de-DEen-GB
 
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

When you run software solutions that make use of TLS secured communication channels the applications need to have access to the certificate's private key. The private key is part of the certificate stored in the local certificate store of the computer. In most cases the software solution creates a new self-signed certificate and configures access rights appropriately.

When establishing TLS communication channels to external partners, the use of a public SSL/TLS certificate is a must have requirement.

The following step-by-step instructions describe how to assign Read permisson for the Email Security Solution Gateway NoSpamProxy. In this case the solution does not utilize a classic service account, but a so-called virtual service account. Virtual service accounts provide a much better access security when executing Windows services.

Step-by-Step Instructions

Step 1

Open the local computers certificate store using the MMC Snap-Ins.

 

Step 2

Select the certificate to use and open the context menu (right click).

SSL Certificate Conext Menu

Select Manage Private Keys to manage the private key permissions.

 

Step 3

Click Add and add the required service accounts.

In this case the virtual service accounts are part of the local computer entity. Select the local computer and not the Active Directory domain as source when searching accounts. Virtual accounts us the prefix NT Service.

Add the follow accounts to configure read access for NoSpamProxy.

NT Service\NetatworkMailGatewayIntranetRole
NT Service\NetatworkMailGatewayManagementService
NT Service\NetatworkMailGatewayGatewayRole
NT Service\NetatworkMailGatewayPrivilegedService

Add virtual service accounts

Click Check Names to verifiy the existence of the entered service accounts.

 

Step 4

When correctly resolved the accounts names are replaced by theis respective display names. Click OK to add the accounts. 

Resolved service accounts

 

Step 5

Configure read access for all added service accounts and click OK.

Configure read access

The software solution is now capable of accessing the private key of the certificate.

Link

 

 

Read More »

PowerShellDescription

This script deletes user from the NoSpamProxy NoSpamProxyAddressSynchronization database table [Usermanagement].[User] table that have not been removed by the NoSpamProxy Active Directory synchronization job.

The script was developed due to a process flaw in how Active Directory accounts are handled as part of a leaver process. So this script does not fix a software bug, but a process glitch.

Due to the Active Directory account process the accounts still exist in Active Directory and are synchronized to the NoSpamProxyAddressSynchronization database.

When executed without the -Delete parameter all identified users are wirtten the log file only.

Requirements

Examples

# EXAMPLE 1
# Check for Active Directory existance of all users stored in NoSpamProxy database. Do NOT delete any users from the database.

.\Remove-NspUsers.ps1 


# EXAMPLE 2
# Delete users from NoSpamProxy database hosted on SQL instance MYNSPSERVER\SQLEXPRESS that do NOT exist in Active Directory.

.\Remove-NspUsers.ps1 -Delete -SqlServerInstance MYNSPSERVER\SQLEXPRESS

 

Version History

  • 1.0, Initial community release

Links

Follow

 

 

Read More »
On July 11, 2016
0 Comment
1465 Views

Description

This script helps you to monitor message flow in a NoSpamProxy environment using a PRTG custom PowerShell sensor.

This custom sensor contains the following five channels:

  • In/Out Success
    Total of inbound/outbound successfully delivered messages over the last X minutes
  • Inbound Success
    Number of inbound successfully delivered messages over the last X minutes
  • Outbound Success
    Number of outbound successfully delivered messages over the last X minutes
  • Inbound PermanentlyBlocked
    Number of inbound blocked messages over the last X minutes
  • Outbound DeliveryPending
    Number of outbound messages with pending delivery over the last X minutes

The default interval is five minutes. But you might want to change the interval as needed for your environment.

These channels can easily be modified and additional channels can be added as well.

NoSpamProxy is a powerful anti-spam gateway solution providing additonal functionality like centralized S/MIME and PGP encryption for on-premises and Exchange Online deployments.

PRTG is a industry standard system monitoring solution.

Examples

The script itself does not take any additional attributes and is called by PRTG probe.

To verify your setup, you easily execute the PowerShell script. It returns a Xml result.

PS C:\Scripts> .\Get-NoSpamProxyPrtgData.ps1
<prtg>
  <result>
    <channel>In/Out Success</channel>
    <value>0</value>
    <unit>Count</unit>
  </result>
  <result>
    <channel>Inbound Success</channel>
    <value>0</value>
    <unit>Count</unit>
  </result>
  <result>
    <channel>Outbound Success</channel>
    <value>0</value>
    <unit>Count</unit>
  </result>
  <result>
    <channel>Inbound PermanentlyBlocked</channel>
    <value>0</value>
    <unit>Count</unit>
  </result>
  <result>
    <channel>Inbound DeliveryPending</channel>
    <value>0</value>
    <unit>Count</unit>
    <limitmaxwarning>10</limitmaxwarning>
    <limitmode>1</limitmode>
  </result>
</prtg>

The PRTG channel configuration

PRTG channel using a custom sensor

The following screenshot shows PRTG example graphs.

NoSpamProxy monitored using a PRTG custom sensor

Notes

The custom PowerShell script must be saved to the following location of the PRTG probe:

[INSTALLPATH]\PRTG Network Monitor\Custom Sensors\EXEXML

Ensure to have the PowerShell execution policy set correctly. Otherwise the PRTG service won't be able to execute the PowerShell script.

Ensure that the service account used by the PRTG probe has access to the script and is a member of the NoSpamProxy Monitoring Administrators security group.

Version History

  • 1.0, Initial community release

Links

Additional Credits

Additional credits go to Brian Addicks, https://github.com/brianaddicks/prtgshell

Follow

Read More »