Automating the user import
You can automate the import of user data by setting up multiple user imports in the Intranet Role. This enables you to keep the corporate users in the NoSpamProxy Gateway Role differentiated and up-to-date.
NOTE: Not all Active Directory attributes are synchronised with NoSpamProxy in all scenarios. The same behaviour occurs with the additional user fields. If the automatic user import is configured to use the "Global catalogue", only a few attributes are provided by the Active Directory. To access missing attributes, you must switch the import to use the default domain controller or a specific server. For more information, see the Microsoft documentation.
New user import via on-premises Active Directory
- Go to Identities > Corporate users > Corporate users.
- Click Automatic user import and click Add.
- Select Active Directory as the type of user import.
- Under General, specify a unique name, the update cycle and the status of the user import.
- Select the type of server and the user who is allowed to access it.
TIP: The Active Directory search selects the users to be imported. Here you can filter for specific containers, e.g. OU=sales, OU=user, DC=domain, DC=DE. In most cases, you will want to import all the users' email addresses. You can also restrict the import to the primary address by selecting the option on this page.
NOTE: If you want to enter a specific domain controller, you can enter an IP address or a server name. When the integrated Windows Authentication is selected, NoSpamProxy uses the network service if it is installed on a domain controller. Otherwise, the computer account is used for authentication.
- (Optional) Specify an additional LDAP filter.
- Select whether you want to encrypt the connection using TLS.
- Select the type of authentication and enter the login data.
- Select the scope and which addresses are to be imported (all or only primary addresses).
- Under Groups, specify which functions each local user who has been imported may use. The functions depend on his group membership.
- Click Finish.
New user import via Azure Active Directory
- Go to Identities > Corporate users > Corporate users.
- Click Automatic user import and click Add.
- Select Azure Active Directory as the user import type.
- Under General, specify a unique name, the update cycle and the status of the user import.
- Provide a certificate for the AAD app registration by entering the following in PowerShell:
$newCertificate = New-SelfSignedCertificate -Subject "nospamproxy-userimport.example.com" -HashAlgorithm "SHA256" -KeyLength 4096 -KeySpec KeyExchange -NotAfter $((Get-Date).AddYears(30)) -KeyExportPolicy NonExportable -
Give the Intranet Role read authorisation for the private key.
-
Use the certificate to create a new app registration in the AAD and assign the following permissions: Microsoft Graph permission: Group.Read.All, User.Read, User.Read.All
- Switch to the NCC and enter your client name, the client ID and the certificate.
- Under Groups, specify which functions each local user who has been imported may use. The functions depend on his group membership.
- (Optional) Under Additional user fields, assign values from the directory to the additional user fields.
- Click Finish.
NOTE: To set up automatic user import via Azure Active Directory in NoSpamProxy, NoSpamProxy must be registered as an app in the Azure portal. See How to register NoSpamProxy in Microsoft Azure.
NOTE: NoSpamProxy does not support public folders, as these are also no longer supported by Azure Active Directory.
New user import via generic LDAP
- Go to Identities > Corporate users > Corporate users.
- Click Automatic user import and click Add.
- Select Generic LDAP as the type of user import.
- Under General, specify a unique name, the update cycle and the status of the user import.
- Enter the server and port and select the type of authentication.
- Enter the Search Root and the class name under which the groups can be found.
TIP: You can restrict the search to users with certain properties by applying a filter. You can also restrict the LDAP search in the directory to certain containers.
- Under LDAP address fields, specify additional LDAP fields to search for email addresses. This is necessary if your system does not store the email addresses in the default fields mail or otherMailBox.
- Under Groups, specify which functions each local user who has been imported may use. The functions depend on the respective group membership.
- Click Finish.
TIP: The additional user fields of a user can be filled with values directly by the user import. See DISCLAIMER to learn how to configure additional user fields within an automatic user import.
New user import via text file
- Go to Identities > Corporate users > Corporate users.
- Click Automatic user import and click Add.
- Select Text file as the type of user import.
- Under General, specify a unique name, the update cycle and the status of the user import.
- Specify the path to the file that contains the user addresses.
- Under Content filtering, select the policies for inbound and outbound emails.
- Click Finish.
NOTE: The text file does not require a special format. All email addresses are found and imported regardless of format.
NOTE: If you have a license for NoSpamProxy Large Files or NoSpamProxy Protection, you can also select a content filter for all users to be imported here. The content filters are configured under .
New group in user import
NOTE: To enable functions for user groups, an Active Directory connection or LDAP connection must be configured.
NOTE: The scope of Active Directory groups must be of the type Universal. For more information, see the Microsoft documentation.
Proceed as follows:
- Search for the group you want to authorize and select it.
NOTE: If you have licensed NoSpamProxy Large Files or NoSpamProxy Protection, you can select the ones used for each group.
- Select the content filter settings for inbound and outbound emails.
- Set the hourly and daily limits for the Flow Guard.
- Select whether you want to use all members of the group for CxO Fraud Detection.
- Under Automatic key enrolment, select an already configured cryptographic key provider. The Intranet Role will create a key with the provider if a valid key does not already exist.
- Specify which De-Mail functions are made available to the members of this group.
NOTE: All users who want to use De-Mail need a De-Mail address. You can have these created using the address management according to a replacement pattern or manually using an address rewriting. A warning is displayed in the event log for users who do not have a valid De-Mail address. If the members of the group are not allowed to send De-Mails, this dialog cannot be used.
- (If De-Mail is available) Select whether the address rewriting is to be created automatically according to the stored pattern or manually via the address rewriting node.
NOTE: If you want to have the address descriptions created automatically, you can either have individual entries created or use the group mailbox functionality. For individual entries, a unique De-Mail address is generated for each user for his primary email address. To do this, you define a template in the dialog according to which the address is to be created.
- (If De-Mail is available) Use one of the predefined replacement templates and customise it if you do not want to create the replacement entry completely manually. Alternatively the group mailbox functionality can be used.
- Click Finish.
NOTE: If a user is removed from the group, automatically requested certificates and PGP keys are not revoked. This must be done manually by the system administrator.
WARNING: Email addresses are only imported if the domain is also stored in the corporate domains of NoSpamProxy. All others are not imported.
Available replacement entries are available for the individual entries in the automatic creation of address rewritings:
First name %g When using '%g', the first name of the user is used. For example, for the user 'Jane Doe' the first name 'Jane' is inserted.
First letter of first name %1g When using '%1g', the first letter of the user's first name is used. You can also use other numbers instead of '1' to use several letters of the surname. For example, for the user 'Jane Doe' the part 'Ja' of the first name is inserted when using '%2g'.
Last name %s When using '%s', the last name of the user is used. For example, for the user 'Jane oe' the surname 'Doe' is inserted.
First letter of last name %1s When using '%1s', the first letter of the user's last name is used. You can also use other numbers instead of '1' to use several letters of the surname. For example, for the user 'Jane Doe', when using '%3s', the 'Doe' part of the surname is inserted.
Local part %p When using '%p', the local part of the primary email address is used. For example, for the address 'jane.doe@example.com' the local part 'jane.doe' is inserted.
Domain without TLD %c When using '%c', the domain of the primary email address is used without the top-level domain such as '.de', '.net', '.com' etc. For example, for the domain 'example.com' the domain name 'example' is inserted.