Installing NoSpamProxy on a cloud service

Integrating the TCP proxy

NOTE: You must have a valid software maintenance contract to use the TCP Proxy.

It is possible that for cloud-based systems, e.g. Microsoft Azure, port 25 is blocked by the provider. However, port 25 is required for sending emails, and port 25 being blocked prevents NoSpamProxy from operating on such a system.

We offer a solution in the form of our TCP proxy. This system can be activated in NoSpamProxy as described below. Each outgoing connection is routed to a routable IPv4 address on the TCP level through the TCP proxy for NoSpamProxy. The emails will be sent from the server via port 443 to the TCP proxy and from there via port 25 to the recipient system.

  1. Stop the Gateway Role via the NoSpamProxy console or the Windows services.
  2. Open a text editor using administrative rights on the system where the Gateway Role is installed.
  3. Open the configuration file "Gateway Role.config" from the directory C:\ProgramData\Net at Work Mail Gateway\Configuration.
  4. Search the file for <smtpServicePointConfiguration> and change/add the value
    isProxyTunnelEnabled="true" proxyTunnelAddress="proxy.nospamproxy.com"
    as attributes . If <smtpServicePointConfiguration is not present, search for <netatwork.nospamproxy.proxyconfiguration and add
    <smtpServicePointConfiguration isProxyTunnelEnabled="true" proxyTunnelAddress="proxy.nospamproxy.com" />
    directly under this value.
  5. Save the file and close the editor.
  6. Place the Root CA certificate in the Microsoft certificate store in the computer account under Trusted Root Certification Authorities > Certificates on the server with the Gateway Role.
  7. In the NoSpamProxy Command Center under Configuration > NoSpamProxy components > Gateway Roles edit the appropriate gateway role and change the value for SMTP Server Name to the value outboundproxy.nospamproxy.com.
  8. Restart the Gateway Role.
  9. Open the Gateway Role.config file again and check whether the value was retained at startup.

Adjusting the SPF entry

  • If the TCP proxy is implemented, it acts as the sending system. Thus, the TCP proxy must also be included in your SPF record. We strongly recommend adding the following entry to your SPF record:
    include:_spf.proxy.nospamproxy.com

Gegebenenfalls: Anpassen von Microsoft 365

Falls Sie aus Azure heraus E-Mails an eine eigene Microsoft-365-Instanz schicken, bei der ein Konnektor auf die IP-Adressen gebunden ist, aktualisieren Sie bitte die IP-Adressen passend zum Namen outboundproxy.nospamproxy.com. Da bei Microsoft 365 die TLS-Zertifikate gegen die HELO-Domain geprüft werden, ist es nur mit deutlich erhöhtem Aufwand möglich, dies entsprechend umzusetzen. We therefore recommend validation by name.

If necessary: Adjust the firewall

  • If you specifically block outgoing connections, you should adjust the exception for the TCP proxy so that connections to the IP network 193.37.132.0/24 are allowed.

Setting up a static IP address

If you want to run NoSpamProxy or parts of it in a virtual machine in a Microsoft Azure environment, you must have an IP address that is retained even after the machine is restarted. To achieve this, you must set up a static IP address (reserved IP address). Otherwise, it is possible that a different IP address will be assigned after the machine is restarted.

NOTE: You make this setting on the Microsoft Azure virtual machine where NoSpamProxy is installed.

  1. Open the web page portal.azure.com.
  2. Under Home > Virtual Computers, click the virtual computer where NoSpamProxy is installed.
  3. Go to Network > Network interface > IP configurations and select the configuration relevant for NoSpamProxy.
  4. Enable the Public IP address option and then click Create new.
  5. Enter a name and select the Static option.
  6. Click OK.

The IP address is now displayed under the specified name.

NOTE: Also note the instructions on the corresponding page of the Microsoft Azure documentation.

Customizing the Reverse DNS Entry for the NoSpamProxy Server

  1. Go to portal.nospamproxy.com.
  2. Go to Dashboard > Resource Groups > [TheResourceGroupTheVirtualComputerBelongsTo] > [YourVirtualComputer] > Properties.
  3. Enter a name for the public IP address under DNS name label.
  4. Start the Azure Shell.
  5. Enter the following command, replacing the placeholders:
    az network public-ip update --resource-group [ResourceGroup] --name [IPAddressName] --reverse-fqdn [FullDNSName] --dns-name [DNSName]

NOTE: Also note the instructions on the corresponding page of the Microsoft Azure documentation.