Kaspersky Secure Mail Gateway

Kaspersky Secure Mail Gateway lets you deploy a mail gateway as a cluster system, which can scale with the volume of processed traffic, and integrate it into the existing mail infrastructure of your organization. An operating system, mail server, and Kaspersky anti-virus application are preinstalled on the mail gateway.

Kaspersky Secure Mail Gateway protects incoming and outgoing email against malicious objects, spam and phishing content, and performs content filtering of email messages.

Kaspersky Secure Mail Gateway functionality includes:

• Performs Anti-Virus scanning of messages:
  • Checking messages for viruses and malware, macros (for example, Microsoft Office files containing macros), encrypted objects, archives (including recognizing types of files inside archives and compound objects).
  • Using information from Kaspersky Security Network to ensure a faster response to new threats.

    An infrastructure of cloud services that provides access to the Kaspersky online Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky applications respond faster to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

  • Integrates with Kaspersky Private Security Network (KPSN) so that organizations where Internet access is restricted by internal rules and policies can utilize Kaspersky Security Network (KSN) functionality.

    A solution that allows users of Kaspersky anti-virus applications to access Kaspersky Security Network data without sending their own information to Kaspersky Security Network servers.

  • Integrating with Kaspersky Anti Targeted Attack Platform (KATA) for detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (APT).

    Solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereinafter also referred to as "APT").

• Performs Anti-Spam scanning of messages:
  • Checking messages for spam, probable spam, mass mail (including spoofed domain recognition and IP address reputation checking).
  • Detects messages containing Unicode spoofing. If Unicode spoofing is detected, the message is considered to be spam. The program adds the unicode_spoof tag to the X-KSMG-AntiSpam-Method message header.

    A type of attack based on the falsification (spoofing) of transmitted data. Spoofing may be aimed at obtaining elevated privileges, primarily through bypassing the verification mechanism by generating a request similar to an authentic request. One variant of spoofing is to forge an HTTP header to gain access to hidden content.

    The goal of spoofing may also be to deceive a user. A classic example of such an attack is the falsification of the sender's address in emails.

  • Adds the X-MS-Exchange-Organization-SCL X-headers to messages based on the Anti-Spam scan results. This tag contains the SCL rating.

    Spam Confidence Level is a special tag used by Microsoft Exchange mail servers to measure the probability that a message contains spam. The SCL rating can range from 0 (minimum probability of spam) to 9 (the message is most likely spam). Kaspersky Secure Mail Gateway can change the SCL rating of a message depending on the message scan results.

  • Places messages into Anti-Spam Quarantine and manages the Anti-Spam Quarantine in the web interface.
• Performs Anti-Phishing scanning of messages.
• Scans messages for malicious or advertising links, as well as links related to legitimate software.
• Performs content filtering of messages:
  • By name
  • By size
  • By attachment type (Kaspersky Secure Mail Gateway can determine the actual format and type of attachments regardless of file extension).
• Lets you perform Mail Sender Authentication using SPF, DKIM, and DMARC technologies.

  Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.

  Verification of the digital signature added to messages.

  Comparison of IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.

• Configuring integration with Active Directory to obtain information about domain users.
• Obtaining information about program events:
  • Logging mail traffic processing events as well as system events that occur during the operation of the program. The log can be filtered to search for events conveniently.
  • Exporting events in the CSV format.
• Publishing program events to a SIEM system used in your organization over the Syslog protocol. Information about each program event is relayed as a separate syslog message in CEF format.

  SIEM system (Security Information and Event Management) is a solution for managing information and events in an organization's security system.

• Configuring settings and managing the program via a web interface.
  • Monitoring the status of email traffic and usage of system resources and viewing lists of the latest detected threats in the web interface of the program.
  • Delimiting user access to program functionality using a role system.
  • Configuring single sign-on authentication.
  • Creating a cluster to scale the solution (horizontally or vertically) with centralized management of all servers in the cluster using the program web interface.
  • Managing Backup:
    • Saving backup copies of messages in Backup based on scan results.
    • Saving messages from Backup to a file.
    • Forwarding messages to recipients.
    • Receiving information about users from different domains and granting users access to personal Backup.
  • Creating allowlists and denylists, which let you fine-tune the way the mail system reacts to messages from certain addresses.
  • Updating program databases from Kaspersky update servers and custom sources on schedule and on demand.
  • Configuring email notifications:
    • Notifying the sender, recipients, and other addresses about objects detected in a message.
    • Sending notifications to users about system events encountered by the program.
  • Adding email disclaimers to outgoing and incoming messages, and adding warnings about potentially unsafe messages.
  • Generating and viewing reports about the results of message processing and program events.
  • Processing email messages in accordance with rules configured for groups of senders and recipients.
  • Adding, modifying, or deleting information about domains (including local domains of the organization) and email addresses, editing Kaspersky Secure Mail Gateway settings for such domains and email addresses, configuring email routing.
  • Lets you configure MTA.

    Mail Transfer Agent is an agent that handles message sending between mail servers.

  • Adding, modifying, and deleting DKIM and TLS encryption keys.
  • Receiving program operation statistics via the SNMP protocol, and enabling or disabling forwarding of SNMP traps.

    An application event notification sent by the SNMP agent.

Kaspersky Secure Mail Gateway is distributed as an ISO image of a virtual machine for deployment in the VMware ESXi or Microsoft Hyper-V hypervisor.

Deploying of the image creates a virtual machine with a pre-installed CentOS 7.9 operating system, a mail server, and Kaspersky Secure Mail Gateway. After deploying the virtual machine, you can configure it using the Initial Configuration Wizard.