- Kaspersky Secure Mail Gateway
- The Kaspersky Secure Mail Gateway interface
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the key
- About the key file
- About the activation code
- About the subscription
- About data provision
- Viewing information about the license and added keys
- Updating of license and added keys information
- Adding a key file
- Adding an activation code
- Removing a key
- Modes of Kaspersky Secure Mail Gateway operation under license
- Notifications that the license expires soon
- Purchasing a license
- Mail server protection status
- Deploying the program's virtual machine image on a VMware ESXi hypervisor
- Preparing to deploy
- Step 1. Selecting a virtual machine image
- Step 2. Viewing details of the virtual machine image
- Step 3. Reviewing the License Agreement
- Step 4. Naming the virtual machine
- Step 5. Selecting a destination storage for the virtual machine
- Step 6. Selecting a storage option for virtual machine files
- Step 7. Starting and finishing deployment of the virtual machine image
- Deploying the virtual machine image on a Microsoft Hyper-V hypervisor
- Preparing to deploy
- Step 1. Starting the Virtual Machine Creation Wizard
- Step 2. Selecting virtual machine name and location
- Step 3. Selecting virtual machine generation
- Step 4. Allocating memory for the virtual machine
- Step 5. Configuring network connection
- Step 6. Connecting a virtual hard drive
- Step 7. Selecting disk drive for virtual machine image deployment
- Step 8. Finishing the virtual machine creation
- Step 9. Starting the virtual machine
- Step 10. Connecting to the virtual machine and starting the Setup Wizard
- Step 11. Reviewing the License Agreement
- Step 12. Installing the program on the virtual machine
- Initial configuration of the program
- Preparing for initial configuration of a virtual machine on a VMware ESXi hypervisor
- Preparing for initial configuration of a virtual machine on a Microsoft Hyper-V hypervisor
- Step 1. Selecting the language for viewing End User License Agreement, Privacy Policy, Kaspersky Security Network Statement, and Supplementary Kaspersky Security Network Statement
- Step 2. Reviewing the License Agreement
- Step 3. Accepting the terms of the Privacy Policy
- Step 4. Selecting the program operating mode
- Step 5. Configuring participation in Kaspersky Security Network and submission of KSN statistics
- Step 6. Selecting the input language for working with the program
- Step 7. Setting the time zone
- Step 8. Assigning the host name (myhostname)
- Step 9. Configuring the network interface
- Step 10. Configuring network routes
- Step 11. Configuring DNS settings
- Step 12. Setting the web interface administrator password
- Step 13. Setting the virtual machine administrator password
- Step 14. Specifying email addresses of the mail server administrator
- Step 15. Configuring the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center
- Step 16. Checking the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center
- Step 17. Displaying web interface connection settings
- Starting the program's virtual machine
- Reconfiguring the virtual machine
- Getting started with the program web interface
- Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
- Direct integration using a Quick Setup Wizard
- Integration through an edge gateway (SMTP verification of recipient email addresses is enabled) with the help of a wizard
- Step1. Adding local domains (relay_domains)
- Step 2. Configuring email routing (transport_map)
- Step 3. Entering address of your Edge Gateway (relayhost)
- Step 4. Adding trusted networks and network hosts (mynetworks)
- Step 5. Completing the integration of Kaspersky Secure Mail Gateway through an edge gateway (SMTP verification of recipient email addresses is enabled)
- Integration through an edge gateway (SMTP verification of recipient email addresses is disabled) with the help of a wizard
- Step 1. Configuring email routing (transport_map)
- Step 2. Entering address of your Edge Gateway (relayhost)
- Step 3. Adding trusted networks and network hosts (mynetworks)
- Step 4. Completing the integration of Kaspersky Secure Mail Gateway through an edge gateway (SMTP verification of recipient email addresses is disabled)
- Monitoring the Kaspersky Secure Mail Gateway
- Using message processing rules
- Domains and configuration of email routing
- DKIM signature for outgoing messages
- Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway
- Configuring TLS security for incoming email messages
- Configuring TLS security for outgoing email messages
- Creating a TLS certificate
- Deleting a TLS certificate
- Preparing a self-signed TLS certificate for import
- Preparing to import a TLS certificate signed by a certification authority
- Importing the TLS certificate from file
- Backup
- Kaspersky Secure Mail Gateway message queue
- Enabling and disabling the transmission and reception of messages
- Viewing information about the message queue, KATA Quarantine, and Anti-Spam Quarantine
- Sorting messages in queue
- Filtering and searching messages by queue name
- Filtering and searching messages by message ID in queue
- Filtering and searching messages by mail sender's address
- Filtering and searching messages by message recipient's address
- Filtering and searching messages by time of message arrival in queue
- Forced delivery and deletion of messages from the queue
- Kaspersky Secure Mail Gateway operation reports
- Content of Kaspersky Secure Mail Gateway operation reports
- Viewing Kaspersky Secure Mail Gateway operation reports
- Deleting Kaspersky Secure Mail Gateway operation reports
- Enabling and disabling daily reports
- Configuring the daily report
- Enabling and disabling weekly reports
- Configuring the weekly report
- Enabling and disabling monthly reports
- Configuring the monthly report
- Generating a custom report
- Configuring general settings of Kaspersky Secure Mail Gateway
- Configuring the proxy server connection settings
- Configuring email addresses of the administrator
- Configuring HelpDesk account settings
- Changing the Administrator account password
- Configuring the settings for the event log and audit log
- Configuring program performance settings
- Configuring the appearance of scanned messages
- Configuring the template for messages when removing an attachment
- Exporting program settings
- Importing program settings
- Restarting the program
- Configuring integration with Kaspersky Security Center
- Configuring MTA settings
- SMTP verification of recipient email addresses
- Upgrading Kaspersky Secure Mail Gateway via the web interface
- Database update for Kaspersky Secure Mail Gateway
- Kaspersky Secure Mail Gateway Protection
- Participation in Kaspersky Security Network and use of Kaspersky Private Security Network
- Mail Sender Authentication
- Connecting to a DNS to perform message authentication
- Enabling and disabling SPF message authentication
- Enabling and disabling DKIM message authentication
- Enabling and disabling DMARC message authentication
- Enabling and disabling Mail Sender Authentication for a rule
- Configuring detection of TempError and PermError during message authentication
- Configuring additional DMARC message authentication settings for a rule
- Configuring additional SPF message authentication settings for a rule
- Configuring additional DKIM message authentication settings for a rule
- Configuring tags added to message subjects after SPF message authentication
- Configuring tags added to message subjects after DKIM message authentication
- Configuring tags added to message subjects after DMARC message authentication
- Configuring actions on messages during DMARC, SPF and DKIM message authentication
- Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages
- Anti-Virus protection
- About computer protection against certain legitimate applications
- About Anti-Virus scan statuses
- Enabling and disabling Anti-Virus protection of messages
- Enabling and disabling Anti-Virus scanning for a rule
- Configuring the Anti-Virus module
- Setting default values for Anti-Virus engine settings
- Configuring actions on messages during Anti-Virus scanning
- Configuring tags added to message subjects after Anti-Virus scanning
- Configuring Anti-Virus scan restrictions and exclusions
- Anti-Spam protection
- About Anti-Spam message scan status labels
- Enabling and disabling Anti-Spam protection of messages
- Enabling and disabling Anti-Spam scanning of messages for a rule
- Configuring Anti-Spam module settings
- Setting default values for Anti-Spam engine settings
- Configuring the custom DNSBL list for the Anti-Spam engine
- Configuring the custom SURBL list for the Anti-Spam engine
- Configuring Anti-Spam scan settings for a rule
- Configuring Anti-Spam scan actions on messages
- Configuring tags added to message subjects after spam scanning
- Anti-Spam Quarantine
- Anti-Phishing protection
- About Anti-Phishing message scan status labels
- Enabling and disabling Anti-Phishing protection of messages
- Enabling and disabling Anti-Phishing scanning of messages for a rule
- Configuring the Anti-Phishing module
- Setting default values for Anti-Phishing engine settings
- Configuring Anti-Phishing scan actions on messages
- Configuring tags added to message subjects after Anti-Phishing scanning
- Content filtering of messages
- About message content filtering status labels
- Enabling and disabling content filtering of messages
- Setting the maximum archive nesting level for content filtering
- Setting default values for Content Filtering settings
- Enabling and disabling content filtering of messages for a rule
- Configuring settings of message content filtering for a rule
- Configuring actions to take on messages during content filtering
- Configuring tags added to message subjects based on content filtering results
- KATA protection and integration of Kaspersky Secure Mail Gateway with Kaspersky Anti Targeted Attack Platform
- Entering integration settings for Kaspersky Secure Mail Gateway
- Confirming integration on the KATA side
- Checking the connection of Kaspersky Secure Mail Gateway to KATA
- Configuring Kaspersky Secure Mail Gateway to send messages for checking by KATA
- Enabling and disabling KATA protection
- Configuring KATA protection settings
- Setting default values for KATA protection settings
- Enabling and disabling KATA protection for a rule
- Configuring actions on messages based on KATA scan results
- Configuring tags added to message subjects based on KATA scan results
- Black and white lists of addresses
- Integration with an external directory service
- Using the program via the SNMP protocol
- Email notifications for Kaspersky Secure Mail Gateway
- Kaspersky Secure Mail Gateway's disclaimers and warnings
- Kaspersky Secure Mail Gateway event log
- System information for Technical Support
- Kaspersky Secure Mail Gateway audit log
- Viewing the audit log and events in the audit log
- Sorting events in the audit log
- Filtering and searching events by date and time
- Filtering and searching events by event type
- Filtering and searching events by subject identifier
- Filtering and searching events by event result
- Filtering and searching events by event description
- Configuring the date and time in Kaspersky Secure Mail Gateway
- Publishing program events to a SIEM system
- Extracting settings from Kaspersky Secure Mail Gateway to an XML file
- Enabling export of events in CEF format
- Configuring the publishing of application events to a SIEM system
- Content and properties of syslog messages in CEF format
- Values of fields in the body of CEF messages for classes of Settings group events
- Values of fields in the body of CEF messages for classes of Tasks group events
- Values of fields in the body of CEF messages for classes of Import / Export Settings group events
- Values of fields in the body of CEF messages for classes of Backup group events
- Values of fields in the body of CEF messages for classes of Report group events
- Values of fields in the body of CEF messages for classes of License group events
- Values of fields in the body of CEF messages for classes of Rules group events
- Values of fields in the body of CEF messages for classes of Auth group events
- Values of fields in the body of CEF messages for classes of Quarantine group events
- Values of fields in the body of CEF messages for classes of Update group events
- Values of fields in the body of CEF messages for classes of ScanLogic group events
- Values of fields in the body of CEF messages for classes of Appliance group events
- Disabling export of events in CEF format
- Applying new values to settings of Kaspersky Secure Mail Gateway
- Contacting the Technical Support Service
- Glossary
- Advanced persistent threat (APT)
- Anti-Phishing
- Anti-Spam
- Anti-Virus
- Backup
- Content filtering
- Directory service
- DKIM Mail Sender Authentication
- DMARC Mail Sender Authentication
- DNSBL
- Email notification
- Heuristic analysis
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN)
- Key file
- LDAP
- Malicious links
- Phishing
- Reputation filtering
- SNMP agent
- SNMP trap
- Spam
- SPF Mail Sender Authentication
- SURBL
- Targeted attack
- Virtual machine
- Zero-day attack
- Zero-day vulnerability
- AO Kaspersky Lab
- Information about third-party code
- Trademark notices
Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway > Preparing to import a TLS certificate signed by a certification authority
Preparing to import a TLS certificate signed by a certification authority
Preparing to import a TLS certificate signed by a certification authority
A TLS certificate signed by a certification authority (CA certificate) intended for import into Kaspersky Secure Mail Gateway must meet the following requirements:
- The certificate file must have a unique name in the list of certificates used in Kaspersky Secure Mail Gateway.
- The files of the server certificate, intermediate and root CA certificates, and the private key file must be in PEM format.
- The key length must be 1024 bits or longer.
- You must have the complete certificate chain – the path from the server certificate to the roof CA certificate.
On receiving the CA certificate, you may need to use the intermediate certificate in addition to the server certificate.
- Certificates must be specified in the certificate chain in the following order: first the server certificate followed by intermediate CA certificates.
- Intermediate certificates must not be skipped in the certificate chain.
- The certificate chain must not include any certificates unrelated to current certification.
By way of an example, below are instructions on how to prepare for import a TLS server certificate signed by a certification authority, server_cert.pem, whose private key is contained in the key.pem file. The name of the intermediate server certificate is intermediate CA. The name of the root certificate is root CA.
To prepare a TLS certificate signed by a certification authority for import into Kaspersky Secure Mail Gateway:
- In the file of the TLS certificate, remove the password (if any) for accessing the certificate. To do that, enter at the command line:
# openssl rsa -in <name of the private key file>.pem -out <name of the private key file with the password removed>.pemFor example, you can execute the following command:
# openssl rsa -in key.pem -out key-nopass.pem - Do one of the following:
- If you are certain that the clients to which the server will provide this certificate have their own copies of the root and intermediate CA certificates, combine the private key, server certificate, intermediate and root CA certificates into a single file. To do that, enter at the command line:
% cat <name of the private key file with the password removed>.pem <name of the server certificate>.pem <name of the intermediate CA certificate>.pem <name of the root CA certificate>.pem <name of the TLS certificate after the files were combined>.pemFor example, you can execute the following command:
% cat key-nopass.pem server_cert.pem intermediate_CA.pem root_CA.pem > cert.pem - If you are not sure that the clients to which the server will provide this certificate have their own copies of the root and intermediate CA certificates, combine the private key and server certificate into a single file. To do that, enter at the command line:
% cat <name of the private key file with the password removed>.pem <name of the server certificate>.pem <name of the server certificate after the files were combined>.pemFor example, you can execute the following command:
% cat key-nopass.pem server_cert.pem > cert.pem
- If you are certain that the clients to which the server will provide this certificate have their own copies of the root and intermediate CA certificates, combine the private key, server certificate, intermediate and root CA certificates into a single file. To do that, enter at the command line:
The TLS certificate signed by the certification authority (for example, cert.pem) is ready for import into Kaspersky Secure Mail Gateway.
|
See also Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway Configuring TLS security for incoming email messages Configuring TLS security for outgoing email messages |
Article ID: 95423, Last review: Jun 6, 2023