Upgrading Kaspersky Secure Mail Gateway to version 2.0 MR1

When you upgrade to version 2.0 MR1, you lose all manual changes of configuration file templates in the /opt/kaspersky/ksmg-appliance-addon/share/templates/ and /opt/kaspersky/ksmg/share/templates/core_settings directories, including changes made to implement Technical Support recommendations. You must edit the files to make these changes again after the upgrade.

This functionality is available if the user has the Edit settings permission to upgrade the program on the Control node and Edit settings and Create/edit/delete nodes permissions to upgrade the program on the Secondary node.

Upgrading Kaspersky Secure Mail Gateway to version 2.0 MR1 involves the following steps:

1. Downloading the ZIP archive with upgrade packages from the Kaspersky website and extracting the archive on your computer
2. Installing the preliminary upgrade package
3. Installing the main upgrade package

The upgrade steps must be completed on each node of the cluster.

Minimum free disk space requirements for partitions on the node:

• /tmp – 1536 MB (1.5 GB).
• /var – 4 GB.
• /var/log – 200 MB.
• / – 1 GB.

After Kaspersky Secure Mail Gateway is successfully upgraded to version 2.0 MR1, the following changes will take place on the nodes:

• The web interface of the node is upgraded, the product version is changed.
• The link to Kaspersky Secure Mail Gateway Online Help is upgraded to version 2.0 MR1.
• New program settings are added on the Control node in all localization languages.
• The previously added license key is applied.
• The number of entries in personal allow and denylists of addresses is reduced to 500 if it previously exceeded that number. Regular expressions used in addresses in personal lists will stop working.
• The /etc/nginx/conf.d/ksmg_controlapi.conf configuration file is upgraded.
• The less secure encryption algorithms of the SSH will be disabled. You may need to upgrade the information about the host key in the SSH client.
• The following data are kept:
  • Messages in Backup
  • Email traffic processing events
  • Data in the Dashboard section
  • System log files available in Technical Support Mode
  • Messages in Quarantine
  • Messages in the MTA queue
  • Web interface certificate
  • МТА certificates for TLS encryption
  • DKIM keys
  • SSH keys
  • Local administrator password
  • KATA certificates
• The following data are removed:
  • Application events
  • Database upgrades
  • LDAP cache data
  • LDAP integrations with repeating search bases
  • KSN cache data
  • SIEM integration settings

To avoid data loss, please do the following:

• Manually upgrade databases every time you install upgrade packages on a node.
• If necessary, configure the publishing of application events to the SIEM system from scratch.
• If necessary, recreate the settings of the program that require changes in Kaspersky Secure Mail Gateway configuration file templates.

  Copying configuration file templates from Kaspersky Secure Mail Gateway 2.0 is not recommended.

If necessary, you can find information about application events in system logs available in Technical Support Mode.