- About the Kaspersky Secure Mail Gateway
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the key
- About the activation code
- About the key file
- About the subscription
- About data provision
- KSMG modes based on the license
- Adding a key file
- Adding an activation code
- Removing a key
- Monitoring license key status
- Configuring warnings about upcoming license key expiration
- Purchasing a license
- Renewing a license
- Installing the application
- Preparing the application for operation
- Starting the initial configuration manually
- Step 1. Selecting the language to display the End User License Agreement and the Privacy Policy in
- Step 2. Reviewing the License Agreement
- Step 3. Viewing the Privacy Policy
- Step 4. Selecting a web server
- Step 5. Specifying node settings
- Step 6. Selecting a database management system
- Step 7. Selecting the type of integration with the mail server
- Step 8. Support of the mandatory access control mode
- Step 9. Assigning a password to access the web interface
- Starting initial configuration in automatic mode
- Configuring PostgreSQL for Astra Linux Special Edition 1.8
- Starting the initial configuration manually
- Removing the application
- Upgrading KSMG to version 2.1.1
- Upgrading from Kaspersky Security 8 for Linux Mail Server to KSMG 2.1.1
- Upgrading by installing the application on a new server
- Upgrading by installing the application on an existing server
- Steps for installing the new version of the application
- Exporting the settings of Kaspersky Security 8 for Linux Mail Server
- Data categories to be migrated
- Known limitations of KSMG 2.1.1 as compared to Kaspersky Security 8 for Linux Mail Server
- KSMG interface
- Getting started with the application
- Monitoring of application operation
- General protection settings
- About computer protection against certain legitimate applications
- Configuring the Anti-Virus module
- Configuring link scanning
- Configuring the Anti-Spam module
- Configuring the Anti-Phishing module
- Configuring Content Filtering
- Configuring external services
- Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages
- Configuring the addition of X-headers to messages
- Configuring the template for notifications when removing an attachment
- Disabling the bounce message for a delayed Reject action
- Using message processing rules
- Viewing the rule table
- Configuring rule table display
- Message processing rule configuration scenario
- Creating message processing rules
- Configuring Anti-Virus protection
- Configuring link scanning
- Configuring Anti-Spam protection
- Configuring Anti-Phishing protection
- Configuring Content Filtering
- Enabling or disabling Content Filtering in rule settings
- Configuring Content Filtering
- Creating a Content Filtering expression
- Creating a Content Filtering condition
- Enabling, disabling, or deleting expressions
- Enabling, disabling, or deleting conditions
- Configuring the final action to take on a message
- Mail Sender Authentication
- Adding a Warning about insecure message
- Adding email disclaimers
- Configuring KATA protection
- Viewing rule information
- Enabling and disabling a message processing rule
- Changing rule settings
- Deleting message processing rules
- Examples of message processing rule configuration
- Dictionaries
- Disclaimers and warnings about insecure message
- Notification settings for message scan events
- Allowlists and denylists
- Managing the cluster
- Creating a new cluster
- Viewing the cluster node table
- Configuring the display of the cluster node table
- Viewing information about a cluster node
- Adding a node to the cluster
- Modifying node settings
- Removing a node from a cluster
- Changing the role of a node in a cluster
- Deleting the cluster
- Managing the SSL certificate of the cluster node
- Creating an SSL certificate signature request file
- Converting a certificate from the DER encoding to the PEM encoding
- Extracting the certificate chain from a PKCS#7 container
- Extracting certificate and private key files from a PFX container
- Replacing the SSL certificate of a cluster node with the Nginx web server
- Replacing the SSL certificate of a cluster node with the Apache web server
- Checking data integrity
- Modifying the network settings of a cluster node
- Managing user accounts and roles
- Backup
- Configuring Backup settings
- Viewing the table of objects in Backup
- Configuring the display of the table of objects in Backup
- Filtering and finding messages in Backup
- Viewing information about a message in Backup
- Viewing a message in Backup
- Viewing the sending history of a message in Backup
- Sending messages from Backup
- Deleting a message from Backup
- Sending or deleting a group of messages in Backup
- Downloading a message from Backup
- Personal Backup
- Backup digest
- Event log
- Message queue
- Reports
- Configuring the proxy server connection settings
- Updating KSMG databases
- Updating application databases using Kaspersky Security Center
- Exporting and importing settings
- Participating in Kaspersky Security Network and using Kaspersky Private Security Network
- Integration with an external directory service
- Creating a keytab file
- Adding a LDAP server connection
- Deleting a LDAP server connection
- Modifying LDAP server connection settings
- Configuring the schedule of synchronization with the Active Directory domain controller
- Manually starting synchronization with the Active Directory domain controller
- Enhancing the security of a LDAP server connection
- KATA protection
- Integration with a single KATA server
- Integration with multiple KATA servers
- Creating a configuration file for the local balancer
- Configuring and running the local balancer on a cluster node
- Adding a KATA server
- Configuring KATA protection settings
- KATA integration dashboard
- Adding, modifying, and deleting IP addresses of KATA servers
- Disabling KATA integration
- Managing the application over SNMP
- Email notifications of the application
- Configuring notifications about application events
- Configuring notifications about message scanning modules triggering
- Configuring the general list of notification recipients
- Email notification templates
- Adding a unique message ID to the notification
- Configuring the address for messages sent by the application
- Authentication using the single sign-on technology
- Installing the application on the same server with Kaspersky Endpoint Security for Linux
- Configuring exclusions for the File Threat Protection component of Kaspersky Endpoint Security for Linux
- Configuring exclusions for Kaspersky Endpoint Security for Linux scanning tasks
- Configuring the Firewall of Kaspersky Endpoint Security for Linux
- Disabling the Network Threat Protection and Web Threat Protection components in Kaspersky Endpoint Security for Linux
- Enabling the Network Threat Protection and Web Threat Protection components in Kaspersky Endpoint Security for Linux
- Publishing application events to a SIEM system
- Syslog messages of audit events in the standard format
- Contacting Technical Support
- Appendices
- Codes of settings from the Protection section in audit event records
- Codes of rule settings in audit event records
- Codes of common rule settings
- Codes of Anti-Virus module settings
- Codes of Anti-Spam module settings
- Codes of Anti-Phishing module settings
- Codes of Link scanning module settings
- Codes of Content Filtering module settings
- Codes of Content Filtering expression settings
- Codes of Content Filtering condition settings for attachments
- Codes of settings of other Content Filtering conditions
- Codes of Mail Sender Authentication module settings
- Codes of settings in the Insecure message warning section
- Codes of settings in the Email disclaimer section
- Codes of KATA Protection module settings
- Codes of dictionary settings in audit event records
- Codes of categories and file types in audit events
- Glossary
- Advanced persistent threat (APT)
- Anti-Phishing
- Anti-Spam
- Anti-Spam Quarantine
- Anti-Virus
- Backup
- Backup digest
- BEC attack
- Certificate fingerprint
- Closed software environment
- Cluster
- Content Filtering
- Content Filtering condition
- Content Filtering dictionary
- Content Filtering expression
- Control node
- Directory service
- DKIM Mail Sender Authentication
- DMARC Mail Sender Authentication
- Email notification
- Heuristic analysis
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Security Center
- Kaspersky Security Network (KSN)
- Kerberos authentication
- Key file
- Keytab file
- LDAP
- Malicious links
- Mandatory access control
- Moebius service
- MTA
- NTLM authentication
- Personal user
- Phishing
- Privileged user
- PTR record
- Reputation filtering
- SCL rating
- Secondary node
- Sender domain alignment
- Service Principal Name (SPN)
- SIEM system
- SMTP verification
- SNMP agent
- SNMP trap
- Spam
- SPF Mail Sender Authentication
- Spoofing
- Update source
- Information about third-party code
- Trademark notices
About the Kaspersky Secure Mail Gateway > What's new
What's new
What's new
KSMG 2.1.1 delivers the following new features.
Operating system
Support for new versions of operating systems:
- Rocky Linux 8.10, 9.4
- Ubuntu 22.04 LTS, 24.04 LTS
- Red Hat Enterprise Linux 8.10, 9.4
- Debian 12 Bookworm
- RED OS 7.3, 8.
- Astra Linux Special Edition 1.7, 1.8
Protection technologies
- Mail Sender Authentication functionality has been expanded; for each SPF and DMARC authentication status, you can configure an action on the message as well as notifications based on the result of each authentication.
- Added a new Mail Sender Authentication technology, sender domain alignment.
Checking whether the message sender domains specified in the SMTP session (the value of the MAIL FROM command) and in the message (the value of the From MIME header) match.
Rules
- In the message processing rule, you can specify which sender address to use for authentication, the address from the SMTP session or from the message.
- The functionality Content Filtering condition functionality has been expanded with the new MIME part size attribute and additional criteria for the Message size attribute.
- The notification functionality has been expanded. You can create separate templates and configure notifications for message scanning events for each KSMG verification module.
- The Rules section of the web interface has a new look and feel.
Managing the application
- Now you can disable bounce messages for messages rejected after the end of the SMTP session.
- The application settings file can now be encrypted when exporting settings.
- You can add separate text for messages with incorrect or unspecified encoding to a disclaimer template or warning about insecure message.
- Now you can create a template of the notification file that is added to a message if KSMG has removed an attachment from this message based on the result of the scan.
Backup
- Now you can add or remove Active Directory users and groups from the Backup digest mailing list.
- The administrator can allow personal users to view information about messages of group mailboxes placed in Backup if the user has access to the relevant group mailbox. To do this, the administrator must specify a group of Active Directory users, which have full access to the group mailbox, in the value of an Active Directory attribute, and then specify that attribute in the LDAP server connection settings in KSMG.
- For a message in Backup, you can download a JSON file with headers added by the Anti-Spam module.
Event log
- The Audit Log has been added to help investigate security incidents. The log records events related to authentication, actions performed on messages in global Backup, modification of rules, dictionaries, and general protection settings. Audit events are written to the Audit Log in the web interface, as syslog messages in standard format or in CEF format.
- Information about the rule ID or dictionary ID for convenience when comparing Audit Log records is now added to rules and dictionaries.
Article ID: 171315, Last review: Apr 9, 2025