Beruflich Dokumente
Kultur Dokumente
Deployment Guide
Application version: 1.0.0.557
Dear User,
Thank you for choosing our product. We hope that this document will help you in your work and will
provide answers regarding this software product.
Attention! This document is the property of AO Kaspersky Lab (herein also referred to as
Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian
Federation and by international treaties. Illegal reproduction and distribution of this document or
parts hereof incur civil, administrative, or criminal liability under applicable law.
Any type of reproduction or distribution of any materials, including translations, is allowed only with
the written permission of Kaspersky Lab.
This document, and graphic images related to it, may only be used for informational, non-
commercial, and personal purposes.
Kaspersky Lab reserves the right to amend this document without additional notification. You can
find the latest version of this document on the Kaspersky Lab website, at
http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials
used in this document to which rights are held by third parties, or for any potential damages
associated with the use of such documents.
http://www.kaspersky.com
http://support.kaspersky.com
Table of Contents
About this Guide ..............................................................................................................7
In this Guide ................................................................................................................7
Document conventions ................................................................................................9
Deploying the Kaspersky Secure Mail Gateway virtual machine image ........................ 20
Preparing to deploy ................................................................................................... 20
Step 1. Selecting a virtual machine image ................................................................. 21
Step 2. Viewing details of the virtual machine image ................................................. 23
Step 3. Reviewing the License Agreement ................................................................ 24
Step 4. Naming the virtual machine ........................................................................... 25
Step 5. Selecting a destination storage for the virtual machine ................................. 26
Step 6. Selecting a storage option for virtual machine files ....................................... 27
Step 7. Starting and finishing deployment of the virtual machine image .................... 29
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure ....... 76
Direct integration ....................................................................................................... 77
Step 1. Adding local domains (relay_domains) ..................................................... 78
Step 2. Configuring email routing (transport_map) ................................................ 79
Step 3. Adding trusted networks and network hosts (mynetworks) ....................... 80
Step 4. Completing direct integration of Kaspersky Secure Mail Gateway ............ 82
Table of Contents
4
Integration through an edge gateway (SMTP verification of recipient email
addresses is enabled)................................................................................................ 82
Step 1. Adding local domains (relay_domains) ..................................................... 83
Step 2. Configuring email routing (transport_map) ................................................ 84
Step 3. Entering address of your Edge Gateway (relayhost) ................................. 86
Step 4. Adding trusted networks and network hosts (mynetworks) ....................... 87
Step 5. Finishing integration through an edge gateway (SMTP verification is
enabled) ................................................................................................................ 88
Integration through an edge gateway (SMTP verification of recipient email
addresses is disabled) ............................................................................................... 89
Step 1. Configuring email routing (transport_map) ................................................ 90
Step 2. Entering address of your Edge Gateway (relayhost) ................................. 92
Step 3. Adding trusted networks and network hosts (mynetworks) ....................... 93
Step 4. Finishing integration through an edge gateway (SMTP verification is
disabled) ................................................................................................................ 94
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu . 96
Running Kaspersky Secure Mail Gateway in Technical Support Mode ..................... 97
Checking the connection of Kaspersky Secure Mail Gateway to Kaspersky
Security Center .......................................................................................................... 99
Upgrading Kaspersky Secure Mail Gateway via the web interface .............................. 102
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail
Gateway....................................................................................................................... 104
Preparing to add the DKIM signature to outgoing messages................................... 104
Preparing to configure SPF and DMARC message authentication for outgoing
messages ................................................................................................................ 107
Preparing to configure TLS encryption of the connection ........................................ 109
Preparing a self-signed TLS certificate for import ................................................ 110
Preparing to import a TLS certificate signed by a certification authority .............. 111
Preparing to upgrade Kaspersky Secure Mail Gateway via the web interface......... 113
Table of Contents
5
Glossary....................................................................................................................... 120
Table of Contents
6
About this Guide
This document is the administrator's guide to deploying and configuring a Kaspersky Secure Mail
Gateway virtual machine (hereinafter referred to as "the virtual machine").
Provide readily available information on issues related to the operation of the virtual
machine.
Describe additional sources of information about the application and ways of receiving
technical support.
In this section
In this Guide ................................................................................................................................ 7
In this Guide
This document includes the following sections:
This section describes sources of information about the application and lists websites that you can
use to discuss application use.
This section describes the purpose and key features of Kaspersky Secure Mail Gateway. This
section specifies the hardware and software requirements for the hypervisor on which a virtual
machine is to be deployed and for web browsers for accessing the web interface, and also
describes the distribution kit.
Deploying the Kaspersky Secure Mail Gateway virtual machine image (see page 20)
Starting the Kaspersky Secure Mail Gateway virtual machine (see page 74)
This section describes how you can start the Kaspersky Secure Mail Gateway virtual machine.
Connecting to the Kaspersky Secure Mail Gateway web interface (see page 75)
This section describes ways to connect to the web interface of Kaspersky Secure Mail Gateway
(hereinafter referred to as the "web interface").
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure (see
page 76)
This section describes the procedure for integrating Kaspersky Secure Mail Gateway into the
corporate mail infrastructure.
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu (see
page 96)
This section describes how you can manage the settings of Kaspersky Secure Mail Gateway from
the administrator's menu.
Upgrading Kaspersky Secure Mail Gateway via the web interface (see page 102)
This section describes how you can upgrade Kaspersky Secure Mail Gateway via the web interface.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
(see page 104)
This section describes how you can prepare to perform certain tasks in the web interface of
Kaspersky Secure Mail Gateway.
This section contains information about the Kaspersky Secure Mail Gateway trace log.
8
Contacting the Technical Support (see page 117)
This section contains information about technical support and ways to receive it.
Glossary
This section contains a list of terms mentioned in the document and their definitions.
This section provides information about the third-party code used in the application.
This section lists trademarks of third-party manufacturers that are used in the document.
Index
This section allows you to quickly find the required information within the document.
Document conventions
This document uses the following conventions (see table below).
Note that... Warnings are highlighted in red and boxed. Warnings show
information about actions that may have unwanted consequences.
9
Sample text Description of document convention
Press ENTER. Names of keyboard keys appear in bold and are capitalized.
Press ALT+F4. Names of keys that are connected by a + (plus) sign indicate
the use of a key combination. These keys have to be pressed
simultaneously.
Click the Enable button. Names of application interface elements, such as entry fields,
menu items, and buttons, are set off in bold.
In the command line, type The following types of text content are set off with a special
help. font:
10
Sources of information about the
application
You can select the most suitable information source, depending on the issue's level of importance
and urgency.
In this section
Sources of information for independent research ...................................................................... 11
Documentation.
If you cannot find a solution for your issue, we recommend contacting Kaspersky Lab
Technical Support (see the section "Contacting Technical Support" on page 117).
Help provides information on integrating Kaspersky Secure Mail Gateway into your corporate mail
infrastructure, configuring the settings of Kaspersky Secure Mail Gateway, managing protection,
and performing typical user tasks using the web interface.
Documentation
The distribution kit of Kaspersky Secure Mail Gateway includes this Kaspersky Secure Mail
Gateway Deployment Guide that will help you deploy the image of a Kaspersky Secure Mail
Gateway virtual machine and perform initial configuration of the application.
In this forum you can view existing topics, leave your comments, create new topics.
12
Kaspersky Secure Mail Gateway
This section describes the purpose and key features of Kaspersky Secure Mail Gateway. This
section specifies the hardware and software requirements for the hypervisor on which a virtual
machine is to be deployed and for web browsers for accessing the web interface, and also
describes the distribution kit.
In this section
About Kaspersky Secure Mail Gateway .................................................................................... 13
Kaspersky Secure Mail Gateway protects incoming and outgoing email against malware and spam
and performs content filtering of messages.
Scans incoming and outgoing email for spam, phishing, and malware. To respond to new
threats promptly, Kaspersky Secure Mail Gateway protection components can use
information from Kaspersky Security Network.
Processes mail in accordance with the rules defined for groups of senders and recipients.
Performs content filtering of messages by the name, type and size of attachment
(Kaspersky Secure Mail Gateway can determine the actual format and type of attachment
regardless of its extension).
Lets you use mail filtering rules to specify users and user groups from Microsoft Active
Directory and generic LDAP to enable message routing for certain email accounts and
user groups.
Notifies the sender, recipients, and administrator about messages containing objects that
are infected, suspicious, password-protected, or cannot be scanned.
Updates Anti-Virus, Anti-Spam, and Anti-Phishing databases from Kaspersky Lab update
servers or custom resources (http and ftp servers) according to schedule or on demand.
Receives application runtime statistics via the SNMP protocol and lets you configure the
application to send SNMP traps when certain events occur.
Lets you configure the settings and manage the application via a web interface.
Lets you verify the authenticity of senders using SPF, DKIM, and DMARC technologies.
Retrieves user information from various domains and grants users access to a personal
Backup storage.
Lets you add, edit or delete information about domains (including local domains) and email
addresses, configure Kaspersky Secure Mail Gateway settings for these domains and
email addresses and configure email routing.
14
Lets you configure TLS security modes for situations when Kaspersky Secure Mail
Gateway receives messages from another server (acts in the Server role) or sends
messages to another server (acts in the Client role), as well as configure TLS settings for
individual domains.
Lets you monitor the status of email traffic and usage of system resources and view lists of
the latest detected threats in the web interface of the application.
Lets you monitor the program operating capacity via Kaspersky Security Center.
Lets you view the application event Log and download it to the hard drive.
Lets you upgrade the system via the web interface of Kaspersky Secure Mail Gateway.
Lets you quickly configure the MTA using the Quick MTA Setup Wizard.
Lets you add, change and delete TLS and DKIM encryption keys.
Lets you generate and view reports on the email message processing rules.
Kaspersky Secure Mail Gateway is distributed in the virtual machine template format OVA (Open
Virtual Appliance).
Deployment of the template creates a virtual machine with a preinstalled CentOS 6.7 operating
system, a mail server, and Kaspersky Security for Linux Mail Server application (hereinafter also
referred to as "Kaspersky Security"). After deploying the virtual machine, you can configure it using
the Initial Configuration Wizard.
An image of the Kaspersky Secure Mail Gateway virtual machine can be deployed on the following
hypervisors:
15
Hardware requirements for deploying the Kaspersky Secure Mail Gateway virtual machine
image
To support deployment of the Kaspersky Secure Mail Gateway image, the resources allocated for
the virtual machine must meet the following requirements:
At least 4 GB of RAM
Software requirements for managing Kaspersky Secure Mail Gateway via the web interface
To run the web interface, one of the following web browsers must be installed on the computer:
See also
About Kaspersky Secure Mail Gateway .................................................................................... 13
Distribution kit
The application is available from online stores of Kaspersky Lab (for example,
http://www.kaspersky.com, in the eStore section) and from partner companies.
The content of the distribution kit may differ depending on the region in which the application is
distributed.
16
If Kaspersky Secure Mail Gateway is purchased through an online store, the application is copied
from the store's website. Information that is required for activating the application will be sent to
you by email after your payment has been received.
You can view the list of data and the terms on which it is used as well as give consent to data
processing in the following agreements between your organization and Kaspersky Lab:
In the End User License Agreement (for example, when installing Kaspersky Secure Mail
Gateway or upgrading the system in the Settings section, System Upgrade subsection of
the main window of the Kaspersky Secure Mail Gateway web interface).
According to the terms of the End User License Agreement that you have accepted, you
consent to the automatic transmission to Kaspersky Lab of the information enumerated in
the License Agreement under "Data Submission". This information is needed to improve the
level of mail server security.
Kaspersky Lab protects any information received in this way as prescribed by law and applicable
rules of Kaspersky Lab.
Kaspersky Lab uses any received information in anonymized form and as general statistics
only. General statistics are automatically generated using original collected information and do
not contain any private data or other confidential information. The original information received
is destroyed as new information is accumulated (once a year). General statistics are stored
indefinitely.
17
User data may be present in the following Kaspersky Secure Mail Gateway components:
Message queue (file names, email addresses of message senders and recipients, message
texts).
Backup (file names, email addresses of message senders and recipients, message texts).
Kaspersky Secure Mail Gateway operation reports (file names, email addresses of
message senders and recipients).
Kaspersky Secure Mail Gateway event log (email addresses of message senders and
recipients, names of attachment files, IP addresses of computers of message senders).
Trace files (files names, paths to files, proxy server names, user account data, IP
addresses of computers that connect to Kaspersky Secure Mail Gateway database update
sources, names and IP addresses of update sources, information about files downloaded
and the download speed).
Files storing settings of the connection to the LDAP server and proxy server (data of LDAP
server and proxy server user accounts).
When Kaspersky Secure Mail Gateway connects to DNS, SURBL, and DNSBL servers, Kaspersky
Secure Mail Gateway uses IP addresses and FQDN names of domains that contact these servers.
Managing Kaspersky Secure Mail Gateway via the administration console of Kaspersky Secure
Mail Gateway in Technical Support Mode with super-user account privileges lets you manage
dump settings. A dump is generated during application crashes and may be needed to analyze the
causes of the crash. The dump may include any data, including fragments of messages and files
analyzed.
Data of the email message queue currently being processed by Kaspersky Secure Mail
Gateway as well as data of LDAP server and proxy server user accounts are stored in
Kaspersky Secure Mail Gateway in unencrypted form.
18
Such data can be accessed from the Kaspersky Secure Mail Gateway Administration Console
in Technical Support Mode with super-user account privileges.
The administrator of Kaspersky Secure Mail Gateway must personally ensure the security of
such data.
The administrator of Kaspersky Secure Mail Gateway is responsible for access to this
information.
Data about events and processes of Kaspersky Secure Mail Gateway is logged and stored in the
following Kaspersky Secure Mail Gateway logs:
Event log
Trace log
19
Deploying the Kaspersky Secure
Mail Gateway virtual machine image
This section provides step-by-step instructions for deploying the image of the Kaspersky Secure
Mail Gateway virtual machine on a VMware ESXi host.
In this section
Preparing to deploy ................................................................................................................... 20
Step 7. Starting and finishing deployment of the virtual machine image .................................... 29
Preparing to deploy
Before deploying the image of the Kaspersky Secure Mail Gateway virtual machine, verify that the
VMware ESXi version and hardware resources allocated for the virtual machine meet the software
and hardware requirements (see section "Hardware requirements" on page 15).
Step 1. Selecting a virtual machine
image
The Kaspersky Secure Mail Gateway virtual machine image is distributed in an OVF package.
2. In the File menu, select Deploy OVF Template (see figure below).
21
The Deploy OVF Template window opens (see figure below).
3. In the Deploy OVF Template window, select a file with the OVA extension, which contains
the image of the Kaspersky Secure Mail Gateway virtual machine.
4. Click Next.
22
Step 2. Viewing details of the virtual
machine image
To view the details of the Kaspersky Secure Mail Gateway virtual machine image:
1. View the details of the virtual machine image selected at the previous step (see figure below).
2. Click Next.
23
Step 3. Reviewing the License
Agreement
To continue the deployment process, you have to accept the terms of the End User License
Agreement. Deployment will not continue if the terms of the End User License Agreement are not
accepted.
2. Click Next.
24
Step 4. Naming the virtual machine
To name the Kaspersky Secure Mail Gateway virtual machine image:
1. Type the name of the virtual machine in the Name field (see figure below).
The name must be unique among the names of all existing virtual machines.
2. Click Next.
25
Step 5. Selecting a destination storage
for the virtual machine
To select a destination storage of the VMware ESXi host to store files of the
Kaspersky Secure Mail Gateway virtual machine:
1. Select a destination storage in the list (see figure below).
Figure 6. Selecting a destination storage for the Kaspersky Secure Mail Gateway virtual machine
2. Click Next.
26
Step 6. Selecting a storage option for
virtual machine files
To select a storage option for files of the Kaspersky Secure Mail Gateway virtual
machine in the destination storage of the VMware ESXi host:
Thick Provision Lazy Zeroed. The specified disk space is immediately reserved for
virtual machine files. Data blocks inside the allocated space are overwritten with virtual
machine data as they are accessed.
Thick Provision Eager Zeroed. The specified disk space is immediately reserved for
virtual machine files. Data blocks of the disk space are cleared immediately.
Thin Provision. The minimum required disk space is reserved for virtual machine files.
This disk space can be increased if necessary.
27
We recommend using one of the Thick Provision options.
2. Click Next.
28
Step 7. Starting and finishing
deployment of the virtual machine
image
To start deploying a virtual machine image and verify that deployment has finished
correctly:
1. Verify that the virtual machine settings configured at previous steps are correct (see figure
below).
29
2. Select the Power on after deployment check box if you want the virtual machine to start
automatically after deployment.
The virtual machine image deployment process starts (see figure below).
4. Select the Close this dialog when completed check box if you want the virtual machine
image deployment progress window to close automatically as soon as deployment finishes.
After deploying the virtual machine image, perform initial configuration of the virtual
machine (see page. 31).
30
Initial configuration of Kaspersky
Secure Mail Gateway
Perform initial configuration of the Kaspersky Secure Mail Gateway virtual machine image after
deploying it.
Initial configuration of the virtual machine is a sequence of steps. The Initial Configuration Wizard
of Kaspersky Secure Mail Gateway is started automatically when the virtual machine is powered
on for the first time.
In this section
Preparing for initial configuration ............................................................................................... 32
Step 1. Selecting the End User License Agreement language .................................................. 33
Step 2. Reviewing the License Agreement ................................................................................ 34
Step 3. Selecting the mode of operation of Kaspersky Secure Mail Gateway ............................ 35
Step 4. Configuring participation in Kaspersky Security Network ............................................... 37
Step 5. Selecting the input language for Kaspersky Secure Mail Gateway ................................ 39
Step 6. Setting the time zone .................................................................................................... 40
Step 7. Assigning the host name (myhostname) ....................................................................... 41
Step 8. Configuring the network interface .................................................................................. 42
Step 9. Configuring network routes ........................................................................................... 47
Step 10. Configuring DNS settings ............................................................................................ 58
Step 11. Setting the web interface administrator password ....................................................... 62
Step 12. Setting the administrator password for using the console ............................................ 64
Step 13. Specifying email addresses of the mail server administrator ....................................... 65
Step 14. Configuring the connection of Kaspersky Secure Mail Gateway to Kaspersky
Security Center ......................................................................................................................... 66
Step 15. Checking the connection of Kaspersky Secure Mail Gateway to Kaspersky
Security Center ......................................................................................................................... 71
Step 16. Displaying the settings of the connection to the web interface..................................... 73
Preparing for initial configuration
To begin initial configuration of the Kaspersky Secure Mail Gateway virtual machine:
1. Start VMware vSphere Client.
2. Select a Kaspersky Secure Mail Gateway virtual machine in the list of virtual machines in
the left part of the main application window.
3. Power on the virtual machine by clicking the button on the control panel of the main
application window.
4. Open the VMware vSphere Client console by selecting the Console tab in the right part of
the main application window (see figure below) and follow the steps of the wizard.
32
Step 1. Selecting the End User License
Agreement language
To set the language in which the texts of the End User License Agreement for Kaspersky
Secure Mail Gateway and the Kaspersky Security Network Statement will be displayed:
1. Select a language in the list (see figure below).
Figure 12. Selecting the language for viewing the End User License Agreement and the Kaspersky Security
Network Statement
The available languages depend on the localization packages included in your Kaspersky
Secure Mail Gateway distribution kit.
2. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
33
Step 2. Reviewing the License
Agreement
At this step, you have to accept or reject the terms of the Kaspersky Secure Mail Gateway End
User License Agreement (see figure below). Use the arrow buttons to navigate the text.
I do not accept the agreement if you want to reject the terms of the End User License
Agreement.
I accept the agreement if you want to accept the terms of the End User License
Agreement.
2. Press Enter.
34
If you rejected the terms of the End User License Agreement, initial configuration of
Kaspersky Secure Mail Gateway is aborted. The Initial Configuration Wizard prompts you to
power down the virtual machine (see figure below).
Figure 14. Powering down the virtual machine if the End User License Agreement has been rejected
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step if you accept the terms of the End User License Agreement.
Kaspersky Secure Mail Gateway can run in normal mode or in certified mode.
In normal mode, Kaspersky Secure Mail Gateway is allowed to access the Internet and connect to
the following servers outside the IT infrastructure of your organization:
DNS servers
In certified mode, Kaspersky Secure Mail Gateway is not allowed to access the Internet and
connect to servers outside the IT infrastructure of your organization. Besides, when Kaspersky
Secure Mail Gateway operates in certified mode, the administrator is not allowed to view the event
Log from the Kaspersky Secure Mail Gateway administrator's menu.
35
In certified mode, the settings of Kaspersky Secure Mail Gateway components that require Internet
access take the following values by default:
SPF, DKIM, and DMARC message authentication is disabled. Connection to DNS servers
is prohibited.
The Enforced Anti-Spam Updates service is disabled in the settings of the Anti-Spam
component.
Kaspersky Secure Mail Gateway receives database updates from Kaspersky Security
Center or a local source of Kaspersky Secure Mail Gateway database updates.
1. Select one of the following options for switching Kaspersky Secure Mail Gateway to
certified mode of operation (see figure below).
No, if you do not want to switch Kaspersky Secure Mail Gateway to certified mode of
operation and want Kaspersky Secure Mail Gateway to run in normal mode.
Yes, if you want to switch Kaspersky Secure Mail Gateway to certified mode of
operation.
2. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
36
You can change the mode of operation of Kaspersky Secure Mail Gateway in the web
interface of Kaspersky Secure Mail Gateway.
Thanks to users who participate in Kaspersky Security Network, Kaspersky Lab is able to promptly
gather information about types and sources of threats, develop solutions for neutralizing them, and
minimize the number of false positives. In addition, participation in Kaspersky Security Network
provides you with access to information about the reputation of various applications and websites.
If you participate in Kaspersky Security Network, Kaspersky Secure Mail Gateway performance
statistics are submitted to Kaspersky Lab. These statistics are sent automatically.
37
The text of the Kaspersky Security Network Statement is displayed on the screen of the virtual
machine console (see figure below). Use the arrow buttons to navigate the text. The text of the
Kaspersky Security Network Statement is displayed in the language selected at Step 1 (see
section "Step 1. Selecting the End User License Agreement language" on page 33).
2. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
38
Step 5. Selecting the input language for
Kaspersky Secure Mail Gateway
To configure the input language to be used when managing Kaspersky Secure Mail
Gateway:
2. Click OK.
The virtual machine Initial Configuration Wizard proceeds to the next step.
39
Step 6. Setting the time zone
To set a time zone for Kaspersky Secure Mail Gateway:
1. Select a country from the list displayed on the screen of the VMware vSphere Client
console (see figure below).
2. Press Enter.
A list of time zones available for the selected country is displayed (see figure below).
4. Press Enter.
40
A time zone selection confirmation window opens (see figure below).
The Initial Configuration Wizard of Kaspersky Secure Mail Gateway proceeds to the next step.
1. In the hostname field, enter the full domain name of the Kaspersky Secure Mail Gateway
server (see figure below).
41
Specify the server name in FQDN format (for example: host.domain.com or
host.domain.subdomain.com).
2. Click OK.
After you have assigned the Kaspersky Secure Mail Gateway host name, the virtual
machine attempts to acquire the network settings automatically using the DHCP server and
download Kaspersky Secure Mail Gateway databases.
The Initial Configuration Wizard of Kaspersky Secure Mail Gateway proceeds to the next step.
In this section
Enabling and disabling the network interface ............................................................................ 43
Assigning the IP address and network mask using the DHCP server ........................................ 44
42
Enabling and disabling the network
interface
At least one network interface has to be enabled to make configuration of Kaspersky Secure Mail
Gateway possible. You may have to disable a network interface if you are using several network
interfaces and want to disable one of them temporarily.
2. Press Enter.
3. Proceed to assign the IP address and network mask (see section "Assigning the IP address
and network mask using the DHCP server" on page 44, "Assigning a static IP address and
network mask" on page 45) to finish configuring the network interface.
2. Proceed to assign the IP address and network mask (see section "Assigning the IP address
and network mask using the DHCP server" on page 44, "Assigning a static IP address and
network mask" on page 45) to finish configuring the network interface.
43
Assigning the IP address and network mask
using the DHCP server
To assign the IP address and network mask using the DHCP server:
1. Make sure that the value of the Use DHCP setting is set to yes (see figure below).
You may need to use the DHCP server for assigning the IP address and network mask
if you are configuring Kaspersky Secure Mail Gateway in test mode.
The use of the DHCP server for assigning the IP address and network mask is enabled by
default.
Figure 23. Assigning the IP address and network mask using the DHCP server
2. Select Continue.
3. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
44
Assigning a static IP address and network
mask
To assign a static IP address and network mask:
1. Select the Use DHCP setting (see figure below).
Assigning a static IP address and network mask is recommended if you are configuring
Kaspersky Secure Mail Gateway in production mode.
2. Press Enter.
A window opens prompting you to confirm assignment of static settings for the network
interface (see figure below).
Figure 25. Confirming assignment of static settings for the network interface
45
3. Click Yes.
A window for entering the static IP address and network mask opens (see figure below).
4. In the Address field, type the IP address that you want to assign for Kaspersky Secure Mail
Gateway.
5. In the Netmask field, type the mask of the network on which you are using Kaspersky
Secure Mail Gateway.
6. Click OK.
The Initial Configuration Wizard of Kaspersky Secure Mail Gateway returns to the network
interface configuration window (see figure below).
46
7. Verify that the network settings are correct.
8. Select Continue.
9. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
In this section
Assigning a gateway address using the DHCP server ............................................................... 47
1. Make sure that the value of the Gateway setting is set to dhcp (see figure below).
You may need to use the DHCP server for assigning the gateway address if you are
configuring Kaspersky Secure Mail Gateway in test mode.
47
The use of the DHCP server for assigning the gateway address is enabled by default.
2. Select Continue.
3. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
2. Press Enter.
3. If at the previous step of the Initial Configuration Wizard of Kaspersky Secure Mail Gateway
(see section "Step 8. Configuring the network interface" on page 42) you chose to use the
48
DHCP server for configuring the network interface, click Yes in the window prompting you
to confirm assignment of the static gateway address (see figure below).
A window for entering the static gateway address opens (see figure below).
5. Click OK.
49
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
returns to the network routes configuration window (see figure below).
6. Make sure that the network route settings have been configured correctly.
7. Select Continue.
8. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
50
2. Press Enter.
A window for select additional static route configuration options opens (see figure below).
4. Press Enter.
A window for entering the static route settings opens (see figure below).
6. In the Netmask field, enter the mask of the static route network.
8. Click OK.
51
A window opens, letting you select the network interface for which you want to configure
the static route (see figure below).
A window with a list of additional static routes opens (see figure below).
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
returns to the network routes configuration window (see figure below).
52
13. Make sure that the network route settings have been configured correctly.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
2. Press Enter.
A window with a list of additional static routes opens (see figure below).
53
4. Press Enter.
5. A window for entering the static route settings opens (see figure below).
6. Make changes in the Address field to modify the IP address of the static route.
7. Make changes in the Netmask field to modify the mask of the static route network.
9. Click OK.
A window opens, letting you select the network interface for which you want to configure
the static route (see figure below).
54
A window with a list of additional static routes opens (see figure below).
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
returns to the network routes configuration window (see figure below).
14. Make sure that the network route settings have been configured correctly.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
55
Deleting an additional static route
To delete an additional static route:
2. Press Enter.
A window with a list of additional static routes opens (see figure below).
4. Press Enter.
56
5. A window for selecting the static route to delete opens (see figure below).
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
returns to the window with a list of additional static routes that remain after deletion or, if
you have deleted all additional routes, displays a window where you can select the action to
take on the routes (see figure below).
Figure 48. Selecting the action to perform after all static routes have been removed
8. Select Go back.
9. Press Enter.
57
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
returns to the network routes configuration window (see figure below).
10. Make sure that the network route settings have been configured correctly.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
In this section
Assigning DNS addresses using the DHCP server.................................................................... 59
58
Assigning DNS addresses using the DHCP
server
To assign the DNS address using the DHCP server:
1. Select the name of your network interface (for example: eth0) in the list of settings for using
the DHCP server for assigning DNS addresses (see figure below) .
You may need to use the DHCP server for assigning DNS addressed if you are
configuring Kaspersky Secure Mail Gateway in test mode.
Figure 50. Enabling the use of the DHCP server for assigning DNS addresses
2. Press Enter.
A window for configuring DNS settings with the use of the DHCP server opens (see figure
below).
Figure 51. Finishing configuration of DNS settings with the use of the DHCP server
3. Make sure that the values of the Search list, Primary DNS, Secondary DNS settings are
set to dhcp.
4. Select Continue.
59
5. Press Enter.
A window with the settings of the Kaspersky Secure Mail Gateway network opens (see
figure below).
6. Select Continue.
7. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine restarts
the virtual machine with the new values of settings and proceeds to the next step.
Figure 53. Disabling the use of the DHCP server for assigning DNS addresses
60
2. Press Enter.
A window for entering static DNS addresses opens (see figure below).
3. In the Search list field, type the DNS suffix that you want to use with Kaspersky Secure
Mail Gateway.
4. In the Primary field, type the IP address of the primary DNS server in IPv4 format.
5. In the Secondary field, type the IP address of the secondary DNS server in IPv4 format.
6. Click OK.
A window for configuring static DNS settings opens (see figure below).
61
8. Select Continue.
9. Press Enter.
A window with the settings of the Kaspersky Secure Mail Gateway network opens (see
figure below).
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine restarts
the virtual machine with the new values of settings and proceeds to the next step.
1. Type any characters in the Test input field to check the keyboard layout.
62
2. In the Password field, enter the administrator's password for accessing the web interface
of Kaspersky Secure Mail Gateway (see section "Connecting to the Kaspersky Secure Mail
Gateway web interface" on page 75) (see figure below).
Figure 57. Setting the administrator's password for the web interface of Kaspersky Secure Mail Gateway
4. Click OK.
The Initial Configuration Wizard of Kaspersky Secure Mail Gateway proceeds to the next step.
63
Step 12. Setting the administrator
password for using the console
The administrator of Kaspersky Secure Mail Gateway has the rights to manage the virtual
machine. The administrator can power down or restart the virtual machine or edit its network
settings in the WMware console. The admin account with a separate administrator password is
used for administering Kaspersky Secure Mail Gateway.
To set the administrator's password for managing Kaspersky Secure Mail Gateway in
the VMware console (under the admin account):
1. Type any characters in the Test input field to check the keyboard layout.
2. In the Password field, enter the administrator's password for managing the settings of
Kaspersky Secure Mail Gateway (see section "Managing settings of Kaspersky Secure Mail
Gateway from the administrator's menu" on page 96) (see figure below).
Figure 58. Setting the administrator password for using the VMware console
64
At least one upper-case character
4. Click OK.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
1. In the admins' emails field, enter the email addresses of the Kaspersky Secure Mail
Gateway administrator (see figure below). You can specify several addresses, separating
them with commas.
2. Click OK.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
65
Step 14. Configuring the connection of
Kaspersky Secure Mail Gateway to
Kaspersky Security Center
At this step, configure the connection of Kaspersky Secure Mail Gateway to Kaspersky Security
Center using the wizard for configuring the connection of Kaspersky Secure Mail Gateway to
Kaspersky Security Center (see figure below).
Figure 60. Wizard for configuring the connection of Kaspersky Secure Mail Gateway to
Kaspersky Security Center
Kaspersky Security Center is designed for centrally managing and monitoring Kaspersky Secure
Mail Gateway by performing the primary administrative tasks.
Kaspersky Security Center lets the administrator perform the following Kaspersky Secure Mail
Gateway management tasks:
Display information about the status of protection of Kaspersky Secure Mail Gateway
66
In this section
Enabling Network Agent ............................................................................................................ 67
Specifying the number of the port for connecting to the Administration Server .......................... 68
To enable Network Agent, do the following in the window of the wizard for configuring
the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center:
Continue performing steps in the window of the wizard for configuring the connection of
Kaspersky Secure Mail Gateway to Kaspersky Security Center.
2. Press Enter.
67
A window for entering the Administration Server address opens (see figure below).
3. Specify the DNS name or IP address of the Administration Server of Kaspersky Security
Center.
4. Click OK.
Continue performing the steps of configuring the connection of Kaspersky Secure Mail
Gateway to Kaspersky Security Center.
2. Press Enter.
68
A window opens where you can enter the number of the port for connecting to the
Administration Server (see figure below).
Figure 62. Specifying the port for connecting to the Administration Server
3. Specify the number of the port for connecting to the Administration Server or use the
default port number (13000).
4. Click OK.
Continue performing steps in the window of the wizard for configuring the connection of
Kaspersky Secure Mail Gateway to Kaspersky Security Center.
By default, the SSL connection for transferring data to the Administration Server of Kaspersky
Security Center is enabled.
To enable SSL connection, do the following in the window of the wizard for configuring
the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center:
1. Select the Use SSL setting.
2. Make sure that value of the Use SSL setting is set to yes.
3. If the value of the Use SSL setting is set to no, press Enter.
Continue performing steps in the window of the wizard for configuring the connection of
Kaspersky Secure Mail Gateway to Kaspersky Security Center.
69
Using a gateway for connecting to the
Administration Server
You can choose one of the options for using the gateway when connecting Kaspersky Secure Mail
Gateway to the Administration Server of Kaspersky Security Center:
By default, the use of a gateway is disabled when connecting to the Administration Server, and the
connection to Kaspersky Security Center is established directly.
To disable the use of the gateway for connecting Kaspersky Secure Mail Gateway to
the Administration Server, do the following in the window of the wizard for configuring
the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center:
2. Make sure that the value of the Gw mode setting is set to don't use.
3. If the Gw mode setting has any other value, keep pressing the Enter key until the value of
the Gw mode setting changes to don't use.
To enable the use of the gateway for connecting Kaspersky Secure Mail Gateway to
the Administration Server, do the following in the window of the wizard for configuring
the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center:
2. Keep pressing the Enter key until the value of the Gw mode setting changes to use
gateway.
4. Press Enter.
70
A window for entering the gateway address opens (see figure below).
Figure 63. Entering the address of a gateway for connecting to the Administration Server
5. Enter the DNS name or IP address of the gateway that you want to use for connecting to
the Administration Server of Kaspersky Security Center.
6. Click OK.
To enable the use of Network Agent as a gateway for connecting Kaspersky Secure
Mail Gateway to the Administration Server, do the following in the window of the wizard
for configuring the connection of Kaspersky Secure Mail Gateway to Kaspersky
Security Center:
1. Select the Gw mode setting.
2. Keep pressing the Enter key until the value of the Gw mode setting changes to act as
gateway.
Proceed to check the connection of Kaspersky Secure Mail Gateway to Kaspersky Security
Center in the window of the wizard for configuring the connection of Kaspersky Secure Mail
Gateway to Kaspersky Security Center.
2. Press Enter.
71
3. If you have changed the values of the settings of Kaspersky Secure Mail Gateway
connection to Kaspersky Security Center when configuring the connection of Kaspersky
Secure Mail Gateway to Kaspersky Security Center (see section "Step 14. Configuring the
connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center" on page 66),
click Yes in the window prompting you to confirm changes (see figure below).
The Check Status setting takes the value corresponding to the status of Kaspersky Secure
Mail Gateway connection to Kaspersky Security Center.
For example, if the connection of Kaspersky Secure Mail Gateway to Kaspersky Security
Center has been established successfully, the value of the Check Status setting changes
to OK.
4. Select Continue.
5. Press Enter.
The Initial Configuration Wizard of the Kaspersky Secure Mail Gateway virtual machine
proceeds to the next step.
72
Step 16. Displaying the settings of the
connection to the web interface
If the network connection has been configured successfully, initial configuration of Kaspersky
Secure Mail Gateway finishes at this step, and a window with the web interface connection settings
opens (see figure below).
Remember or write down the IP address specified in the IP address information window and
click OK.
If your network does not use a DHCP server, Kaspersky Secure Mail Gateway is unable to
retrieve the Kaspersky Secure Mail Gateway web interface connection settings automatically,
and the IP address of the connection to the web interface is not displayed in the IP address
information window. In this case, you can configure the Kaspersky Secure Mail Gateway web
interface connection settings manually via the Kaspersky Secure Mail Gateway administrator's
menu (see section "Managing settings of Kaspersky Secure Mail Gateway from the
administrator's menu" on page 96).
73
Starting the Kaspersky Secure Mail
Gateway virtual machine
After performing initial configuration (see section "Initial configuration of Kaspersky Secure Mail
Gateway" on page 31), the Kaspersky Secure Mail Gateway virtual machine is started
automatically. To ensure interaction with the existing mail infrastructure, the mail server
preinstalled on the virtual machine needs to be configured additionally.
You can view information about the operation of Kaspersky Secure Mail Gateway and configure
message processing rules and protection settings via the web interface (see page 75).
You can also configure settings and manage the operation (see section "Managing settings of
Kaspersky Secure Mail Gateway from the administrator's menu" on page 96) of the virtual machine
via the administrator's menu in the WMware console.
Connecting to the Kaspersky
Secure Mail Gateway web interface
After performing initial configuration (see section "Initial configuration of Kaspersky Secure Mail
Gateway" on page 31), you can connect to the web interface of Kaspersky Secure Mail Gateway.
1. Type the following address in the address line of the web browser:
A web interface login page opens, prompting you to enter the user name and password of
the web address administrator.
3. In the Password field, type the password specified at Step 11 of the Initial Configuration
Wizard of Kaspersky Secure Mail Gateway (see section "Step 11. Setting the web interface
administrator password" on page 62).
The main page of the Kaspersky Secure Mail Gateway web interface opens.
Integrating Kaspersky Secure Mail
Gateway into the corporate mail
infrastructure
Kaspersky Secure Mail Gateway is integrated into the existing corporate mail infrastructure
and is not a standalone mail system. For example, Kaspersky Secure Mail Gateway does not
deliver email messages to recipients and does not manage user accounts.
You can integrate Kaspersky Secure Mail Gateway into the corporate mail infrastructure in one of
the following ways:
Through an edge gateway (see figure below) on which SMTP verification of recipient email
addresses is enabled.
Before configuring integration of Kaspersky Secure Mail Gateway via an edge gateway,
specify whether or not SMTP verification of recipient email addresses is enabled on the
edge gateway to which Kaspersky Secure Mail Gateway will be relaying messages
from internal domains.
Through an edge gateway (see figure above) on which SMTP verification of recipient email
addresses is disabled.
You can configure the basic settings of Kaspersky Secure Mail Gateway integration into the
corporate mail infrastructure using the Quick MTA Setup Wizard as well as integrate Kaspersky
Secure Mail Gateway into the corporate mail infrastructure through the web interface of the
application.
After you complete all steps of the quick MTA setup, Kaspersky Secure Mail Gateway resets
all values of MTA setting and replaces them with values that you specified in the Quick MTA
Setup Wizard.
In this section
Direct integration ....................................................................................................................... 77
Direct integration
Direct integration is the type of integration where Kaspersky Secure Mail Gateway receives email
messages directly from the Internet and redirects them to internal mail servers, and also receives
messages from internal mail servers and redirects them to the Internet.
To configure direct integration of Kaspersky Secure Mail Gateway into the corporate
mail infrastructure:
1. In the main window of the application web interface, open the administration console tree
and select the Quick MTA Setup section.
2. In the Integrating Kaspersky Secure Mail Gateway into mail infrastructure section,
select Integrate directly.
3. Click the Start integration link to begin performing the steps of the wizard.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
77
In this section
Step 1. Adding local domains (relay_domains) .......................................................................... 78
If local domains are not specified, Kaspersky Secure Mail Gateway will not be receiving
messages for your internal mail servers.
1. Click the Add a domain link to open the Adding a domain window.
2. In the Enter domain name field, type the name of the domain for which Kaspersky Secure
Mail Gateway will be receiving messages.
The domain names have to be entered one at a time. Repeat the process of adding
domain names to the list for all domain names that you are adding.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
78
See also
Step 2. Configuring email routing (transport_map) .................................................................... 79
By default, Kaspersky Secure Mail Gateway uses the settings of your DNS server for email routing.
To configure email routing manually, create a transport map: enter the names of the domains for
which email messages are intended and then type the IP addresses or FQDN names of the
domains to which Kaspersky Secure Mail Gateway will be redirecting messages intended for the
domains.
For example, if you want messages intended for the example.com domain to be redirected to the
address 1.1.1.0:25, add the example.com domain to the transport map and then specify the IP
address 1.1.1.0 and port number 25 for routing messages intended for the example.com domain.
1. Click the Add a record to the transport map link to open the Email routing window.
2. In the Enter domain name field, type the name of the domain for which email messages
are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address or domain name of the server the routing of email to which you want to configure.
You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address
(for example: 2607:f0d0:1002:51::4), subnet mask in CIDR format (for example: fc00::/7),
domain name or FQDN.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
79
4. In the Enter the port number to connect with the email destination address, select the
port number.
6. Click OK.
Transport map records are added one at a time. Repeat the process of adding records to
the transport map for all records that you are adding.
See also
Step 1. Adding local domains (relay_domains).......................................................................... 78
As a rule, these are internal networks and network nodes of your organization.
For example, you can specify the IP addresses of Microsoft Exchange servers used at your
organization.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
80
If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving
messages from internal mail servers and redirect them outside the network of your
organization.
1. Click the Add a trusted network or network host link to open the Adding a trusted
network window.
2. In the Enter network address or network host address field, type the name of the
domain for which email messages are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address of the network or a subnet address.
4. Click OK.
Addresses are added one at a time. Repeat the process of adding addresses to the list for
all addresses that you are adding.
See also
Step 1. Adding local domains (relay_domains) .......................................................................... 78
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
81
Step 4. Completing direct integration of
Kaspersky Secure Mail Gateway
At this step, check the settings you have specified for integrating Kaspersky Secure Mail Gateway
into the corporate mail infrastructure and confirm your choice.
When integration into the corporate mail infrastructure is completed, the following settings of
Kaspersky Secure Mail Gateway are configured automatically.
After you complete all steps of the Quick MTA Setup, Kaspersky Secure Mail Gateway resets
all values of MTA setting and replaces them with values that you specified in the Quick MTA
Setup Wizard.
See also
Step 1. Adding local domains (relay_domains) .......................................................................... 78
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
82
SMTP verification of recipient email addresses is used by mail systems to prevent reception of
messages for nonexistent addresses.
To configure integration of Kaspersky Secure Mail Gateway into the corporate mail
infrastructure through an edge gateway on which SMTP verification of recipient email
addresses is enabled:
1. In the main window of the application web interface, open the administration console tree
and select the Quick MTA Setup section.
2. In the Integrating Kaspersky Secure Mail Gateway into mail infrastructure section,
select Integrate through Edge Gateway.
3. Click the Start integration link to go to the SMTP verification of recipient email
addresses on the Edge Gateway section.
5. Click the Go to adding local domains link to start performing the steps of the wizard.
In this section
Step 1. Adding local domains (relay_domains) .......................................................................... 83
Step 5. Finishing integration through an edge gateway (SMTP verification is enabled) ............. 88
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
83
If local domains are not specified, Kaspersky Secure Mail Gateway will not be receiving
messages for your internal mail servers.
2. In the Enter domain name field, type the name of the domain for which Kaspersky Secure
Mail Gateway will be receiving messages.
The domain names have to be entered one at a time. Repeat the process of adding
domain names to the list for all domain names that you are adding.
See also
Step 2. Configuring email routing (transport_map) .................................................................... 84
Step 5. Finishing integration through an edge gateway (SMTP verification is enabled) ............. 88
By default, Kaspersky Secure Mail Gateway uses the settings of your DNS server for email routing.
To configure email routing manually, create a transport map: enter the names of the domains for
which email messages are intended and then type the IP addresses or FQDN names of the domains
to which Kaspersky Secure Mail Gateway will be redirecting messages intended for the domains.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
84
For example, if you want messages intended for the example.com domain to be redirected to the
address 1.1.1.0:25, add the example.com domain to the transport map and then specify the IP
address 1.1.1.0 and port number 25 for routing messages intended for the example.com domain.
1. Click the Add a record to the transport map link to open the Email routing window.
2. In the Enter domain name field, type the name of the domain for which email messages
are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address or domain name of the server the routing of email to which you want to configure.
You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address
(for example: 2607:f0d0:1002:51::4), subnet mask in CIDR format (for example: fc00::/7),
domain name or FQDN.
4. In the Enter the port number to connect with the email destination address, select the
port number.
6. Click OK.
Transport map records are added one at a time. Repeat the process of adding records to
the transport map for all records that you are adding.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
85
See also
Step 1. Adding local domains (relay_domains) .......................................................................... 83
Step 5. Finishing integration through an edge gateway (SMTP verification is enabled) ............. 88
If you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will
be redirecting email messages to the addresses specified for each domain.
1. In the Entering address of your Edge Gateway field, type the IP address of the edge
gateway.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
86
See also
Step 1. Adding local domains (relay_domains) .......................................................................... 83
Step 5. Finishing integration through an edge gateway (SMTP verification is enabled) ............. 88
As a rule, these are internal networks and network nodes of your organization.
For example, you can specify the IP addresses of Microsoft Exchange servers used at your
organization.
If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving
messages from internal mail servers and redirect them outside the network of your organization.
1. Click the Add a trusted network or network host link to open the Adding a trusted
network window.
2. In the Enter network address or network host address field, type the name of the
domain for which email messages are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address of the network or a subnet address.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
87
4. Click OK.
Addresses are added one at a time. Repeat the process of adding addresses to the list for
all addresses that you are adding.
See also
Step 1. Adding local domains (relay_domains).......................................................................... 83
Step 5. Finishing integration through an edge gateway (SMTP verification is enabled) ............. 88
When integration into the corporate mail infrastructure is completed, the following settings of
Kaspersky Secure Mail Gateway are configured automatically.
Do not enable SPF authentication of message recipients because the message sender
is the edge gateway from which Kaspersky Secure Mail Gateway receives messages.
DMARC authentication of domains from which Kaspersky Secure Mail Gateway receives
messages is disabled.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
88
Do not enable DMARC authentication of domains because Kaspersky Secure Mail
Gateway receives messages from an intermediate gateway.
After you complete all steps of the Quick MTA Setup, Kaspersky Secure Mail Gateway resets
all values of MTA setting and replaces them with values that you specified in the Quick MTA
Setup Wizard.
See also
Step 1. Adding local domains (relay_domains) .......................................................................... 83
SMTP verification of recipient email addresses is used by mail systems to prevent reception of
messages for nonexistent addresses.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
89
To configure integration of Kaspersky Secure Mail Gateway into the corporate mail
infrastructure through an edge gateway on which SMTP verification of recipient email
addresses is disabled:
1. In the main window of the application web interface, open the administration console tree
and select the Quick MTA Setup section.
2. In the Integrating Kaspersky Secure Mail Gateway into mail infrastructure section,
select Integrate through Edge Gateway.
3. Click the Start integration link to go to the SMTP verification of recipient email
addresses on the Edge Gateway section.
5. Click the Go to configuring email routing link to start performing the steps of the wizard.
In this section
Step 1. Configuring email routing (transport_map) .................................................................... 90
By default, Kaspersky Secure Mail Gateway uses the settings of your DNS server for email routing.
To configure email routing manually, create a transport map: enter the names of the domains for
which email messages are intended and then type the IP addresses or FQDN names of the
domains to which Kaspersky Secure Mail Gateway will be redirecting messages intended for the
domains.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
90
For example, if you want messages intended for the example.com domain to be redirected to the
address 1.1.1.0:25, add the example.com domain to the transport map and then specify the IP
address 1.1.1.0 and port number 25 for routing messages intended for the example.com domain.
1. Click the Add a record to the transport map link to open the Email routing window.
2. In the Enter domain name field, type the name of the domain for which email messages
are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address or domain name of the server the routing of email to which you want to configure.
You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address
(for example: 2607:f0d0:1002:51::4), subnet mask in CIDR format (for example: fc00::/7),
domain name or FQDN.
4. In the Enter the port number to connect with the email destination address, select the
port number.
6. Click OK.
Transport map records are added one at a time. Repeat the process of adding records to
the transport map for all records that you are adding.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
91
See also
Step 2. Entering address of your Edge Gateway (relayhost) ..................................................... 92
If you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will
be redirecting email messages to the addresses specified for each domain.
See also
Step 1. Configuring email routing (transport_map) .................................................................... 90
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
92
Step 3. Adding trusted networks and
network hosts (mynetworks)
At this step, create a list of trusted networks and network hosts that are allowed to send email
messages via Kaspersky Secure Mail Gateway.
As a rule, these are internal networks and network nodes of your organization.
For example, you can specify the IP addresses of Microsoft Exchange servers used at your
organization.
If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving
messages from internal mail servers and redirect them outside the network of your organization.
1. Click the Add a trusted network or network host link to open the Adding a trusted
network window.
2. In the Enter network address or network host address field, type the name of the
domain for which email messages are intended.
3. In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP
address of the network or a subnet address.
4. Click OK.
Addresses are added one at a time. Repeat the process of adding addresses to the list for
all addresses that you are adding.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
93
See also
Step 1. Configuring email routing (transport_map) .................................................................... 90
When integration into the corporate mail infrastructure is completed, the following settings of
Kaspersky Secure Mail Gateway are configured automatically.
Do not enable SPF authentication of message recipients because the message sender
is the edge gateway from which Kaspersky Secure Mail Gateway receives messages.
DMARC authentication of domains from which Kaspersky Secure Mail Gateway receives
messages is disabled.
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
94
After you complete all steps of the Quick MTA Setup, Kaspersky Secure Mail Gateway resets
all values of MTA setting and replaces them with values that you specified in the Quick MTA
Setup Wizard.
See also
Step 1. Configuring email routing (transport_map) .................................................................... 90
Integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure
95
Managing settings of Kaspersky
Secure Mail Gateway from the
administrator's menu
You can manage the settings of the Kaspersky Secure Mail Gateway virtual machine via the
administrator's menu (admin account) in the VMware console.
To start managing the settings of the Kaspersky Secure Mail Gateway virtual machine:
2. Select a Kaspersky Secure Mail Gateway virtual machine in the list of virtual machines in
the left part of the main application window.
3. Make sure that the virtual machine is powered on or power on the virtual machine by
clicking the button on the control panel of the main application window.
4. Open the VMware vSphere Client console by selecting the Console tab in the right part of
the main application window (see figure below).
Figure 68. Opening the console for managing Kaspersky Secure Mail Gateway settings
5. In response to the system invitation, enter the user name admin and the password
specified at Step 12 of the Initial Configuration Wizard of Kaspersky Secure Mail Gateway
(see section "Step 12. Setting the administrator password for using the console" on
page 64).
The virtual machine administrator's menu opens (see figure below) from which you can
manage the Kaspersky Secure Mail Gateway virtual machine.
In this section
Running Kaspersky Secure Mail Gateway in Technical Support Mode ...................................... 97
Checking the connection of Kaspersky Secure Mail Gateway to Kaspersky Security Center .... 99
It is not recommended to run Kaspersky Secure Mail Gateway in Technical Support Mode
without consulting Technical Support representatives or being instructed to do so by them.
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu
97
To run Kaspersky Secure Mail Gateway in Technical Support Mode:
2. Select a Kaspersky Secure Mail Gateway virtual machine in the list of virtual machines in
the left part of the main application window.
3. Make sure that the virtual machine is powered on or power on the virtual machine by
clicking the button on the control panel of the main application window.
4. Open the VMware vSphere Client console by selecting the Console tab in the right part of
the main application window.
5. In response to the system invitation, enter the user name admin and the password
specified at Step 12 of the Initial Configuration Wizard of Kaspersky Secure Mail Gateway
(see section "Step 12. Setting the administrator password for using the console" on
page 64).
The virtual machine administrator's menu opens from which you can manage the
Kaspersky Secure Mail Gateway virtual machine.
6. Select Technical Support Mode in the virtual machine administrator's menu (see figure
below).
7. Press ENTER.
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu
98
A window for entering the password of the web interface administrator account opens (see
page 62) (see figure below).
8. In the Password field, enter the account password that you specified at Step 11 of the
Kaspersky Secure Mail Gateway initial configuration process (see section Step 11 ). Setting
the web interface administrator password" on page 62).
9. If you really want to run Kaspersky Secure Mail Gateway in Technical Support Mode, select
Yes and press ENTER.
# /opt/kaspersky/klnagent/bin/klnagchk
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu
99
The klnagchk utility checks the connection of Kaspersky Secure Mail Gateway to Kaspersky
Security Center and displays the following connection settings:
Use SSL whether or not a secure connection to Kaspersky Security Center is used
(value: 1 or 0).
Server SSL ports numbers of available ports for connecting to Kaspersky Security
Center via SSL.
Server ports numbers of available ports for connecting to Kaspersky Security Center
without using SSL.
The certificate may be absent if Kaspersky Secure Mail Gateway has not yet established a
single successful connection to Kaspersky Security Center.
Open UDP port whether or not Network Agent of Kaspersky Secure Mail Gateway uses a
UDP port to receive synchronization requests from Kaspersky Security Center (value: 1 or 0).
UDP ports the numbers of UDP that can be used by Kaspersky Secure Mail Gateway.
HostId a unique ID of the Kaspersky Secure Mail Gateway server on the network.
Regardless of whether or not the connection to Kaspersky Security Center is successful, the utility
attempts to determine whether Network Agent is running.
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu
100
If Network Agent is running, the utility displays the following data on the statistics of Kaspersky
Secure Mail Gateway Network Agent connection to the Kaspersky Security Center Administration
Server:
If problems occurred during the connection check, look for a solution in the Administrator's Guide
for Kaspersky Security Center.
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu
101
Upgrading Kaspersky Secure Mail
Gateway via the web interface
Kaspersky Lab may release upgrade packages for Kaspersky Secure Mail Gateway. For example,
Kaspersky Lab can release critical fixes for vulnerabilities or bugs, scheduled upgrades that add
new or improve existing features of Kaspersky Secure Mail Gateway, and packages with additional
localizations for Kaspersky Secure Mail Gateway.
Following the release of Kaspersky Secure Mail Gateway upgrades, you can install them via the
web interface of Kaspersky Secure Mail Gateway.
Prior to installing upgrades via the web interface of Kaspersky Secure Mail Gateway, you have
to download the upgrade package or the localization package in TGZ format along with
instructions on how to install this upgrade from the eStore website to your computer.
Kaspersky Secure Mail Gateway services may be suspended for the duration of upgrade
installation.
After starting an upgrade of Kaspersky Secure Mail Gateway, do not interrupt the upgrade
process or turn off the virtual machine.
You may need to restart Kaspersky Secure Mail Gateway after upgrading.
1. In the main window of the application web interface, open the management console tree
and select the Settings section and System Upgrade subsection.
2. Click the Start upgrade link to open the System Upgrade window.
3. Click the Browse button to the right of the Uploading Upgrade Package field.
The file selection window opens in the web browser that you use.
4. Choose the upgrade file that you want to upload and click the Open button in your web
browser.
The steps of the Upgrade Wizard may vary depending on the type of upgrade.
More detailed instructions on installing each upgrade are provided in the instruction
manual that comes with this upgrade.
103
Preparing to perform certain tasks
in the web interface of Kaspersky
Secure Mail Gateway
Before performing certain tasks in the web interface of Kaspersky Secure Mail Gateway, you need
to make preparations outside the web interface of Kaspersky Secure Mail Gateway.
Configuring TLS encryption between Kaspersky Secure Mail Gateway and other servers in
situations when Kaspersky Secure Mail Gateway receives messages from another server
(acts in the Server role) or sends messages to another server (acts in the Client role).
In this section
Preparing to add the DKIM signature to outgoing messages ................................................... 104
Preparing to configure SPF and DMARC message authentication for outgoing messages ..... 107
Preparing to upgrade Kaspersky Secure Mail Gateway via the web interface ......................... 113
You can configure the DKIM signature for messages in the web interface of Kaspersky Secure Mail
Gateway.
The process of configuring the DKIM signature for messages consists of the following steps:
3. Adding the DKIM signature to messages sent from email addresses in a specific domain.
For instructions on configuring the DKIM signature for messages via the web interface of
Kaspersky Secure Mail Gateway, see the Kaspersky Secure Mail Gateway web interface help.
In order for the remote mail server to be able to verify the DKIM signature added to outgoing
messages, you need to obtain the DNS record of the public DKIM key via the web interface of
Kaspersky Secure Mail Gateway and add it to the settings of your DNS server.
To obtain the DNS record of the public DKIM key, do the following in the web interface
of Kaspersky Secure Mail Gateway:
1. In the main window of the application web interface, open the management console tree
and select the Domains section.
2. If the workspace shows the value of the DKIM signature setting as Disabled, do the
following:
a. Click the DKIM signature link to open the DKIM settings window.
c. Click OK.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
105
3. In the list of domains, select the domain for whose addresses you want to configure the
DKIM signature to be added to outgoing messages.
4. In the DKIM signature for messages from domain addresses section, click Add.
5. In the Selector field, type the name that will help you find the DKIM signature.
6. In the Key name list, select the DKIM key based on which the DKIM signature will be
added to messages.
7. Click OK.
In the DKIM signature for messages from domain addresses section, the DNS record field
shows the DNS record of the public DKIM key for a specific domain.
2. Locate the page with information on updating DNS records of the domain for whose
addresses you want to configure the DKIM signature to be added to outgoing messages.
For example, this page can be named "DNS Management", "Name Server Management",
or "Advanced Settings".
3. Find records in TXT format for the domain for whose addresses you want to configure the
DKIM signature to be added to outgoing messages.
4. In the list of records in TXT format, add the DNS record of the public DKIM key for a certain
domain with the following contents:
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
106
For example, you can add the following string:
See Document RFC 5617 for details on configuring settings of the DNS record of a
public DKIM key.
5. Save changes.
The syntax of the sample DNS record is provided for purposes of adding it to the settings of a
BIND DNS server. The syntax of the DNS record to be added to other DNS servers may differ
slightly from the example provided.
DMARC message authentication authentication performed to verify that the message was
actually sent from the specified domain.
For instructions on configuring message authentication for outgoing messages via the web
interface of Kaspersky Secure Mail Gateway, see the Kaspersky Secure Mail Gateway web
interface help.
In order for the remote mail server to be able to perform message authentication when the
message sender is Kaspersky Secure Mail Gateway (authentication of the sender of outgoing
messages), you have to add the SPF and DMARC records to the settings of your DNS server.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
107
To add SPF and DMARC records to the settings of your DNS server:
2. Locate the page with information on updating DNS records of the domain for whose
addresses you want to configure authentication of senders of outgoing messages.
For example, this page can be named "DNS Management", "Name Server Management",
or "Advanced Settings".
3. Find records in TXT format for the domain for whose addresses you want to configure
authentication of senders of outgoing messages.
4. In the list of records in TXT format, add the SPF record for a certain domain with the
following contents:
<name of the domain for whose addresses you want to configure SPF
authentication of the sender of outgoing messages> IN TXT "v=<SPF
version> +all>"
See Document RFC 4408 for details on configuring settings of the SPF record.
5. In the list of records in TXT format, add the DMARC record for a certain domain with the
following contents:
See DMARC documentation for details on configuring settings of the DMARC record.
6. Save changes.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
108
The syntax of the sample SPF and DMARC records is provided for purposes of adding it to the
settings of a BIND DNS server. The syntax of the SPF and DMARC records to be added to other
DNS servers may differ slightly from the examples provided.
1. The server from which email messages are sent (Client) establishes a connection to the
server to which email messages are sent (Server).
3. The Client uses the STARTTLS command to offer the Server to use TLS during SMTP
interaction.
4. If the Server is able to use TLS, it responds with the STARTTLS command and sends the
certificate of the Server to the Client.
5. The Client receives the certificate and, if the relevant parameter values are specified in it,
verifies the authenticity of the Server certificate.
6. The Client and the Server enable the data encryption mode.
You can configure TLS security mode for situations when Kaspersky Secure Mail Gateway
receives messages from another server (acts in the Server role) and sends messages to another
server (acts in the Client role), as well as configure TLS settings for individual domains and domain
groups that use the same IP address.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
109
You can create a TLS certificate or import it via the web interface of Kaspersky Secure Mail
Gateway.
For instructions on configuring TLS encryption between Kaspersky Secure Mail Gateway and
other servers and on creating and importing the TLS certificate via the web interface of
Kaspersky Secure Mail Gateway, see the Kaspersky Secure Mail Gateway web interface help.
Before importing TLS certificates via the web interface of Kaspersky Secure Mail Gateway, you
have to prepare them for import.
Self-signed certificates are normally used to test and debug SSL and TLS encryption of
connections. You are advised to use certificates signed by a certification authority (CA certificates)
on public servers.
The certificate file must have a unique name in the list of certificates used in Kaspersky
Secure Mail Gateway.
The certificate file and the private key file must be in PEM format.
By way of an example, below are instructions on how to prepare for import the self-signed TLS
server certificate server_cert.pem, whose private key is contained in the key.pem file.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
110
To prepare a self-signed TLS certificate for import into Kaspersky Secure Mail
Gateway:
1. In the private key file, remove the password (if any) for accessing the certificate. To do so,
execute the command:
# openssl rsa -in <name of the private key file>.pem -out <name of
the private key file with the password removed>.pem
2. Combine the private key and the server certificate in a single file. To do so, execute the
command:
% cat <name of the private key file with the password removed>.pem
<name of the server certificate>.pem <name of the server
certificate after the files were combined>.pem
The self-signed TLS certificate (for example, cert.pem) is ready for import into Kaspersky
Secure Mail Gateway.
See also
Preparing to import a TLS certificate signed by a certification authority ................................... 111
The certificate file must have a unique name in the list of certificates used in Kaspersky
Secure Mail Gateway.
The files of the server certificate, intermediate and root CA certificates, and the private key
file must be in PEM format.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
111
The key length must be 1024 bits or longer.
You must have the complete certificate chain the path from the server certificate to the
roof CA certificate.
On receiving the CA certificate, you may need to use the intermediate certificate in addition
to the server certificate.
Certificates must be specified in the certificate chain in the following order: first the server
certificate followed by intermediate CA certificates.
The certificate chain must not include any certificates unrelated to current certification.
By way of an example, below are instructions on how to prepare for import a TLS server
certificate signed by a certification authority, server_cert.pem, whose private key is contained
in the key.pem file. The name of the intermediate server certificate is intermediate CA. The
name of the root certificate is root CA.
To prepare a TLS certificate signed by a certification authority for import into Kaspersky
Secure Mail Gateway:
1. In the file of the TLS certificate, remove the password (if any) for accessing the certificate.
To do so, execute the command:
# openssl rsa -in <name of the private key file>.pem -out <name of
the private key file with the password removed>.pem
If you are certain that the clients to which the server will provide this certificate have
their own copies of the root and intermediate CA certificates, combine the private key,
server certificate, intermediate and root CA certificates into a single file. To do so,
execute the command:
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
112
intermediate CA certificate>.pem <name of the root CA
certificate>.pem <name of the TLS certificate after the files
were combined>.pem
If you are not sure that the clients to which the server will provide this certificate have
their own copies of the root and intermediate CA certificates, combine the private key
and server certificate into a single file. To do so, execute the command:
The TLS certificate signed by the certification authority (for example, cert.pem) is ready for
import into Kaspersky Secure Mail Gateway.
See also
Preparing a self-signed TLS certificate for import .................................................................... 110
2. Select the virtual machine that you want to take a snapshot of.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
113
3. Open the menu by right-clicking.
4. In the menu, select the Snapshot item and Take Snapshot sub-item (see figure below).
The Take Virtual Machine Snapshot window opens (see figure below).
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
114
5. In the Name field, enter the name of the virtual machine snapshot.
A snapshot of your virtual machine appears in the list of virtual machines in the left part of the
main application window.
See VMware vSphere Client manuals for details on managing virtual machines in VMware
vSphere Client.
Preparing to perform certain tasks in the web interface of Kaspersky Secure Mail Gateway
115
Kaspersky Secure Mail Gateway
trace log
The trace log of Kaspersky Secure Mail Gateway system services is created automatically and
stored on the virtual machine in unencrypted form in the /var/log/ folder and its subfolders.
Since the trace log may contain personal data of users, the Kaspersky Secure Mail Gateway
administrator has to ensure protection of such data manually.
1. Open the Kaspersky Secure Mail Gateway administrator's menu (see section "Managing
settings of Kaspersky Secure Mail Gateway from the administrator's menu" on page 96).
This section describes the ways to get technical support and the terms on which it is available.
In this section
About technical support ........................................................................................................... 117
Technical support is only available to users who purchased the commercial license. Users who
have received a trial license are not entitled to technical support.
Before contacting Technical Support, please read the technical support rules
(http://support.kaspersky.com/support/rules).
You can register all of your organization's employees under a single account on Kaspersky
CompanyAccount. A single account lets you centrally manage electronic requests from registered
employees to Kaspersky Lab and also manage the privileges of these employees via Kaspersky
CompanyAccount.
English
Spanish
Italian
German
Polish
118
Portuguese
Russian
French
Japanese
To learn more about Kaspersky CompanyAccount, visit the Technical Support website
(http://support.kaspersky.com/faq/companyaccount_help).
119
Glossary
Backup
A special storage for backup copies of files that are created before disinfection or deletion is
attempted.
Directory service
A software system that can store information about network resources (such as users) in one place
and provides centralized management capabilities.
Authentication performed to verify that the message was actually sent from the specified domain.
Email notification
An email message describing an application event or a message scan event, which Kaspersky
Secure Mail Gateway sends to the specified email addresses.
K
An infrastructure of cloud services that provides access to the online Knowledge Base of
Kaspersky Lab which contains information about the reputation of files, web resources, and
software. Use of data from Kaspersky Security Network ensures faster responses by Kaspersky
Lab applications to threats, improves the performance of some protection components, and
reduces the likelihood of false positives.
LDAP
SNMP agent
A network management software module of Kaspersky Secure Mail Gateway, which monitors the
operation of Kaspersky Secure Mail Gateway.
SNMP trap
Glossary
121
SPF message authentication
Comparison of IP addresses of message senders with the list of possible message sources, which
has been created by the mail server administrator.
Virtual machine
A fully isolated software system that executes machine-independent or machine code of the
processor and can imitate the operating system of an application or device (such as a computer).
Glossary
122
AO Kaspersky Lab
In 2008, Kaspersky Lab was rated among the worlds top four leading vendors of information
security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor).
Kaspersky Lab is the preferred vendor of computer protection systems for home users in Russia
(IDC Endpoint Tracker 2014).
Kaspersky Lab was founded in Russia in 1997. It has since grown into an international group of
companies with 34 offices in 31 countries. The company employs more than 3000 qualified
specialists.
PRODUCTS. Kaspersky Labs products provide protection for all systemsfrom home computers
to large corporate networks.
The personal product range includes security applications for desktop, laptop, and tablet
computers, smartphones and other mobile devices.
The company offers protection and control solutions and technologies for workstations and mobile
devices, virtual machines, file and web servers, mail gateways, and firewalls. The company's
portfolio also features specialized products providing protection against DDoS attacks, protection
for industrial control systems, and prevention of financial fraud. Used in conjunction with Kaspersky
Labs centralized management system, these solutions ensure effective automated protection for
companies and organizations of any size against computer threats. Kaspersky Lab's products are
certified by the major test laboratories, are compatible with the software of many suppliers of
computer applications, and are optimized to run on many hardware platforms.
Kaspersky Labs virus analysts work around the clock. Every day they uncover hundreds of
thousands of new computer threats, create tools to detect and disinfect them, and include them in
databases used by Kaspersky Lab applications.
TECHNOLOGIES. Many technologies that are now part and parcel of modern anti-virus tools were
originally developed by Kaspersky Lab. It is no coincidence that many other developers use the
Kaspersky Anti-Virus kernel in their products, including: Alcatel-Lucent, Alt-N, Asus, BAE Systems,
Blue Coat, Check Point, Cisco Meraki, Clearswift, D-Link, General Dynamics, Facebook, Juniper
Networks, Lenovo, H3C, Microsoft, NETGEAR, Openwave Messaging, Parallels, Qualcomm,
Samsung, Stormshield, Toshiba, Trustwave, Vertu, ZyXEL. Many of the companys innovative
technologies are patented.
ACHIEVEMENTS. Over the years, Kaspersky Lab has won hundreds of awards for its services in
combating computer threats. Following tests and research conducted by the reputed Austrian test
laboratory AV-Comparatives in 2014, Kaspersky Lab ranked among the top two vendors by the
number of Advanced+ certificates earned and was eventually awarded the Top Rated certificate.
But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The companys
products and technologies protect more than 400 million users, and its corporate clients number
more than 270,000.
AO Kaspersky Lab
124
Information about third-party code
Information about third-party code is contained in the file legal_notices.txt, in the application
installation folder.
Trademark notices
Registered trademarks and service marks are the property of their respective owners.
Microsoft, Active Directory, and Internet Explorer are trademarks of Microsoft Corporation
registered in the United States of America and elsewhere.
VMware, ESXi and VMware vSphere are trademarks of VMware, Inc or trademarks of VMware,
Inc. registered in the United States or other jurisdictions.
Index
A
About Kaspersky Secure Mail Gateway .................................................................................... 13
Administrator
Managing settings of Kaspersky Secure Mail Gateway from the administrator's menu ......... 96
C
Console
Managing Kaspersky Secure Mail Gateway settings from the console ................................. 96
D
DNS
E
Email routing ................................................................................................................. 79, 84, 90
End User License Agreement
I
Integration into the corporate mail infrastructure ........................................................... 77, 82, 89
K
KSN
M
myhostname
N
Network interface
assigning the IP address and network mask using the DHCP server.................................... 44
Network routes
Index
128
deleting a network route ....................................................................................................... 56
O
Operation mode
S
SMTP verification of recipient email addresses ................................................................... 82, 89
T
Technical Support Mode
Time zone
V
Virtual machine
Index
129
W
Web interface
Index
130