Creating message processing rules

Support

Support for business applications

Kaspersky Secure Mail Gateway

Using message processing rules

Message processing rule configuration scenario

Creating message processing rules

16 April 2024

ID 88114

To create a message processing rule:

In the main window of the application web interface, open the management console tree and select the Rules section.
In the upper part of the workspace, click Create.
A new message processing rule opens.
In the left pane, select the General section.
On the Main tab:
1. If you want the rule to be used, turn on the Status toggle switch.
2. In the Rule name field, type the name of the new rule.
  The name of the rule must be unique among the list of KSMG rules.
3. In the Description field, type the rule description.
4. In the Mode settings group, select one of the following message processing options corresponding to criteria of the rule:
  - Use the settings of scan modules to use the settings of Anti-Virus, Anti-Spam, and Anti-Phishing modules as well as Content Filtering settings.
    The left pane displays sections where you can configure modules used by the rule.
  - Skip without scanning to deliver messages without scanning them.
  - Reject without scanning to reject messages without scanning them with Anti-Virus, Anti-Spam, or Anti-Phishing modules, or applying Content Filtering settings.
  - Delete without notifying the sender to delete messages without scanning them with Anti-Virus, Anti-Spam, or Anti-Phishing modules, applying Content Filtering settings, or notifying the sender about non-delivery.
5. If you want to modify the priority of the rule, adjust the position of the rule in the rule table.
  By default, the rule is assigned the highest priority of all previously created rules.
On the Senders and recipients tab:
1. Under Sender, specify senders to which the rule must apply. You can specify senders on the following tabs:
  - Email
    1. On the Email tab, add email addresses to the list:
      To specify an address manually, click Add, enter an email address and click . The button is available if the text in the field matches the email address format.
      If necessary, repeat the steps for the rest of addresses.
      
      To paste addresses from the clipboard, click Import, type or paste email addresses separated by commas or new lines, then click Import.
      You can use the symbols "*" and "?" to create an address mask, and regular expressions beginning with the prefix "re:".
      
      Regular expressions are not case-sensitive.
    2. If you want to edit a previously added address, click the address in the text box, make the necessary changes in edit mode and click . If necessary, use the search bar.
    3. If you want to delete an address from the list, click to the right of the address. To clear the list, click Delete all.
      Up to 100,000 addresses can be added.
  - IP
    1. Go to the IP tab and add sender IP addresses to the list:
      To specify an IP address manually, click Add, enter an IP address and click . The button is available if the entered value matches the IP address format.
      If necessary, repeat the steps for the rest of IP addresses.
      
      To paste IP addresses from the clipboard, click Import, type or paste IP addresses separated by commas or new lines, then click Import.
      You can enter an IPv4 address (for example: 192.0.0.1), an IPv4 subnet address with a mask (for example: 192.0.0.0/16), an IPv6 address (for example: 2607:f0d0:1002:51::4), or IPv6 subnet address with a mask (for example: fc00::/7).
    2. If you want to edit a previously added IP address, click it in the list, make the necessary changes in edit mode and click . If necessary, use the search bar.
    3. If you want to delete an IP address from the personal list, click to the right of the address. To clear the list, click Delete all.
      Up to 100,000 IP addresses can be added.
  - LDAP: DN
    1. Go to the LDAP: DN tab and add LDAP accounts to the list:
      To specify an account manually, click Add, enter a value and click . When entering the value, a suggestion is displayed, listing accounts from the LDAP cache that contain the entered characters.
      The suggestion for contact accounts is displayed if the fetching of contact emails is enabled in LDAP server connection settings.
      
      If the name of the LDAP account includes a special character, use a backslash ("\") to escape the special character. Otherwise suggestion for the account is not displayed. For example, the if the name of the account is exa,mple, enter it as exa\,mple. For more information and a list of characters that must be escaped, see Microsoft documentation.
      
      If necessary, repeat the steps for the rest of LDAP accounts.
      
      To paste an LDAP account from the clipboard, click Import, type or paste accounts separated by commas or new lines, then click Import.
    2. If you want to edit a previously added account, click it in the list, make the necessary changes in edit mode and click . If necessary, use the search bar.
    3. If you want to delete an account from the list, click to the right of the LDAP account. To clear the list, click Delete all.
  To apply the rule, you must specify at least one sender.
2. Under Recipient, specify recipients to which the rule must apply. You can specify recipients on the following tabs:
  - Email
    1. On the Email tab, add email addresses to the list:
      To specify an address manually, click Add, enter an email address and click . The button is available if the text in the field matches the email address format.
      If necessary, repeat the steps for the rest of addresses.
      
      To paste addresses from the clipboard, click Import, type or paste email addresses separated by commas or new lines, then click Import.
      You can use the symbols "*" and "?" to create an address mask, and regular expressions beginning with the prefix "re:".
      
      Regular expressions are not case-sensitive.
    2. If you want to edit a previously added address, click the address in the text box, make the necessary changes in edit mode and click . If necessary, use the search bar.
    3. If you want to delete an address from the list, click to the right of the address. To clear the list, click Delete all.
      Up to 100,000 addresses can be added.
  - LDAP: DN
    1. Go to the LDAP: DN tab and add LDAP accounts to the list:
      To specify an account manually, click Add, enter a value and click . When entering the value, a suggestion is displayed, listing accounts from the LDAP cache that contain the entered characters.
      The suggestion for contact accounts is displayed if the fetching of contact emails is enabled in LDAP server connection settings.
      
      If the name of the LDAP account includes a special character, use a backslash ("\") to escape the special character. Otherwise suggestion for the account is not displayed. For example, the if the name of the account is exa,mple, enter it as exa\,mple. For more information and a list of characters that must be escaped, see Microsoft documentation.
      
      If necessary, repeat the steps for the rest of LDAP accounts.
      
      To paste an LDAP account from the clipboard, click Import, type or paste accounts separated by commas or new lines, then click Import.
    2. If you want to edit a previously added account, click it in the list, make the necessary changes in edit mode and click . If necessary, use the search bar.
    3. If you want to delete an account from the list, click to the right of the LDAP account. To clear the list, click Delete all.
  To apply the rule, you must specify at least one recipient.
If you want to send copies of the originals of all messages to specific addresses whenever a rule is triggered, on the Blind carbon copy tab, specify BCC recipients.
When sending a BCC message, KSMG replaces the sender address in the Mail From header of the SMTP envelope with the address from which the application sends messages. If the BCC delivery fails, the address replacement prevents the original sender of the message from receiving a non-delivery report, from which they could become aware that the message was forwarded or find out information about the organization's mail servers. However, the original message data remain in the MIME headers, including FROM and TO.

A blind copy of the original message is sent to the BCC addresses regardless of the applied action. So BCC messages may contain malicious objects and pose security risks

On the Blind carbon copy tab:
- To add a BCC recipient address, click Add, enter the address, and click or press ENTER.
  If necessary, repeat this step to add more addresses.
- To paste an email address from the clipboard, click Import, type or paste the email addresses separated by semicolons or new lines, then click Import.
- If you want to edit a previously added email address, click the address in the text box, make the necessary changes in edit mode and click . If necessary, use search.
- If you want to remove an address from the list, point to the address in the list and click the icon. To clear the list, click Delete all.
- If you want to copy all email addresses added to the list, click Copy all.
If not all addresses are displayed in the area, you can select the number of items you want to display in the drop-down list in the lower part of the area.
If you want to edit or remove message headers when a rule is triggered, on the Actions on headers tab, do the following:
1. If you want to remove message headers when a rule is triggered, under Delete headers, specify the headers that you want to remove.
  Modifying or deleting headers may lead to DKIM authentication failure or non-delivery of the message
  
  Headers are removed if a Skip, Delete attachment, or Disinfect action is taken on the message.
  
  You can specify headers to be removed on the following tabs:
  - Text
    To add a header, click Add, enter a header name, then click or press ENTER. If necessary, repeat this step to add more headers.
    
    To paste a header name from the clipboard, click Import, type or paste headers separated by semicolons or new lines, then click Import.
    
    If you want to edit a previously added header, click the header in the text box, make the necessary changes in edit mode and click . If necessary, use search.
    
    If you want to remove a header from the list, point to the header in the list and click the icon. To clear the list, click Delete all.
    
    The name of the header must contain only Latin letters (case-insensitive). The maximum length is 512 characters.
    
    You can copy all headers in the list to the clipboard. To do so, click Copy all.
    
    If not all headers are displayed in the area, you can select the number of items you want to display in the drop-down list in the lower part of the area.
  - Wildcard
    To add a search mask, click Add, enter your text, then click or press ENTER. If necessary, repeat this step to add more masks.
    
    To paste masks from the clipboard, click Import, type or paste search masks separated by semicolons or new lines, then click Import.
    
    If you want to edit a previously added mask, click the mask in the text box, make the necessary changes in edit mode, and click . If necessary, use search.
    
    If you want to remove a mask from the list, point to the mask in the list and click the icon. To clear the list, click Delete all.
    
    We do not recommend entering a mask longer than 1000 characters.
    
    You can copy all masks added to the list. To do so, click Copy all.
    
    If not all items are displayed in the area, you can select the number of items you want to display in the drop-down list in the lower part of the area.
  - Regexp
    To add a regular expression, click Add, enter your regular expression, then click or press ENTER.
    
    Regular expressions of the PCRE format are supported.
    
    You do not need to prefix the string with "re:".
    
    If necessary, repeat this step to add more regular expressions.
    
    To paste regular expressions from the clipboard, click Import, type or paste regular expressions separated by semicolons or new lines, then click Import.
    
    If you want to edit a previously added regular expression, click the regular expression in the text box, make the necessary changes in edit mode and click . If necessary, use search.
    
    If you want to remove a regular expression from the list, point to the regular expression in the list and click the icon. To clear the list, click Delete all.
    
    We do not recommend entering a regular expression longer than 1000 characters.
    
    You can copy all regular expressions in the list. To do so, click Copy all.
    
    If not all items are displayed in the area, you can select the number of items you want to display in the drop-down list in the lower part of the area.
2. If you want to modify the message headers when a rule is triggered, under Modify headers, specify the headers you want to modify.
  Headers are modified if a Skip, Delete attachment, or Disinfect action is taken on the message.
  
  If the header is found in the message, it is removed, and a similar header with the specified value is added to the end of the list of headers. If the header is not present in the message, it is added to the end of the list of message headers.
  
  To add headers for editing, click Add, and in the displayed window, specify the name and value of the header that you want to modify, then click OK. If necessary, repeat these steps for other headers.
  
  The name and value of the header must contain only Latin letters (case-insensitive). The maximum length is 450 characters.
You can remove headers from Modify headers. To do so, select the check boxes next to one or more headers that you want to remove, click Delete, and confirm the action.
Click Save.
If at least one list item under Sender and Recipient is specified in an unacceptable format, the rule cannot be saved. Fix all values highlighted with a red background and repeat the save operation.

The rule is created and added to the rule table in the Rules section.

For modified settings to be applied by KSMG, the rule must be enabled. By default, the new rule is disabled and not used by the application.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.