About data provision

The application operates with the use of data whose transmission and processing requires the consent of the Kaspersky Secure Mail Gateway administrator.

You can view the list of data and the terms on which it is used as well as give consent to data processing in the following agreements between your organization and Kaspersky:

In the End User License Agreement.
In accordance with the terms and conditions of the End User License Agreement that you have accepted, you consent to automatic real-time provision of information required for improving the security level of the mail server to Kaspersky. This information is enumerated in the End User License Agreement under "Conditions regarding Data Processing":
- Type, version, and localization of the application
- Versions of installed updates
- Activation code and unique activation ID of the current license activation code
- Computer ID and application installation ID
- Type, version, and number of bits of the operating system
- Name of the virtual environment
- IDs of application components that were active at the time of data submission
You can read the End User License Agreement when installing Kaspersky Secure Mail Gateway or in the /opt/kaspersky/ksmg-appliance-addon/share/htdocs/en_US/assets/eula directory in Technical Support Mode.
In the Privacy Policy.
In the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement.
In the course of participation in the Kaspersky Security Network and submission of KSN statistics to Kaspersky, information can be transmitted that was obtained as a result of the application operation. The list of data that is transmitted is provided in the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement. You can read these Statements in the web interface in the Settings → External services → KSN/KPSN → KSN/KPSN settings section.

Data protection

Kaspersky protects any information received in this way as prescribed by law and applicable rules of Kaspersky. Data is transmitted over encrypted data links.

RAM of Kaspersky Secure Mail Gateway may contain any data of application users that are being processed. The administrator of Kaspersky Secure Mail Gateway must personally ensure the security of such data.

By default, access to personal information of users can only be gained by the superuser (root) account of operating systems, the administrator account of Kaspersky Secure Mail Gateway Local administrator, as well as system accounts kluser, postfix, opendkim, and nginx, which components of the application use in the course of their operation. The application itself has no capability to restrict the permissions of administrators and other users of operating systems on which the application is installed. Access to the storage location of the data is restricted by the file system. The administrator should take steps to control access to personal information of other users by any system level measures at the administrator's own discretion.

The local administrator can provide SSH access to the administrator account of the operating system (root). SSH access to personal data is not restricted.

The local administrator can provide access to the web interface. Access to personal data is provided in accordance with access rights configured for the role of the account.

Data is sent between cluster nodes through an encrypted channel (over HTTPS with authorization using a security certificate). Data is sent to the web interface through an encrypted channel over HTTPS. The local administrator is authorized with a password; other users of the web interface are authorized over Kerberos or NTLM protocol.

Connection to Active Directory is performed through an encrypted channel (TLS) with Kerberos authorization.

Email delivery supports SMTPS encryption.

Managing the application using the management console of the server on which the application is installed using the superuser account lets you manage dump settings. A dump is generated whenever the application crashes and can be useful for analyzing the causes of the crash. The dump may include any data, including fragments of analyzed files. By default, dump generation in Kaspersky Secure Mail Gateway is disabled.

Access to such data can be gained from the Management Console of the server on which the application is installed, using an account with super-user privileges.

When sending diagnostic information to Kaspersky Technical Support, the Kaspersky Secure Mail Gateway administrator must take steps to ensure the security of dumps and trace files.

The administrator of Kaspersky Secure Mail Gateway is responsible for access to this information.

Scope of data that can be stored by the application

The following table contains the complete list of user data that can be stored by Kaspersky Secure Mail Gateway.

User data that can be stored in Kaspersky Secure Mail Gateway

Data type	Where data is used	Storage location	Storage duration	Access

Basic functionality of the application
Account names of application administrator and users. Access permissions of user accounts of the application. Hash of the Local administrator password. User account name and password that the application uses to connect to the proxy server. Keytab files and settings for connecting to the LDAP server. Comments.	Application configuration	/var/opt/kaspersky	Indefinite.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view application settings.
Names of user accounts and contacts in LDAP and other LDAP attributes. Email addresses of message senders and recipients. IP addresses of users and mail servers. Comments.	Message processing rules	/var/opt/kaspersky	Indefinite.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view message processing rules.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Information about LDAP attributes of users: Names of user accounts in LDAP and other LDAP attributes.	Application statistics	/var/opt/kaspersky	Indefinite.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view reports and the Monitoring section.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Names of email attachments. Message subject. Information about LDAP attributes of users: Names of user accounts and contacts in LDAP and other LDAP attributes.	Message processing event log	/var/opt/kaspersky	In accordance with settings specified by the user of the application. By default, the storage duration is 3 days and the maximum size of the log is 1 GB. When this limit is reached, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View mail traffic events permission.
		/var/log/ksmg-messages	Indefinite. When the size reaches 23 GB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View mail traffic events permission.
		/var/log/ksmg-important	Indefinite. When the size reaches 500 MB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View mail traffic events permission.
The name of the user account that initiated the event. IP addresses used for downloading updates. IP addresses of update sources.	Application event log	/var/opt/kaspersky	In accordance with settings specified by the user of the application. By default, the storage duration is 1100 days, or the maximum size of the log is 1 GB. When this limit is reached, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View program events permission.
		/var/log/ksmg-messages	Indefinite. When the size reaches 23 GB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View program events permission.
		/var/log/ksmg-important	Indefinite. When the size reaches 500 MB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have the View program events permission.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments. Data on application updates: IP addresses used for downloading updates. IP addresses of update sources. Information about downloaded files and download speed. Information about user accounts: Names of administrator accounts and application web interface user accounts. Names of user accounts in LDAP and other LDAP attributes.	Trace files	/var/log/kaspersky	Indefinite. When the size reaches 150 MB per trace stream, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to receive diagnostic information.
		/var/log/kaspersky/extra	Indefinite. When the size reaches 400 MB per trace stream, older records are deleted.
		/var/log/ksmg-traces	Indefinite. When the size reaches 23 GB per trace stream, older records are deleted.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments.	Backup	/var/opt/kaspersky	Indefinite. When the size reaches 7 GB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. The postfix and opendkim services have access to messages while they are being fetched from Backup. Users of the application web interface that have permissions to view Backup.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments.	Anti-Spam Quarantine	/var/opt/kaspersky	Indefinite. When the size reaches 1 GB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view the message queue.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments. URLs contained in the message.	KATA Quarantine.	/var/opt/kaspersky	Indefinite. When the 1 GB or 5000 message limit is reached (the values can be configured by the administrator), new messages are not placed in KATA Quarantine.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view the message queue.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments.	Temporary files	/tmp/ksmgtmp /tmp/klms_filter	Until application restart.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The postfix and opendkim services have access to processed messages while they are being delivered.
Integration with Active Directory
Email address of the user. Email address of the contact. DN record of the user. DN record of the contact. CN of the user. CN of the contact. sAMAccountName. UPN suffix. objectSID.	Message processing rules. Authentication using the single sign-on technology. Autocompletion of user accounts when managing user roles and permissions, or when configuring message processing rules.	/var/opt/kaspersky/ksmg/ldap/cache.dbm	Indefinite. The data is regularly updated. When integration with Active Directory is disabled, the data is deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view sections of the application that include an account autocompletion field.
Integration with Kaspersky Anti Targeted Attack Platform (KATA)
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Message subject. Message body. Message control headers. Names and bodies of email attachments. URLs contained in the message.	Forwarding of objects to be scanned on the KATA server	Data is not saved.	Data is not saved.	No access.
Built-in mail server functionality
Certificates for establishing TLS connections. Certificate private key files. Access to files is possible only over SSH after uploading an SSH public key using the program web interface. Private keys for DKIM signatures. Email addresses of users. IP addresses and domain names of mail servers.	Built-in mail server settings	/etc/postfix/ /var/opt/kaspersky/	Indefinite. Data is deleted when the corresponding settings are removed in the application web interface. Certificate files can be overwritten when a certificate is replaced.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. The postfix and opendkim services have access to the storage location of the information and the data when it is being processed. Users of the application web interface that have permissions to view settings of the built-in mail server have access to data except private keys.
Information from email messages: IP addresses of users and mail servers. Email addresses of message senders and recipients. Domain names of mail servers. TLS encryption information.	Event log of the built-in mail server	/var/log/maillog	Indefinite. When the size reaches 23 GB, older records are deleted.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data when receiving diagnostic information. The nginx service has access to the data while it is transmitted between nodes or to the web interface. The postfix and opendkim services have access to the data when logging events. Users of the application web interface that have permissions to receive diagnostic information.
Information from email messages: Email addresses of message senders and recipients. Message subject. Message body. Message control headers.	Message queues of the built-in mail server	/var/spool/postfix	Indefinite. Messages are deleted when they are delivered to recipients.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while managing message queues of the built-in mail server. The nginx service has access to the data while it is transmitted between nodes or to the web interface. The postfix service has access data when data is being processed. Users of the application web interface that have permissions to view message queues.
Connecting over SSH: IP address of the user. Name of the user account. SSH key fingerprint. Connecting over the web interface: IP address of the user. Name of the user account.	Authorization event log	/var/log/secure	Not longer than 5 weeks. A weekly file rotation is maintained.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data while it is being processed. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to receive diagnostic information.
Public SSH keys of application administrators.	Built-in SSH server settings	/etc/ssh/authorized_keys	Indefinite. Data is deleted when the corresponding settings are removed in the application web interface.	The root user has access to the storage location of the information. The kluser user has access to the storage location of the information as well as the data when managing the built-in SSH server settings. The nginx service has access to the data while it is transmitted between nodes or to the web interface. Users of the application web interface that have permissions to view the settings of the built-in SSH server.

Scope of data transmitted to the Kaspersky Security Network service

Data is sent to KSN servers in an encrypted form. By default, data can be accessed by Kaspersky staff, the superuser (root) account of operating systems, and the kluser system account used by application components.

For a full enumeration of user data transmitted to the KSN service, see the following table.

The enumerated data is transmitted only if consent has been given to participate in Kaspersky Security Network.

Data transmitted to the Kaspersky Security Network service

Data type	Where data is used	Storage location	Storage duration
Checksums (MD5, SHA2-256) of the object being scanned URL address for which reputation is being queried Connection protocol ID and port number Anti-Virus database ID and entry ID of the Anti-Virus databases that were used to scan the object Information about the certificate of the signed file (certificate fingerprint and SHA256 checksum of the public key of the certificate) ID and full version of the installed software ID of the KSN service accessed by the software Date and time when the object was submitted for scanning ID of software component ID of the scenario in which the object was submitted for scanning	Sending KSN requests	KSN servers	Indefinite. The maximum number of stored entries is 360,000. When this limit is reached, those entries are deleted that have not been accessed for the longest time.
Information about the operating system installed on the computer (type, version, bitness). Information about the installed application and computer (unique ID of the computer where the application is installed; unique ID of the application installation on the computer; name, localization, ID and full version of the installed application; date and time of software installation). Information about scanned objects (application database ID and application database entry ID; name of the detected threat in accordance with the Kaspersky classification system; checksum (MD5, SHA256); size, name, and type of the scanned object; full path to the scanned object; date and time when the object was scanned; IP address of the user; results of file and URL scanning; metadata of scanned objects; scanned URL; Referrer header; checksum of the scanned URL; checksum and size of the packer and container of the scanned object; date and time of the last database update installation; flag indicating whether the detection is from debugging). Information about scanned email messages (message ID; time when the message was received; target of the attack (name of the organization, website); weight level of the attack; value of the trust level; IP address of the sender from the SMTP session; information from message headers; IP addresses of intermediate mail transfer agents; data from the SMTP session; employed detection methods; fragment of the DKIM signature of the message; information about Mail Sender Authentication results; information about connections to the DNS server; information from the message for spam detection; size of the message in bytes; size of the attachment in bytes; checksum and type of attachment; size of the subject in bytes; name of the message encoding; information about whether the message has been in Anti-Spam Quarantine; information about HTML markup of the message; checksum and size of MIME parts). Information about the operation of the Updater component (version of the Updater component; completion status of the Updater component update task; type and ID of Updater component update error if there is an error; exit code of the Update component update task; the number of times the Updater component has crashed while executing update tasks over the operation period of this component). Information about errors occurring during the operation of software components (information about software components that encountered an error; error type ID; fragments of component operation reports). Information about the version of the statistics packet, date and time when statistics gathering began, date and time when statistics gathering ended. Information about the software usage license (license ID, ID of the partner from which the license was acquired, license serial number, date and time when the license key was added, indicator that the KSN Statement was accepted).	Sending KSN statistics	KSN servers	Before sending statistics to KSN. After disabling the sending of KSN statistics in application settings, the data is deleted when the next attempt to send them occurs.

Data type

Where data is used

Storage location

Storage duration

Checksums (MD5, SHA2-256) of the object being scanned
URL address for which reputation is being queried
Connection protocol ID and port number
Anti-Virus database ID and entry ID of the Anti-Virus databases that were used to scan the object
Information about the certificate of the signed file (certificate fingerprint and SHA256 checksum of the public key of the certificate)
ID and full version of the installed software
ID of the KSN service accessed by the software
Date and time when the object was submitted for scanning
ID of software component
ID of the scenario in which the object was submitted for scanning

Sending KSN requests

KSN servers

Indefinite.

The maximum number of stored entries is 360,000. When this limit is reached, those entries are deleted that have not been accessed for the longest time.

Information about the operating system installed on the computer (type, version, bitness).
Information about the installed application and computer (unique ID of the computer where the application is installed; unique ID of the application installation on the computer; name, localization, ID and full version of the installed application; date and time of software installation).
Information about scanned objects (application database ID and application database entry ID; name of the detected threat in accordance with the Kaspersky classification system; checksum (MD5, SHA256); size, name, and type of the scanned object; full path to the scanned object; date and time when the object was scanned; IP address of the user; results of file and URL scanning; metadata of scanned objects; scanned URL; Referrer header; checksum of the scanned URL; checksum and size of the packer and container of the scanned object; date and time of the last database update installation; flag indicating whether the detection is from debugging).
Information about scanned email messages (message ID; time when the message was received; target of the attack (name of the organization, website); weight level of the attack; value of the trust level; IP address of the sender from the SMTP session; information from message headers; IP addresses of intermediate mail transfer agents; data from the SMTP session; employed detection methods; fragment of the DKIM signature of the message; information about Mail Sender Authentication results; information about connections to the DNS server; information from the message for spam detection; size of the message in bytes; size of the attachment in bytes; checksum and type of attachment; size of the subject in bytes; name of the message encoding; information about whether the message has been in Anti-Spam Quarantine; information about HTML markup of the message; checksum and size of MIME parts).
Information about the operation of the Updater component (version of the Updater component; completion status of the Updater component update task; type and ID of Updater component update error if there is an error; exit code of the Update component update task; the number of times the Updater component has crashed while executing update tasks over the operation period of this component).
Information about errors occurring during the operation of software components (information about software components that encountered an error; error type ID; fragments of component operation reports).
Information about the version of the statistics packet, date and time when statistics gathering began, date and time when statistics gathering ended.
Information about the software usage license (license ID, ID of the partner from which the license was acquired, license serial number, date and time when the license key was added, indicator that the KSN Statement was accepted).

Sending KSN statistics

KSN servers

Before sending statistics to KSN.

After disabling the sending of KSN statistics in application settings, the data is deleted when the next attempt to send them occurs.

When the application databases are updated from Kaspersky servers, the following information is transmitted:

Application version and type
Unique ID of the current license key
Unique application installation ID
Update session ID