KSMG 2.1 introduces the following new functionality as compared to 8.0 MP3.
Architecture
New cluster architecture for scaling the solution (horizontally or vertically) with the capability to centrally manage all servers of the cluster through the application web interface.
The new version is provided as two distribution types:
ISO file with a pre-installed operating system, mail server, and Kaspersky Anti-Virus application. Detailed information is provided in the help for this distribution type.
RPM or DEB installation package. The application is installed on an operating system prepared by the administrator and integrated with the a pre-installed MTA. This distribution type of KSMG 2.1 continues and builds upon the functionality of Kaspersky Security for Linux Mail Server versions 8.0 MP3 and 10. Detailed information about this distribution type is provided in this document.
Operating system
Support for new versions of operating systems:
Rocky Linux 8.9, 9.3
Ubuntu 20.04 LTS, 22.04 LTS
Red Hat Enterprise Linux 8.9, 9.3
Protection technologies
Improved mechanism for detecting sophisticated attacks aimed at compromising corporate correspondence (such as BEC attacks and Active Directory spoofing attacks).
Added spam detection technology based on recognition of spoofed domains (look-alike).
Message processing rules now support the URL advisor module, which allows detecting malicious links, advertising links, and links relevant to legitimate software, while distinguishing them from phishing links.
Added identification of the reputation of IP addresses during scans by the Anti-Spam module.
In rules, you can specify Distinguished Names of users, groups, or contacts from the LDAP cache as the message sender or recipient address.
Encoding is taken into account when adding disclaimers and warnings to the body of the message.
The handling of large lists of email addresses and IP addresses, user and contact DN records in custom lists, rules, and settings of Backup digest have been improved. Data can be added manually, imported from the clipboard, exported to the clipboard, and searched in the list.
The following changes were implemented in the Content Filtering module:
You can specify values for filtering using text strings, masks, regular expressions, and dictionaries. Dictionaries let you reuse sets of repeated strings and file types.
Now you can configure an action to be applied to a message in case of a Content Filtering error.
The inactivity timeout in privileged user mode is 10 minutes. One minute before this time expires, a notification is displayed letting the user know that the session will soon be ended so that the user can either prolong the current session or save the changes and log out of the program.
The maximum number of entries in the personal allow and deny address lists is reduced to 500 addresses.
A new check identifies duplicate data in LDAP accounts.
Event log with filtering capabilities to conveniently search and export events in CSV format for further analysis. The name of the event can be viewed in the list of application events, while its detailed information can be viewed in the event card. It is now possible to configure the storage duration and size of application events in the event log.
In the email traffic processing event log and in the Syslog log, you can view information about the scan results of each MIME part, link, and message attachment in which threats or other objects were detected.