System requirements

WARNING: Please note that the port allocation has changed with version 15.2. Port 6062 has been added in version 15.2 and is now required. Information on the changes can be found under Port allocation.

General requirements

Internet access

In order for NoSpamProxy to complete the installation, the computer used must have outbound Internet access. For information on installing on a computer that has no or only limited access to the Internet, see Offline installation.

Hardware

  • Dedicated email server (cloud-based or on-premises)
  • 8GB RAM Main memory
  • 2 CPU cores (virtualized or physical)
  • Sufficient storage space. The size required depends on the number of emails received and on the modules used. Contact our support team for assistance with planning.

Communication

  • Communication via the SMTP protocol for inbound and outbound emails. NoSpamProxy Encryption also supports the receipt of messages via the POP3 protocol.
  • Port redirection or relay system. NoSpamProxy accepts the emails on port 25 instead of your previous email server. If the email server and NoSpamProxy are installed on the same system, the previous email server port must be redirected.

NOTE: NoSpamProxy cannot be operated in the combination Domain Controller + Exchange + NoSpamProxy on a single system, because the operation of Exchange on a domain controller is prohibited.

NOTE: NoSpamProxy can be installed on a system in parallel with Exchange. However, this combination is not recommended, since problems are often encountered during operation due to double port assignments:

  • Port 25 (SMTP, also used by Exchange)
  • Port 80 TCP (required for communication with the CRL endpoints during installation)
  • Port 443 (SSL, is required for the Web Portal, but can be changed)
  • Port 465 TCP (POP3, no support for NoSpamProxy Server Protection)

  • Port 6060/6061/6062 TCP (internal communication between the NoSpamProxy roles)

Troubleshooting

TIP: We recommend using Telnet Client or PuTTY on all servers (to test network connectivity).

NoSpamProxy

NOTE: For the gateway role and the intranet role, you need a Microsoft SQL Server. You can use either Microsoft SQL Express or Microsoft Server Standard/Enterprise.

NOTE: If you use Microsoft SQL Server Express and update to version 14 or higher of NoSpamProxy Server, the utilisation of the database used must not exceed 70 percent (7 GB).

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, before installing or upgrading the Microsoft .NET framework, make sure that the appropriate version of the framework is supported by Exchange. For an overview of supported versions, see the Exchange Server Supportability Matrix.

NOTE:

If the NoSpamProxy Command Center is used on a Windows Server 2012 R2, it can happen that the latest messages are not displayed on the start page. This is because the operating system cannot open a secure connection to the source of the messages.

For this, the following two TLS ciphers must be activated in the operating system:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Then restart the operating system.

For more information, see the Microsoft documentation.

  • Windows Server 2016 or later
  • Microsoft SQL Server Standard/Enterprise 2016 Service Pack 1 or later or Microsoft SQL Express 2022 (on Windows Server 2016 or newer)
  • Microsoft .NET Framework 4.8
  • Microsoft Visual Studio 2010 Tools for Office Runtime

If you need to update SQL Server Express to version 2022, follow the instructions under Updating Microsoft SQL Server Express.

Gateway Role

  • Working DNS resolution. This is used by NoSpamProxy Protection for the resolution of real-time blocklists and spam URL blocklists. NoSpamProxy Encryption requires DNS resolution for checking certificates (access to 'Certificate Revocation Lists' and 'OCSP').
  • HTTP and HTTPS and LDAP access to the Internet. NoSpamProxy Protection requires access for one of the real-time blocklists, the Core Antispam Engine and the Integrated Malware Scanner. NoSpamProxy Encryption uses HTTP and HTTPS as well as LDAP to check certificates (access to 'Certificate Revocation Lists' and 'OCSP').
  • If you are using a firewall, the ports provided for NoSpamProxy must be released (usually port 25).
  • TCP connection via port 6060 and HTTPS connection via port 6061 and 6062 from the interface to the Gateway Role. These ports are required for the initial connection between Gateway Roles and the Intranet Role. After all Gateway Roles are connected, communication to them is carried out solely via the Intranet Role.
  • Optional: Any file-based on-access virus scanner
  • Access the URL nimbus.bitdefender.net.

NOTE: When you share ports, share them on both Windows Firewall and your perimeter firewall.

Intranet Role

  • TCP connection via port 6060 and HTTPS connection via port 6061 and 6062 from the NoSpamProxy Command Center to the Intranet Role.
  • TCP connection via port 6060 and HTTPS connection via port 6061 and 6062 from Intranet Role to Gateway Role
  • Optional: TCP connection to the domain controller via LDAP or Global Catalog
  • Optional: TCP connection to the Web Portal via HTTPS.

NoSpamProxy Command Center

  • TCP connection via port 6060 and HTTPS connection via port 6061 and 6062 from the NoSpamProxy Command Center to the Intranet Role.

Outlook Add-in

  • Outlook 2010 with Service Pack 2 or later
  • Microsoft Visual Studio 2010 Tools for Office Runtime
  • Microsoft .NET Framework 4.8
  • Access to the URL nimbus.bitdefender.net.

NOTE: Make sure that all third-party applications you use that connect to NoSpamProxy are covered by the respective manufacturer support. If this is not the case, the NoSpamProxy support team cannot provide support services.

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, before installing or upgrading the Microsoft .NET framework, make sure that the appropriate version of the framework is supported by Exchange. For an overview of supported versions, see the Exchange Server Supportability Matrix.

TIP: For further information, see Outlook Add-In – Installation and Group Policies.

Web Portal

  • Windows Server 2016 or later
  • Microsoft .NET Framework 4.8
  • Microsoft SQL Server Standard/Enterprise 2016 Service Pack 1 or later or Microsoft SQL Express 2022 (on Windows Server 2016 or newer)

NOTE: If you have installed NoSpamProxy and Microsoft Exchange on the same server, before installing or upgrading the Microsoft .NET framework, make sure that the appropriate version of the framework is supported by Exchange. For an overview of supported versions, see the Exchange Server Supportability Matrix.

If you need to update SQL Server Express to version 2022, follow the instructions under Updating Microsoft SQL Server Express.

Preparations

Depending on the planned installation environment, different preparations are necessary.

  • Open ports for the firewall If you use a firewall, the port intended for the NoSpamProxy Web Portal must be open. Usually this is port 443.
  • IIS on a Gateway Role If the IIS are installed on the same system as one of the Gateway Roles, disable SSL loopback checking. The procedure is described in the Microsoft Knowledge Base.
    • Use method 1 to set up an exception for the connection to this address.
    • Method 2 is not recommended as it would disable an essential security feature of your server.
  • Web Portal in the DMZ/on computers outside the domain If the Web Portal is installed on a computer in the DMZ or on a computer outside the domain, please deactivate the UAC Remote Restrictions. The procedure is described in the Microsoft Knowledge Base.

    NOTE: Activate the UAC Remote Rectrictions again after adding the desired role.