About the Kaspersky Secure Mail Gateway

23 May 2024

ID 100512

The Kaspersky Secure Mail Gateway solution (hereinafter also referred to as "KSMG") protects incoming and outgoing email against malware and spam, performs Content Filtering of messages, and, when integrated with Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as "KATA"), protects email against targeted attacks intrusions on the corporate IT infrastructure.

The solution is provided as two distribution types:

  • ISO file with a pre-installed operating system, mail server, and Kaspersky Anti-Virus application. Detailed information is provided in the KSMG Help for this distribution type.
  • RPM or DEB installation package. The application is installed on an operating system prepared by the administrator and integrated with the a pre-installed MTA. This distribution type of KSMG 2.1 continues and builds upon the functionality of Kaspersky Security for Linux Mail Server versions 8.0 MP3 and 10. Detailed information about this distribution type is provided in this document.

The main features of KSMG are listed below.

Protection technologies

  • Scanning of messages by the Anti-Virus module.

    Email messages are scanned for viruses and malware, macros (for example, Microsoft Office files with macros); encrypted objects, archives.

  • Scanning of messages by the Anti-Spam module:
    • Messages are scanned for spam, probable spam, mass mail (including spoofed domain recognition and IP address reputation checking).
    • Detecting messages that contain Unicode spoofing.

      If Unicode spoofing is detected, the message is considered to be spam. The application adds the unicode_spoof tag to the X-KLMS-AntiSpam-Method message header.

    • Adding the X-MS-Exchange-Organization-SCL X-headers to messages, based on the scan results. The X-headers contain the SCL rating.
    • Placing messages into Anti-Spam Quarantine and managing the Anti-Spam Quarantine using the web interface.
  • Scanning of messages by the Anti-Phishing module.
  • Scanning messages for malicious or advertising links, as well as links related to legitimate software.
  • Content Filtering of messages:
    • by message size
    • By attachment name
    • By attachment type

      KSMG allows you to determine the true format and type of an attachment, regardless of its extension, including inside archives and compound objects.

    • By message subject
    • By message body
    • By sender
    • By recipient
    • By message copy recipient
    • By top-level headers of the MIME structure of the message
  • Authenticating mail senders using SPF, DKIM, and DMARC technologies.

Managing Backup

  • Saving originals of messages in Backup based on the results of their processing by the Anti-Virus, Anti-Spam, and Anti-Phishing modules, and based on the results of Content Filtering and scans of messages by KATA.
  • Saving messages from Backup to a file.
  • Sending messages to recipients.
  • Granting users access to their personal Backup.
  • Configuring the delivery of the personal Backup digest to users.


  • Processing email messages in accordance with rules configured for groups of senders and recipients.
  • Adding email disclaimers to outgoing and incoming messages and adding warnings about insecure messages.
  • Creating allow lists and deny lists, which let you fine-tune the way the mail system reacts to messages from certain addresses.
  • Ability to specify Microsoft Active Directory users and user groups in mail filtering rules.
  • Notifying the sender, recipients, and administrator about the detection of messages containing objects that are infected, password-protected, or cannot be scanned.
  • You can configure actions to be performed on message headers when a message processing rule or a Content Filtering expression is triggered, or a Content Filtering error occurs.
  • You can configure a BCC message to be sent to a specific address when a processing rule is triggered.

Managing the application

  • Configuring and managing the application using the web interface.
  • Updating application databases from Kaspersky update servers, Kaspersky Security Center servers, and custom resources (HTTP and HTTPS servers, local and shared folders) according to schedule and on demand.
  • Generating and viewing reports about the results of message processing and application events.
  • Controlling user access to application features using a role-based access system.
  • Placing messages into Anti-Spam Quarantine and KATA Quarantine, and managing the Anti-Spam Quarantine and KATA Quarantine in the web interface.
  • Obtaining information about users from different domains.
  • Configuring authentication using the Single Sign-On (SSO) technology.
  • Creating a cluster to scale the solution (horizontally or vertically) with centralized management of all servers in the cluster using the application's web interface.


  • Using the information from Kaspersky Security Network to ensure a faster response to new threats.
  • Integrating with the Kaspersky Private Security Network (KPSN) for organizations where Internet access is restricted by internal rules and policies.

    After integration with KPSN, KSMG can use the KSN reputation databases without sending data outside of the organization.

    If you want to purchase the Kaspersky Private Security Network application, you can contact Kaspersky partners in your region.

  • Integrating with the Kaspersky Anti Targeted Attack Platform (KATA) for detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (APT).

    After integration with KATA, KSMG can send copies of messages to KATA for scanning. Based on the results of a KATA scan, KSMG can block individual messages.

    To purchase the Kaspersky Anti-Virus Targeted Attack Platform application, you can contact the Kaspersky sales team.

  • Integration with Active Directory to obtain information about domain users.

Monitoring of application operation

  • Monitoring the status of email traffic, viewing lists of the latest detected threats in the web interface of the application.
  • Viewing the event log in the web interface of the application.
  • Receiving application statistics via the SNMP protocol; enabling or disabling SNMP traps.
  • Using the syslog protocol to publish application events to the SIEM system that your organization is using.

    Information about each application event is relayed as a separate syslog message in CEF format.

  • Generating and viewing reports about the results of email message processing.
  • Creating an archive with diagnostic information about KSMG performance that you can send to Kaspersky Technical Support.

In this Help section

What's new

About actions on objects

Distribution kit

Hardware and software requirements

About information X-headers

Limiting application traffic

Network accesses used

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.