Known limitations of KSMG 2.1

The following limitations of version 2.1 as compared to Kaspersky Security 8 for Linux Mail Server are known, which you must take into account before starting the migration:

• Minimum hardware requirements are higher.

  Minimum requirements: 8 CPU cores, 16 GB of RAM, 200 GB of free disk space.

• Fewer operating systems are supported.

  Only the following operating systems are supported:

  • Rocky Linux version 8.9 or 9.3
  • Ubuntu version 20.04 LTS or 22.04 LTS
  • Red Hat Enterprise Linux version 8.9 or 9.3
• Fewer MTAs and integration methods are supported.

  Integration with the following mail servers is supported:

  • Postfix: milter, before-queue integration methods.
  • Exim: before-queue integration method using a dynamic link library.

  The after-queue method is not supported.

• The application cannot be managed on the command line.

  You must use the web interface to manage the application. You can only use the ksmg-control utility to view the current settings, but not to edit them.

• Kaspersky Security Center integration functionality is limited.

  Only database updates from the repository are supported; adding a license key and monitoring are not supported, a plug-in for managing the application is not provided. You cannot change the name of the cluster.

  To add license data and monitor the application, you must use the application web interface.

• Adding a reserve license key is not supported.

  To replace an invalid license key, you must delete the current license key, then add a new license key.

• Keeping the Backup database on an external server is not supported.

  The Backup database must be located on the same server as the application.

• Storing Backup objects in a local or shared folder is not supported.

  Objects in Backup are stored in a database instead of a file system.

• Integration with directory services other than Microsoft Active Directory is not supported.

  Directory services that use a schema other than Microsoft Active Directory (such as OpenLDAP) are not supported. You must use Kerberos authentication with keytab files.

• The LDAPS protocol and STARTTLS mechanism for directory service integration are not supported.

  Integration with the directory service requires LDAP connectivity (port 389). The SASL mechanism is used to encrypt the transmitted data.

• You cannot specify the server address and port directly when connecting to the directory service over LDAP.

  The application obtains the server addresses and port numbers for connecting to the directory service over LDAP from the corresponding SRV records on the DNS server.

• Specifying custom SURBL and DNSBL lists in the Anti-Spam module is not supported.

  To filter by SURBL and DNSBL lists, you can use the built-in functionality of the Exim mail server.

• You cannot configure a template for a notification about the delivery of a message from Backup as an attachment, replacement text for a deleted attachment, or an undelivered message report template.

  The application uses predefined templates in English, which cannot be edited.

• No email notifications about reaching the Backup free space threshold, or about license expiration.

  You can monitor the free space in Backup and the license term over SNMP.

• Messages with internationalized addresses cannot be correctly processed.
• When you change the time zone in the settings of the operating system, you must restart all cluster nodes, otherwise the change will not be applied.