NoSpamProxy Server 14.0 (June 23, 2022)

This version contains the following components:

  • NoSpamProxy 14.0.0.4417
  • Intranet Role WebApps Content 1.2.175.0
  • Intranet Role WebApp 1.0.62.0
  • WebApp 1.2.1198.0
  • Management services 14.0.22165.1325
  • Identity Service 1.1.17.7392
  • Gateway Role 14.0.22165.1325
  • Message Tracking Service 1.1.17.7392
  • Intranet Role 14.0.22165.1325
  • WebApp Hosting Service 1.1.12.7392
  • PowerShell 14.0.22165.1325
  • NoSpamProxy Command Center 14.0.22165.1325

New features

Multi-tenant capability

With version 14 of NoSpamProxy Server, multi-tenant capability is available. With this, it is possible to provide the administrators of different companies with their own, closed configuration area. The respective administrators can only see the emails of their own tenant in the message tracking.

The following settings and values are multi-tenant capable:

  • Rules
  • Message tracking
  • Emails on hold
  • DKIM keys
  • Additional user fields
  • Corporate email servers
  • Inbound send connectors
  • Outbound send connectors
  • Corporate domains
  • Corporate users
  • Partner menu
    • Certificates including the certificate chains
    • Passwords
    • TLS settings
    • DANE configuration
  • Web Portal URL and Branding

Within NoSpamProxy Server, it is ensured that emails are always processed separately by tenant. The URLs for the Web Portal can also be configured on a tenant-specific basis, but this requires a corresponding adjustment of the IIS configuration.

NoSpamProxy Web App

The Web App is a new, HTML-based administrative user interface. Through the Web App, the administrator can view the new message tracking, reporting and paused emails, as well as disclaimer and large files management.

Message tracking in the Web App is significantly faster and more powerful than the previous MMC-based variant. It is available in German and English and has a Dark Mode and a Light Mode.

During setup, the NoSpamProxy Web App is installed as part of the Intranet Role. In addition, a certificate is automatically generated so that the Web App can be accessed via an encrypted connection immediately after installation.

Support for S/MIME 4

S/MIME 4 has been a completed standard for two years. NoSpamProxy Server is the first gateway to master and support this standard. NoSpamProxy 13.2 already offered support for authenticated encryption (AES-GCM). Version 14.0 now also supports certificates based on elliptic curves (ECC).

32Guards

32Guards is a cloud-based reputation system developed by Net at Work that rates email attachments and URLs contained in emails. 32Guards has already been available as a beta version since quarter 1/2020 under the name Project Heimdall. As of NoSpamProxy Server 14.0, the next version of the reputation system will be integrated as a regular service in NoSpamProxy Server.

Open Office and other file types as well as new archive formats in the content filter

Many new file types and file formats are now available in content filtering, including:

  • Open Office
  • MP3 audio
  • 7ZIP
  • RAR

ARC support

ARC is the latest technology in the field of sender reputation and has been in status Experimentalsince July 2019. Its penetration rate is relatively high among cloud-based services, such as Google and Microsoft, because it solves a known problem as an authentication system when using SPF, DKIM and DMARC in the context of mailing lists or other forwarding services. ARC makes it possible to sign the original authentication results of an e-mail. This allows a receiving service to validate an email if the SPF and DKIM entries of the email become invalid due to the processing of an intermediate server.

Audit Log

If activated, read and write accesses are logged in the Windows system event log. The audit log is configured exclusively via PowerShell. The cmdlets Get-NspAuditLog and Set-NspAuditLog are available for this purpose.

Created entries

  • Successful NoSpamProxy accesses generate the entry Successful.
  • Accesses that are terminated with an error 401 generate the entry Error.
  • Other errors also generate the entry Error.

Azure AD support

In addition to an on-premises Active Directory and a native LDAP directory, NoSpamProxy Server can now also synchronise users from an Azure Active Directory (AAD) and work with the groups created there.

File sharing request by user

If a file was separated from an email, moved to the Web Portal and blocked there, the recipient can now request the release of the file via the Web Portal. For this purpose, he receives a link in the notification that directs him to the request process. This option can be configured by the administrator in each attachment filter action.

File name of the original document available at Content Disarm and Reconstruction (CDR) in the PDF document.

This extension of the templates makes it possible to use the name of the original document as a variable in the so-called PDF Preface Document. When updating to version 14, the previous template is not adapted. Clients who want to use this variable have to adjust the template manually.

Disclaimer also for inbound emails

With NoSpamProxy 14.0 it is possible to apply the disclaimer function to inbound emails as well. A possible use case is the marking of inbound emails emails from the Internet, in order to sensitise the recipient accordingly.

Flow Guard

Flow Guard allows NoSpamProxy users to be assigned quotas for outbound emails. If the set threshold is exceeded, any further outbound email is rejected. There are a total of two threshold values that can be set per user:

  • Number of emails per hour
  • Total number of emails per day

Thresholds can also be assigned based on AD group memberships.

Improved integration of Microsoft 365 (formerly Office 365)

For Microsoft 365 connectors, the required TLS certificate is automatically requested and renewed before expiry. This is a considerable relief for managed service providers in particular.

Certificate provider SSLplus available

SSLplus is now available as a certificate provider.

Extension of the POP3 connector

As of version 14, NoSpamProxy Server can process the header fields X-Envelope/X-Original as part of the POP3 procedure.

The following headers are used to create the RCPT TO (in the order listed):

  1. Envelope-To
  2. X-Envelope-To
  3. X-Original-To
  4. To, Cc, Bcc

The following headers are used to create the MAIL FROM (in the order listed):

  1. Envelope-From
  2. X-Envelope-From
  3. X-Original-From
  4. X-Original-Sender
  5. From

Further configuration objects in the database

The following configuration settings and objects are now no longer stored in the previous configuration file or in the folder structure of NoSpamProxy Server, but in the SQL database:

  • Emails on hold
  • Corporate domains
  • Corporate email servers
  • Send connectors
  • Global user settings
  • All passwords used

Changes

CSA Whitelist becomes CSA Certified IP List and is no longer an action

This change optimises the behaviour of NoSpamProxy when a submitting IP address is on the CSA Certified IP List. The reception of intentional newsletters is thus improved. As of NoSpamProxy 14, the function is implemented as a filter.

  • If the submitting IP address of an email is on the CSA Certified IP List, the filter assigns -2 SCL points.
  • When updating to NoSpamProxy 14, the filter is added to a rule if it was previously configured as an action in the same rule. The weighting is preset to 2.
  • When creating default rules, the filter is activated and has a weighting of 2.

Restricting the address entries in a rule

There is now a limit of 256 entries for the address ranges in a rule. Rules that have more entries must be split.

Minimum requirements are checked in the setup

The new setup now checks whether the machine on which NoSpamProxy Server is installed has at least two virtual cores. If only one virtual core is available, the setup aborts. The load of an SQL Server Express database is also checked. If less than 2 GB are available, the setup will abort.

New setup

The setup was newly developed. It includes the following components:

  • Gateway Role
  • Intranet Role
  • Web Portal
  • NoSpamProxy Command Center
  • Web App

With the new setup, the handling of email templates within NoSpamProxy has been simplified. In addition, more installation scenarios are now supported for updates. Another new feature is that the SQL server must always be installed manually in advance by the installer. In the setup itself, there is only a link to the setup of the SQL Server Express.

.NET Framework 4.8 is now mandatory

As of NoSpamProxy 14, the .NET Framework 4.8 is a minimum requirement and is installed by the setup if necessary.

Discontinuations

  • The E-Postbrief connector is no longer included. Existing connectors are deleted during migration.
  • The connector to the German Office 365 is no longer included. Existing Office 365 accounts to the German Azure Cloud will be removed during the migration.
  • Proxy mode is no longer included. Existing configurations are switched to queue mode during migration.
  • Windows Server 2012 and lower are no longer supported.
  • Windows Server 2012 R2: SQL Express 2016 and lower are no longer supported.
  • Windows Server 2016 and newer: SQL Express 2017 and lower are no longer supported.
  • SQL Server Standard/Enterprise 2012 SP3 or lower are no longer supported. Minimum requirement is 2012 SP4.