About the Kaspersky Secure Mail Gateway

The Kaspersky Secure Mail Gateway solution (hereinafter also referred to as "KSMG") protects incoming and outgoing email against malware and spam, performs Content Filtering of messages, and, when integrated with Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as "KATA"), protects email against targeted attacks intrusions on the corporate IT infrastructure.

The solution is provided as two distribution types:

• ISO file with a pre-installed operating system, mail server, and Kaspersky Anti-Virus application. Detailed information is provided in the KSMG Help for this distribution type.
• RPM or DEB installation package. The application is installed on an operating system prepared by the administrator and integrated with the a pre-installed MTA. This distribution type of KSMG 2.1 continues and builds upon the functionality of Kaspersky Security for Linux Mail Server versions 8.0 MP3 and 10. Detailed information about this distribution type is provided in this document.

The main features of KSMG are listed below.

Protection technologies

• Scanning of messages by the Anti-Virus module.

  KSMG component designed to detect viruses in email messages and email attachments.

  Email messages are scanned for viruses and malware, macros (for example, Microsoft Office files with macros); encrypted objects, archives.

• Scanning of messages by the Anti-Spam module:

  KSMG component designed to detect messages that are classified as spam.

  • Messages are scanned for spam, probable spam, mass mail (including spoofed domain recognition and IP address reputation checking).

    Unsolicited mass mailing of emails, most often including advertisements

  • Detecting messages that contain Unicode spoofing.

    If Unicode spoofing is detected, the message is considered to be spam. The application adds the unicode_spoof tag to the X-KLMS-AntiSpam-Method message header.

  • Adding the X-MS-Exchange-Organization-SCL X-headers to messages, based on the scan results. The X-headers contain the SCL rating.
  • Placing messages into Anti-Spam Quarantine and managing the Anti-Spam Quarantine using the web interface.
• Scanning of messages by the Anti-Phishing module.

  KSMG component designed to detect messages that are classified as phishing.

• Scanning messages for malicious or advertising links, as well as links related to legitimate software.
• Content Filtering of messages:

  KSMG component designed to scan the content of messages for matches with search templates configured by the administrator.

  • by message size
  • By attachment name
  • By attachment type

    KSMG allows you to determine the true format and type of an attachment, regardless of its extension, including inside archives and compound objects.

  • By message subject
  • By message body
  • By sender
  • By recipient
  • By message copy recipient
  • By top-level headers of the MIME structure of the message
• Authenticating mail senders using SPF, DKIM, and DMARC technologies.

  Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.

  Verification of the digital signature added to messages.

  Comparison of IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.

Managing Backup

• Saving originals of messages in Backup based on the results of their processing by the Anti-Virus, Anti-Spam, and Anti-Phishing modules, and based on the results of Content Filtering and scans of messages by KATA.
• Saving messages from Backup to a file.
• Sending messages to recipients.
• Granting users access to their personal Backup.
• Configuring the delivery of the personal Backup digest to users.

Rules

• Processing email messages in accordance with rules configured for groups of senders and recipients.
• Adding email disclaimers to outgoing and incoming messages and adding warnings about insecure messages.
• Creating allow lists and deny lists, which let you fine-tune the way the mail system reacts to messages from certain addresses.
• Ability to specify Microsoft Active Directory users and user groups in mail filtering rules.
• Notifying the sender, recipients, and administrator about the detection of messages containing objects that are infected, password-protected, or cannot be scanned.
• You can configure actions to be performed on message headers when a message processing rule or a Content Filtering expression is triggered, or a Content Filtering error occurs.
• You can configure a BCC message to be sent to a specific address when a processing rule is triggered.

Managing the application

• Configuring and managing the application using the web interface.
• Updating application databases from Kaspersky update servers, Kaspersky Security Center servers, and custom resources (HTTP and HTTPS servers, local and shared folders) according to schedule and on demand.
• Generating and viewing reports about the results of message processing and application events.
• Controlling user access to application features using a role-based access system.
• Placing messages into Anti-Spam Quarantine and KATA Quarantine, and managing the Anti-Spam Quarantine and KATA Quarantine in the web interface.
• Obtaining information about users from different domains.
• Configuring authentication using the Single Sign-On (SSO) technology.
• Creating a cluster to scale the solution (horizontally or vertically) with centralized management of all servers in the cluster using the application's web interface.

Integration

• Using the information from Kaspersky Security Network to ensure a faster response to new threats.

  An infrastructure of cloud services that provides access to the Kaspersky online Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky applications respond faster to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

• Integrating with the Kaspersky Private Security Network (KPSN) for organizations where Internet access is restricted by internal rules and policies.

  A solution that allows users of Kaspersky anti-virus applications to access Kaspersky Security Network data without sending their own information to Kaspersky Security Network servers.

  After integration with KPSN, KSMG can use the KSN reputation databases without sending data outside of the organization.

  If you want to purchase the Kaspersky Private Security Network application, you can contact Kaspersky partners in your region.

• Integrating with the Kaspersky Anti Targeted Attack Platform (KATA) for detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (APT).

  A sophisticated targeted attack against the corporate IT infrastructure that simultaneously uses different methods to infiltrate the network, hide on the network, and gain unobstructed access to confidential data.

  Attack that targets a specific person or organization. Unlike mass attacks by computer viruses designed to infect as many computers as possible, targeted attacks can be aimed at infecting the network of a specific organization or even a specific server within the corporate IT infrastructure. A dedicated Trojan program may be written to stage each targeted attack.

  After integration with KATA, KSMG can send copies of messages to KATA for scanning. Based on the results of a KATA scan, KSMG can block individual messages.

  To purchase the Kaspersky Anti-Virus Targeted Attack Platform application, you can contact the Kaspersky sales team.

• Integration with Active Directory to obtain information about domain users.

Monitoring of application operation

• Monitoring the status of email traffic, viewing lists of the latest detected threats in the web interface of the application.
• Viewing the event log in the web interface of the application.
• Receiving application statistics via the SNMP protocol; enabling or disabling SNMP traps.
• Using the syslog protocol to publish application events to the SIEM system that your organization is using.

  Information about each application event is relayed as a separate syslog message in CEF format.

• Generating and viewing reports about the results of email message processing.
• Creating an archive with diagnostic information about KSMG performance that you can send to Kaspersky Technical Support.