSpamProxy processes have new names. If necessary, make adjustments to monitoring, Windows Firewall and existing local virus scanners. The following names are used from version 14 (the previous names are in brackets):

  • NoSpamProxy.IntranetRole (NetatworkMailGatewayIntranetRole)
  • NoSpamProxyFileSynchronizationService (NoSpamProxyFileSynchronizationService)
  • NoSpamProxy.GatewayRole (NetatworkMailGatewayGatewayRole)
  • NoSpamProxy.ManagementService (NetatworkMailGatewayManagementService)
  • NoSpamProxy.MimeDetection (Netatwork.NoSpamProxy.Mime.Detection.External)
  • NoSpamProxy.PrivilegedService (NetatworkMailGatewayPrivilegedService)
  • NoSpamProxy.WebAppHostingService (NoSpamProxy.WebAppHostingService)

Numerous changes regarding the database structure

The changes to the database structure make it necessary to adapt existing PowerShell scripts as well as SIEM systems (Splunk, for example).

Manual configuration of Cyren services for the Web Portal is no longer necessary

Manual configuration of the Cyren service for the Web Portal is no longer necessary, as this step happens automatically from now on.

Action CSA Whitelist is now action CSA Certified IP List

The action CSA Whitelist is now a filter and is called CSA Certified IP List.

The NoSpamProxy Management Console is now called NoSpamProxy Command Center.

The NoSpamProxy Management Console/NoSpamProxy Management Console has been renamed to NoSpamProxy Command Center and is no longer an MMC snap-in. Any configurations (such as if the MMC was previously installed remotely) will be lost during the upgrade and must be reconfigured in the new application.

New folder for the NoSpamProxy Command Center

The NoSpamProxy Command Center creates a folder and files in the user profile under AppDataRoamingNoSpamProxy. This is where the configuration of the NoSpamProxy Command Center is stored.

Changes during new installation

Changed installation path

The installation path is now C:ProgrammeNoSpamProxy (vormals C:Program FilesNet at Work Mail Gateway).

NOTE: When upgrading, the previous names are retained.

Changed database names

The names of the databases used are now as follows (the previous names are in brackets):

  • NoSpamProxyGatewayRole (NoSpamProxyDB)
  • NoSpamProxyIntranetRole (NoSpamProxyAddressSynchronization)
  • NoSpamProxyWebPortal (enQsigPortal)

HINWEIS:When upgrading, the previous names are retained.

NoSpamProxy Web App

During setup, the NoSpamProxy Web App is installed as part of the Intranet Role.

Empfehlungen

  • We recommend adding the 32Guards filter to all inbound and outbound rules.
  • We recommend adding the 32Guards action to all inbound and outbound rules.

For more information, see the online help.