Kaspersky Secure Mail Gateway

Kaspersky Secure Mail Gateway lets you deploy a mail gateway as a cluster system, which can scale with the volume of processed traffic, and integrate it into the existing mail infrastructure of your organization. An operating system, mail server, and Kaspersky anti-virus application are pre-installed on the mail gateway.

Kaspersky Secure Mail Gateway protects incoming and outgoing email against malicious objects, spam and phishing content, and performs content filtering of email messages.

Kaspersky Secure Mail Gateway functionality includes:

• Perform Anti-Virus scanning of messages:
  • Check messages for viruses, malware, and macros (for example, Microsoft Office files containing macros), encrypted objects, archives (including recognizing types of files inside archives and compound objects).
  • Use the information from
    Kaspersky Security Network

    An infrastructure of cloud services that provides access to the Kaspersky online Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky applications respond faster to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

    to ensure a faster response to new threats.
  • Integrate with the
    Kaspersky Private Security Network

    A solution that allows users of Kaspersky anti-virus applications to access Kaspersky Security Network data without sending their own information to Kaspersky Security Network servers.

    (KPSN) so that organizations where Internet access is restricted by internal rules and policies can utilize the functionality of the Kaspersky Security Network (KSN).
  • Integrate with the
    Kaspersky Anti Targeted Attack Platform

    Solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereinafter also referred to as "APT").

    (KATA) for detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (APT).
• Perform Anti-Spam scanning of messages:
  • Check messages for spam, probable spam, mass mail (including spoofed domain recognition and IP address reputation checking).
  • Detect messages that contain Unicode
    spoofing

    A type of attack based on the falsification (spoofing) of transmitted data. Spoofing may be aimed at obtaining elevated privileges, primarily through bypassing the verification mechanism by generating a request similar to an authentic request. One variant of spoofing is to forge an HTTP header to gain access to hidden content.

    The goal of spoofing may also be to deceive a user. A classic example of such an attack is the falsification of the sender's address in emails.

    . If Unicode spoofing is detected, the message is considered to be spam. The application adds the unicode_spoof tag to the X-KSMG-AntiSpam-Method message header.
  • Add the X-MS-Exchange-Organization-SCL X-headers to messages, based on the scan results. The headers contain the
    SCL rating

    Spam Confidence Level is a special tag used by Microsoft Exchange mail servers to measure the probability that a message contains spam. The SCL rating can range from 0 (minimum probability of spam) to 9 (the message is most likely spam). Kaspersky Secure Mail Gateway can change the SCL rating of a message depending on the message scan results.

    .
  • Place messages into Anti-Spam Quarantine and manage the Anti-Spam Quarantine via the web interface.
• Perform Anti-Phishing scanning of messages.
• Scan messages for malicious or advertising links, as well as links related to legitimate software.
• Perform content filtering of messages:
  • By name
  • By size
  • By attachment type (Kaspersky Secure Mail Gateway can determine the actual format and type of attachments regardless of file extension).
• Authenticate mail senders using
  SPF

  Comparison of IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.

  ,
  DKIM

  Verification of the digital signature of messages.

  , and
  DMARC

  Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.

  technologies.
• Configure integration with Active Directory to obtain information about domain users.
• Obtain information about application events:
  • Logging mail traffic processing events and application events that occur during the operation of the application. The log can be filtered to search for events conveniently.
  • Export events in the CSV format.
• Publish application events to a
  SIEM system

  SIEM system (Security Information and Event Management) is a solution for managing information and events in an organization's security system.

  used in your organization using the syslog protocol. Information about each application event is relayed as a separate syslog message in CEF format.
• Configure and manage the application using a web interface.
  • Monitor the status of email traffic and system resources, view the lists of the latest detected threats in the web interface of the application.
  • Control user access to application features using a role-based access system.
  • Configure authentication using single sign-on (SSO) technology.
  • Create a cluster to scale the solution (horizontally or vertically) with centralized management of all servers in the cluster using the application's web interface.
  • Manage Backup:
    • Save original messages that were scanned and processed by the application in Backup.
    • Save messages from Backup to a file.
    • Forward messages to recipients.
    • Receive information about users from different domains and grant users access to personal Backup.
    • Configure the personal Backup digest delivery.
  • Create allowlists and denylists, which let you fine-tune the way the mail system reacts to messages from certain addresses.
  • Update application databases from Kaspersky update servers and custom sources via a schedule or on demand.

    Updates functionality (including providing anti-virus signature updates and codebase updates), as well as KSN functionality may not be available in the software in the U.S.

  • Configure email notifications:
    • Notify the sender, recipients, and other addresses about objects detected in a message.
    • Send notifications about application events to users.
  • Add email disclaimers to outgoing and incoming messages and add warnings about insecure message
  • Generate and view reports about the results of message processing and application events.
  • Process email messages in accordance with rules configured for groups of senders and recipients.
  • Add, modify, or delete information about domains (including local domains of the organization) and email addresses, edit Kaspersky Secure Mail Gateway settings for such domains and email addresses, and configure email routing.
  • Configure
    MTA

    Mail Transfer Agent is an agent that handles message sending between mail servers.

    .
  • Add, modify, and delete DKIM and TLS encryption keys.
  • Receive application operation statistics via the SNMP protocol, and enable or disable forwarding of
    SNMP traps

    An application event notification sent by the SNMP agent.

    .

Kaspersky Secure Mail Gateway is distributed as an ISO image of a virtual machine for deployment in the VMware ESXi or Microsoft Hyper-V hypervisor.

Deploying the image creates a virtual machine with a pre-installed CentOS 7.9 operating system, a mail server, and Kaspersky Secure Mail Gateway. After deploying the virtual machine, you can configure it using the Initial Configuration Wizard.

What's new

Kaspersky Secure Mail Gateway 2.0 MR1 provides the following improvements:

• Backup storage digest—a scheduled email summary is sent regularly, which includes information about the latest received emails placed in the user's personal Backup storage.
• Support for integration with fault tolerant КАТА using HAProxy.
• In rules, you can specify Distinguished Names of users, groups, or contacts from the LDAP cache as the message sender or recipient address.
• Idle time in administrator mode is limited to 10 minutes. One minute before this time expires, a notification is displayed letting the user know that the session will soon be ended so that the administrator can either prolong the current session or save the changes and log out of the program.
• The maximum number of entries in the personal allow and deny address lists is reduced to 500 addresses.
• The administrator can configure the default message delivery format from the shared Backup.
• The restart status of the cluster node is now displayed in the web interface of the node.
• A new check looks for duplicate data in LDAP accounts.
• New capabilities added to event viewing and settings:
  • It is now possible to configure the storage duration and size of application events in the event log.
  • It is now possible to filter application events in the event log.
  • The name of the event can be viewed in the list of application events, while its detailed information can be viewed in the event card.
• Improved the handling of large lists of email addresses and IP addresses, user and contact DN records in custom lists, rules, and settings of Backup digest. Data can be added manually, imported from the clipboard, exported to the clipboard, and searched in the list.
• Substring search in event logs has been improved.
• Encoding is taken into account when adding disclaimers and warnings to the body of the message.
• You can specify the email addresses that will receive the service messages sent by the application.

Hardware and software requirements

Hardware requirements of the virtual machine configuration for ISO image deployment

• 8 CPU cores
• 16 GB of RAM
• 200 GB of disk space

Software requirements for corporate LAN computers (to use SSO authentication for the application web interface)

• Windows 8.1
• Windows 10 (1809, 20H2, 21H2)
• Windows 11 (21H2)

Software requirements for the hypervisor for deploying the virtual machine

• VMware ESXi 6.5 Update 3
• VMware ESXi 6.7 Update 3b
• VMware ESXi 7.0 Update 2d
• Microsoft Hyper-V Server 2016 (Generation 1 only)
• Microsoft Hyper-V Server 2019
• Windows Server 2022 Standard with the Hyper-V role installed

Software requirements for configuring the integration with an LDAP server

• Windows Server 2012 R2 Standard
• Windows Server 2016 Standard
• Windows Server 2019 Standard
• Windows Server 2022 Standard

Software requirements for managing Kaspersky Secure Mail Gateway via the web interface

To run the web interface, one of the following browsers must be installed on the computer:

• Mozilla Firefox version 94
• Google Chrome version 96
• Microsoft Edge version 96

These system requirements guarantee that Kaspersky Secure Mail Gateway will have a peak throughput of 10 messages per second with an average message size of 300 KB. The actual performance of the application depends on the processor model and its clock rate. To increase throughput, you are advised to increase virtual machine resources or deploy several virtual machine images and distribute the stream of email messages among them while creating the appropriate record on the DNS server, or use network load balancing services.

Distribution kit

Kaspersky Secure Mail Gateway is included in the following comprehensive solutions for security and system administration from Kaspersky:

• Kaspersky TOTAL Security for Business.
• Kaspersky Security for Mail Servers.

To select a comprehensive solution that is most suitable for your organization, consult with specialists of a Kaspersky partner company. The contact details and addresses of partners are provided on the Kaspersky website at https://locator.kaspersky.com/b2b/.

The content of the distribution kit may differ depending on the region in which the application is distributed.

When you buy Kaspersky Secure Mail Gateway, you copy the application from the website of a partner company or the Kaspersky website. Information that is required for activating the application will be sent to you by email after your payment has been received.

About information X-headers

Based on the results of the scan, the application appends special information X-headers to the header of the message, for example:

• X-KSMG-Rule-ID – list of message processing rule IDs.
• X-KSMG-Message-Action – action taken by the application on the message, and the application module that was triggered.
• X-KSMG-AntiVirus – header for messages processed by the Anti-Virus module (contains the name and version of the application as well as the release date of Anti-Virus databases).
• X-KSMG-AntiVirus-Status – status assigned to the message by Anti-Virus based on the Anti-Virus scan results.
• X-KSMG-AntiSpam-Lua-Profiles – version of Anti-Spam databases and information about the assigned spam rating.
• X-KSMG-AntiSpam-Method – method used to identify spam.
• X-KSMG-AntiSpam-Rate – rating assigned to the message by the Anti-Spam engine.
• X-KSMG-AntiSpam-Status – status assigned to the message by the Anti-Spam engine based on the scan results.
• X-KSMG-AntiSpam-Envelope-From – message sender.
• X-KSMG-AntiSpam-Auth – status assigned to the message as a result of Mail Sender Authentication using SPF, DKIM, DMARC technologies.
• X-KSMG-AntiSpam-Version – version of the Anti-Spam module.
• X-KSMG-AntiSpam-Info – criteria which the Anti-Spam module applied to assign the status to the message.
• X-KSMG-AntiSpam-Moebius-Timestamps – information about signatures of the Moebius service.
• X-KSMG-AntiPhishing – header for messages processed by the Anti-Phishing module (contains the result of the scan).
• X-KSMG-LinksScanning – header for messages processed by the Link scanning module (contains the scan result and the release date of the Anti-Virus databases).
• X-KSMG-AntiSpam-Interceptor-Info – message scan result.

  The header can contain the following values:

  • not scanned – the Anti-Spam module is disabled.
  • timeout expired – the scan was not completed because timeout was reached.
  • scan successful – the message was scanned successfully.
  • fallback – the scan was not completed because an error was encountered.

Network accesses used

All necessary ports are already configured for the application deployed from the ISO image. Information about network accesses required by application functionality is listed in the following table.

Network accesses required by the application

Page top

Known limitations of Kaspersky Secure Mail Gateway 2.0 MR1

Content Filtering does not detect CSV and SLDM attachment types. If you need the Content Filtering module to detect these attachment types, please contact Technical Support.