Configuring integration with a mail server via SMTP

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

To configure integration with a mail server over SMTP:

Select the Sensor servers section in the window of the application web interface.
Click the card of the relevant Sensor component.
This opens a window with information about the component.
Click Edit.
Go to the SMTP integration tab.
If you want to enable integration with a mail server via SMTP, set the Enable SMTP integration toggle switch to Enabled.
In the Destination domains field, specify the name of the mail domain or subdomain. The application will scan email messages sent to mailboxes of the specified domains.
To disable a domain or subdomain, enclose it in the !domain.tld form.

If you leave the mail domain name blank, the application will receive messages sent to any email address.
In the Clients field, specify the IP addresses of hosts and/or masks of subnets (in CIDR notation) with which the application is allowed to interact over the SMTP protocol.
To disable a host or subnet, enclose the address in the !host form.

If you leave this field blank, the application will receive the following messages:
- From any email addresses if you specified email domains in the Destination domains field.
- From a mail server in the same subnet as the Sensor server component if no domain is indicated in the Destination domains field.
If you want to set the maximum allowed size of incoming messages, set the Set message size toggle switch to Enabled.
In the Unit of measure field, select a unit of measure.
In the Space field, enter the maximum allowed size of a file.
If you want to configure TLS encryption of SMTP connections to the mail server, under Client TLS security level, select one of the following options:
- No TLS encryption.
  The application will not employ TLS encryption of connections with a mail server.
- Allow TLS encryption for incoming messages.
  The application will support TLS encryption of the connection, but encryption will not be mandatory.
- Require TLS encryption for incoming messages.
  The application will receive messages only over encrypted channels.
Click the Download TLS certificate button to save the TLS certificate of the server with the Sensor component on the computer in the browser's downloads folder.
This certificate is required for authentication on the mail server.
In the Requesting client TLS certificate settings group, select one of the following options:
- Do not request.
  The application will not verify the TLS certificate of the mail server.
- Request.
  The application will request a TLS certificate from the mail server, if one is available.
- Require.
  The application will receive messages only from those mail servers that have a TLS certificate.
Click Save.

Integration with a mail server via SMTP will be configured. The application will scan email messages received over the SMTP protocol according to the defined settings.

If you have deployed the Central Node and Sensor components as a cluster, you can configure high availability integration with the mail server.

To configure high availability integration with the mail server:

Configure Round Robin on the DNS server for the domain name corresponding to the Central Node cluster.
Specify this domain name in the mail server settings.

Integration with the mail server will be configured based on the domain name. The mail server will communicate with a random server in the cluster. If this server fails, the mail server will communicate with another healthy server in the cluster.

For version 7.0 of the application in a cluster configuration, when integrated with a mail server, an error may occur when sending an email message: "451 4.3.0 Error: queue file write error".

To resolve the error:

Enter the management console of any cluster server over SSH or using a terminal.
When the system prompts you, enter the administrator user name and the password that was specified during installation of the component.
The application component administrator menu is displayed.
In the application administrator menu, select Technical Support Mode.
Press ENTER.
This opens the Technical Support Mode confirmation window.
Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press ENTER.
Run the following command:
for addr in <IP addresses of cluster servers (separated by spaces)>; do nc -zv $addr 10025; done

The list of servers is displayed on the console.
In the web interface of the application, at step 7 of the instructions above, specify the IP address of the server for which the localhost [127.0.0.1] 10025 (?) open string is displayed on the console.

The error is resolved.

If you do not get a localhost [127.0.0.1] 10025 (?) open string for any of the cluster servers, please contact Technical Support.

When installing the Central Node component of version 7.0.3 on the server, Kaspersky Anti Targeted Attack Platform may refuse email messages received via SMTP. The sender may get a "Connection refused" error.

To remove the limitation:

Log in to the management console of the relevant Central Node server over SSH or through a terminal.
When the system prompts you, enter the administrator user name and the password that was specified during installation of the component.
The application component administrator menu is displayed.
In the application administrator menu, select Technical Support Mode.
Press ENTER.
This opens the Technical Support Mode confirmation window.
Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press ENTER.
Run the following command:
sudo -i
Run the following commands:
1. docker exec $(docker ps -q -f name=preprocessor_span) supervisorctl restart preprocessor
2. docker exec $(docker ps -q -f name=preprocessor_smtp) supervisorctl restart preprocessor

The limitation is removed.

Page top