What's new

Support

Support for business applications

Kaspersky Secure Mail Gateway

About the Kaspersky Secure Mail Gateway

What's new

July 3, 2024

ID 171315

KSMG 2.1 introduces the following new functionality as compared to 8.0 MP3.

Architecture

New cluster architecture for scaling the solution (horizontally or vertically) with the capability to centrally manage all servers of the cluster through the application web interface.
The new version is provided as two distribution types:
- ISO file with a pre-installed operating system, mail server, and Kaspersky Anti-Virus application. Detailed information is provided in the help for this distribution type.
- RPM or DEB installation package. The application is installed on an operating system prepared by the administrator and integrated with the a pre-installed MTA. This distribution type of KSMG 2.1 continues and builds upon the functionality of Kaspersky Security for Linux Mail Server versions 8.0 MP3 and 10. Detailed information about this distribution type is provided in this document.

Operating system

Support for new versions of operating systems:

Protection technologies

Improved mechanism for detecting sophisticated attacks aimed at compromising corporate correspondence (such as BEC attacks and Active Directory spoofing attacks).
Added spam detection technology based on recognition of spoofed domains (look-alike).
Message processing rules now support the URL advisor module, which allows detecting malicious links, advertising links, and links relevant to legitimate software, while distinguishing them from phishing links.
Added identification of the reputation of IP addresses during scans by the Anti-Spam module.

Processing email traffic

Now you can enable or disable the addition of the X-MS-Exchange-Organization-SCL header containing the SCL rating of the message after scanning by the Anti-Spam module. By default, the header is not added.

Rules

In rules, you can specify Distinguished Names of users, groups, or contacts from the LDAP cache as the message sender or recipient address.
Encoding is taken into account when adding disclaimers and warnings to the body of the message.
The handling of large lists of email addresses and IP addresses, user and contact DN records in custom lists, rules, and settings of Backup digest have been improved. Data can be added manually, imported from the clipboard, exported to the clipboard, and searched in the list.
The following changes were implemented in the Content Filtering module:
- More message attributes can be used in mail filtering. Attributes can be combined into Content Filtering expressions using AND/OR logical connectives.
- You can specify values for filtering using text strings, masks, regular expressions, and dictionaries. Dictionaries let you reuse sets of repeated strings and file types.
- Now you can configure an action to be applied to a message in case of a Content Filtering error.
You can configure actions to be performed on message headers when a message processing rule or a Content Filtering expression is triggered, or a Content Filtering error occurs.
You can configure a BCC message to be sent to a specific address when a processing rule is triggered.

Managing the application

Role-based restriction of user access to application functionality is implemented.
Now you can create multiple local user accounts with different roles.
The inactivity timeout in privileged user mode is 10 minutes. One minute before this time expires, a notification is displayed letting the user know that the session will soon be ended so that the user can either prolong the current session or save the changes and log out of the program.
The maximum number of entries in the personal allow and deny address lists is reduced to 500 addresses.
A new check identifies duplicate data in LDAP accounts.
New information displayed in the Dashboard section, and added capability to filter information about cluster nodes and to create your own graph layouts. New widget displaying statistics of the KATA Protection module.
Managing the application on the command line is not supported.

Backup

Event log

Event log with filtering capabilities to conveniently search and export events in CSV format for further analysis. The name of the event can be viewed in the list of application events, while its detailed information can be viewed in the event card. It is now possible to configure the storage duration and size of application events in the event log.
Attempts to log into the application are recorded in the Syslog log, the application event log, and as CEF messages.
Hashes of MIME parts and message attachments can now be counted with a choice of hashing algorithm. You can view the results in the email traffic processing event card and in the Syslog log. You can disable hash calculation and data logging to CEF for MIME parts in which no threats or other objects were detected.
In the email traffic processing event log and in the Syslog log, you can view information about the scan results of each MIME part, link, and message attachment in which threats or other objects were detected.
You can configure logging of the MIME part scan results only for messages for which scan modules were triggered or for all scanned messages.
The KATA Protection module can assign a broader range of statuses to a message.

Integration

Integration with KATA for detecting and blocking objects. Support for integration with high-availability KATA using HAProxy.
Integration with Kaspersky Security Center is used only for database updates.
The after-queue integration method is not supported for integration with the Postfix mail server.
Integration with the Nginx web server is supported. The Apache web server is not supported.
The ZIP format of the KPSN configuration file is no longer supported. You can use a PKCS7 configuration file.
A broader range of data can be sent to the SIEM system.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.