About data provision

The program operates with the use of data whose transmission and processing requires the consent of the Kaspersky Secure Mail Gateway administrator.

You can view the list of data and the terms on which it is used as well as give consent to data processing in the following agreements between your organization and Kaspersky:

Data protection

Kaspersky protects any information received in this way as prescribed by law and applicable rules of Kaspersky. Data is transmitted over encrypted data links.

RAM of Kaspersky Secure Mail Gateway may contain any processed data of program users. The administrator of Kaspersky Secure Mail Gateway must personally ensure the security of such data.

By default, access to personal information of users can only be gained by the superuser (root) account of operating systems, the administrator account of Kaspersky Secure Mail Gateway Local administrator, as well as system accounts kluser, postfix, opendkim, and nginx, which components of the program use in the course of their operation. The program itself has no capability to restrict the permissions of administrators and other users of operating systems on which the program is installed. Access to the storage location of the data is restricted by the file system. The administrator should take steps to control access to personal information of other users by any system level measures at the administrator's own discretion.

Data is sent between cluster nodes through an encrypted channel (over HTTPS with user authorization using a security certificate). Data is sent to the web interface through an encrypted channel over HTTPS. Web interface users must complete the authentication procedure, and the Local administrator is authorized with a password.

Email delivery supports SMTPS encryption.

Managing the program using the management console of the server on which the program is installed using the superuser account lets you manage dump settings. A dump is generated whenever the program crashes and can be useful for analyzing the causes of the crash. The dump may include any data, including fragments of analyzed files. By default, dump generation in Kaspersky Secure Mail Gateway is disabled.

Access to such data can be gained from the Management Console of the server on which the program is installed, using an account with super-user privileges.

When sending diagnostic information to Kaspersky Technical Support, the Kaspersky Secure Mail Gateway administrator must take steps to ensure the security of dumps and trace files.

The administrator of Kaspersky Secure Mail Gateway is responsible for access to this information.

Scope of data that can be stored by the program

The following table contains the complete list of user data that can be stored by Kaspersky Secure Mail Gateway.

User data that can be stored in Kaspersky Secure Mail Gateway

Data type

Where data is used

Storage location

Storage duration

Access

Basic functionality of the program

  • Account names of program administrator and users.
  • Access permissions of user accounts of the program.
  • Hash of the Local administrator password.
  • User account name and password that the program uses to connect to the proxy server.
  • Keytab files for connecting to the LDAP server.
  • Names of user accounts in LDAP and other LDAP attributes.
  • Comments.

Program configuration

/var/opt/kaspersky

Indefinite.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view program settings.
  • Names of user accounts in LDAP and other LDAP attributes.
  • Email addresses of message senders and recipients.
  • IP addresses of users and mail servers.
  • Comments.

Message processing rules

/var/opt/kaspersky

Indefinite.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view message processing rules.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.

Information about LDAP attributes of users:

  • Names of user accounts in LDAP and other LDAP attributes.

Runtime statistics

/var/opt/kaspersky

Indefinite.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view reports and the Monitoring section.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Names of email attachments.
  • Message subject.

Information about LDAP attributes of users:

  • Names of user accounts in LDAP and other LDAP attributes.

Message processing event log

/var/opt/kaspersky

In accordance with settings specified by the user of the program.

By default, the storage duration is 3 days and the maximum size of the log is 1 GB.

When this limit is reached, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view the message processing event log.

/var/log/ksmg-messages

Indefinite.

When the size reaches 23 GB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.

/var/log/ksmg-important

Indefinite.

When the size reaches 500 MB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.
  • The name of the user account that initiated the event.
  • IP addresses used for downloading updates.
  • IP addresses of update sources.

System event log

/var/opt/kaspersky

In accordance with settings specified by the user of the program.

By default, 100,000 entries are stored.

When this limit is reached, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view the system event log.

/var/log/ksmg-messages

Indefinite.

When the size reaches 23 GB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.

/var/log/ksmg-important

Indefinite.

When the size reaches 500 MB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.

Data on program updates:

  • IP addresses used for downloading updates.
  • IP addresses of update sources.
  • Information about downloaded files and download speed.

Information about user accounts:

  • Names of administrator accounts and program web interface user accounts.
  • Names of user accounts in LDAP and other LDAP attributes.

Trace files

/var/log/kaspersky

Indefinite.

When the size reaches 150 MB per trace stream, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information and can also have access to data when receiving diagnostic information and logging events.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.

/var/log/kaspersky/extra

Indefinite.

When the size reaches 400 MB per trace stream, older records are deleted.

/var/log/ksmg-traces

Indefinite.

When the size reaches 23 GB per trace stream, older records are deleted.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.

Backup

/var/opt/kaspersky

Indefinite.

When the size reaches 7 GB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • The postfix and opendkim services have access to messages while they are being fetched from Backup.
  • Users of the program web interface that have permissions to view Backup.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.

Anti-Spam Quarantine

/var/opt/kaspersky

Indefinite.

When the size reaches 1 GB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view Anti-Spam Quarantine.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.
  • URLs contained in the message.

KATA Quarantine.

/var/opt/kaspersky

Indefinite.

When the size reaches 1 GB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view KATA Quarantine.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.

Temporary files

  • /tmp/ksmgtmp
  • /tmp/klms_filter

Until program restart.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The postfix and opendkim services have access to processed messages while they are being delivered.

Integration with Active Directory

  • Email address of the user.
  • User DN record.
  • CN of the user.
  • sAMAccountName.
  • UPN suffix.
  • objectSID.
  • Message processing rules.
  • Authentication using the single sign-on technology.
  • Autocompletion of user accounts when managing user roles and permissions, or when configuring message processing rules.

/var/opt/kaspersky/ksmg/ldap/cache.dbm

Indefinite.

The data is regularly updated.

When integration with Active Directory is disabled, the data is deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions for autocompletion of user accounts.

Integration with Kaspersky Anti Targeted Attack Platform (KATA)

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.
  • Names and bodies of email attachments.
  • URLs contained in the message.

Forwarding of objects to be scanned on the KATA server

Data is not saved.

Data is not saved.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.

Built-in mail server functionality

  • Certificates for establishing TLS connections.
  • Certificate private key files.
  • Private keys for DKIM signatures.
  • Email addresses of users.
  • IP addresses and domain names of mail servers.

Built-in mail server settings

/etc/postfix/

/var/opt/kaspersky/

Indefinite.

Data is deleted when the corresponding settings are removed in the program web interface.

Certificate files can be overwritten when a certificate is replaced.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • The postfix and opendkim services have access to the storage location of the information and the data when it is being processed.
  • Users of the program web interface that have permissions to view settings of the built-in mail server have access to data except private keys.

Information from email messages:

  • IP addresses of users and mail servers.
  • Email addresses of message senders and recipients.
  • Domain names of mail servers.
  • TLS encryption information.

Event log of the built-in mail server

/var/log/maillog

Indefinite.

When the size reaches 100 MB, older records are deleted.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data when receiving diagnostic information.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • The postfix and opendkim services have access to the data when logging events.
  • Users of the program web interface that have permissions to receive diagnostic information.

Information from email messages:

  • Email addresses of message senders and recipients.
  • Message subject.
  • Message body.
  • Message control headers.

Message queues of the built-in mail server

/var/spool/postfix

Indefinite.

Messages are deleted when they are delivered to recipients.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while managing message queues of the built-in mail server.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • The postfix service has access data when data is being processed.
  • Users of the program web interface that have permissions to view message queues.

Connecting over SSH:

  • IP address of the user.
  • Name of the user account.
  • SSH key fingerprint.

Connecting over the web interface:

  • IP address of the user.
  • Name of the user account.

Authorization event log

/var/log/secure

Not longer than 5 weeks.

A weekly file rotation is maintained.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data while it is being processed.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to receive diagnostic information.

SSH public keys of program administrators.

Built-in SSH server settings

/etc/ssh/authorized_keys

Indefinite.

Data is deleted when the corresponding settings are removed in the program web interface.

  • The root user has access to the storage location of the information.
  • The kluser user has access to the storage location of the information as well as the data when managing the built-in SSH server settings.
  • The nginx service has access to the data while it is transmitted between nodes or to the web interface.
  • Users of the program web interface that have permissions to view the settings of the built-in SSH server.

Scope of data transmitted to the Kaspersky Security Network service

Data is sent to KSN servers in an encrypted form. By default, data can be accessed by Kaspersky staff, the superuser (root) account of operating systems, and the kluser system account, which components of the program use in the course of their operation.

For a full enumeration of user data transmitted to the KSN service, see the following table.

The enumerated data is transmitted only if consent has been given to participate in Kaspersky Security Network.

Data transmitted to the Kaspersky Security Network service

Data type

Where data is used

Storage location

Storage duration

  • Checksums (MD5, SHA2-256) of the object being scanned
  • URL address for which reputation is being queried
  • Connection protocol ID and port number
  • Anti-Virus database ID and entry ID of the Anti-Virus databases that were used to scan the object
  • Information about the certificate of the signed file (certificate fingerprint and SHA256 checksum of the public key of the certificate)
  • ID and full version of the installed software
  • ID of the KSN service accessed by the software
  • Date and time when the object was submitted for scanning
  • ID of software component
  • ID of the scenario in which the object was submitted for scanning

Sending KSN requests

KSN servers

Indefinite.

The maximum number of stored entries is 360,000. When this limit is reached, those entries are deleted that have not been accessed for the longest time.

  • Information about the operating system installed on the computer (type, version, bitness).
  • Information about the installed program and computer (unique ID of the computer where the program is installed; unique ID of the program installation on the computer; name, localization, ID and full version of the installed program; date and time of software installation).
  • Information about scanned objects (application database ID and application database entry ID; name of the detected threat in accordance with the Kaspersky classification system; checksum (MD5, SHA256); size, name, and type of the scanned object; full path to the scanned object; date and time when the object was scanned; IP address of the user; results of file and URL scanning; metadata of scanned objects; scanned URL; Referrer header; checksum of the scanned URL; checksum and size of the packer and container of the scanned object; date and time of the last database update installation; flag indicating whether the detection is from debugging).
  • Information about scanned email messages (message ID; time when the message was received; target of the attack (name of the organization, website); weight level of the attack; value of the trust level; IP address of the sender from the SMTP session; information from message headers; IP addresses of intermediate mail transfer agents; data from the SMTP session; employed detection methods; fragment of the DKIM signature of the message; information about Mail Sender Authentication results; information about connections to the DNS server; information from the message for spam detection; size of the message in bytes; size of the attachment in bytes; checksum and type of attachment; size of the subject in bytes; name of the message encoding; information about whether the message has been in Anti-Spam Quarantine; information about HTML markup of the message; checksum and size of MIME parts).
  • Information about the operation of the Updater component (version of the Updater component; completion status of the Updater component update task; type and ID of Updater component update error if there is an error; exit code of the Update component update task; the number of times the Updater component has crashed while executing update tasks over the operation period of this component).
  • Information about errors occurring during the operation of software components (information about software components that encountered an error; error type ID; fragments of component operation reports).
  • Information about the version of the statistics packet, date and time when statistics gathering began, date and time when statistics gathering ended.
  • Information about the software usage license (license ID, ID of the partner from which the license was acquired, license serial number, date and time when the license key was added, indicator that the KSN Statement was accepted).

Sending KSN statistics

KSN servers

Before sending statistics to KSN.

After disabling the sending of KSN statistics in program settings, the data is deleted when the next attempt to send them occurs.

When the application databases are updated from Kaspersky servers, the following information is transmitted:

See also

Application licensing

About the End User License Agreement

About the license certificate

About the key

About the key file

About the activation code

About the subscription

Modes of Kaspersky Secure Mail Gateway operation under license

Adding an activation code

Adding a key file

Removing a key

Monitoring license key status

Configuring warnings about upcoming license key expiration

Purchasing a license

Page top