Kaspersky Secure Mail Gateway Help

Configuring MTA settings

Kaspersky Secure Mail Gateway is integrated into the existing corporate mail infrastructure and is not a standalone mail system. For example, Kaspersky Secure Mail Gateway does not deliver email messages to recipients and does not manage user accounts.

You can configure the basic MTA settings using the Quick MTA Setup Wizard or manually in the application web interface.

This section describes how you can configure the MTA settings manually.

In this Help section

Configuring transmission and reception of messages by the MTA

Adding local domains (relay_domains)

Configuring email routing (transport_map)

Adding trusted networks and network hosts (mynetworks)

Configuring advanced MTA settings

Page top

Configuring transmission and reception of messages by the MTA

To enable or disable transmission or reception of messages by the mail agent of Kaspersky Secure Mail Gateway:

  1. In the main window of the application web interface, open the management console tree and select the Message Queue section.
  2. In the upper part of the workspace, click any link to open the Messages send and receive control window.
  3. In the Sending Mail list, select one of the following values:
    • Yes if you want to allow the mail agent of Kaspersky Secure Mail Gateway to send messages.
    • No if you do not want to allow the mail agent of Kaspersky Secure Mail Gateway to send messages.
  4. In the Receiving Mail list, select one of the following values:
    • Yes if you want to allow the mail agent of Kaspersky Secure Mail Gateway to receive messages.
    • No if you do not want to allow the mail agent of Kaspersky Secure Mail Gateway to receive messages.
  5. Click OK.

The Messages send and receive control window closes.

Attention! These settings control transmission and reception of messages by the mail agent of Kaspersky Secure Mail Gateway.

See also

Configuring MTA settings

Adding local domains (relay_domains)

Configuring email routing (transport_map)

Adding trusted networks and network hosts (mynetworks)

Configuring advanced MTA settings

Page top

Adding local domains (relay_domains)

Local domains are domains of your organization for which Kaspersky Secure Mail Gateway will be receiving email messages from the outside. Kaspersky Secure Mail Gateway will receive messages only for the domains you specified. Messages intended for other domains are rejected.

If local domains are not specified, Kaspersky Secure Mail Gateway will not be receiving messages for your internal mail servers.

To add a local domain of your organization:

  1. In the main window of the application web interface, open the management console tree and select the Domains section.
  2. Click the Add button.

    The record creation window opens.

  3. In the Record type settings group, select Domain as the record type.
  4. In the Domain/Email address field, type the name of the domain for which Kaspersky Secure Mail Gateway will be receiving email messages from the outside.

    Type the fully qualified domain name (FQDN).

  5. Select the check box next to the name of the Local domain setting.

    Kaspersky Secure Mail Gateway will receive messages only for the domains you specified. Messages intended for other domains are rejected.

  6. In the Email routing settings group, flip on the toggle switch next to the name of the Configure email routing setting.
  7. In the Protocol settings group, select the email transmission protocol.
  8. In the Destination address and port number field, type the IP address of the server to which you want to configure routing of email.

    You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address (for example: 2607:f0d0:1002:51::4), or subnet address in CIDR format (for example: fc00::/7).

  9. In the TLS Encryption mode for all outgoing mail of the mail server settings group, select one of the following options:
    • Use TLS Encryption mode, set for all outgoing mail from the server, if you want to use the TLS encryption mode set for all outgoing mail from the server for this domain.
    • Override TLS Encryption mode for this domain, if you want to configure a different mode of connection TLS encryption for this domain.
  10. If you have chosen to configure a different TLS encryption mode for this domain, in the Override TLS Encryption mode for this domain list select the mode of TLS encryption of the connection that you want to set.
  11. If you want to configure the DKIM signature for messages from addresses of this domain, in the DKIM signature for messages from domain addresses settings group, do the following:
    1. Click the Add button.

      The Creating DKIM signature for the domain window opens.

    2. In the Selector field, type the name that will help you find the DKIM signature.
    3. In the Key name list, select the DKIM key based on which the DKIM signature will be added to messages.
    4. Click OK.

      The Creating DKIM signature for the domain window closes.

  12. Click the Add button in the lower part of the window.

The domain for which Kaspersky Secure Mail Gateway will be receiving messages appears in the list of domains.

See also

Configuring MTA settings

Configuring transmission and reception of messages by the MTA

Configuring email routing (transport_map)

Adding trusted networks and network hosts (mynetworks)

Configuring advanced MTA settings

Page top

Configuring email routing (transport_map)

By default, Kaspersky Secure Mail Gateway uses the settings of your DNS server for email routing. To configure email routing manually, create a transport map: enter the names of the domains for which email messages are intended and then type the IP addresses or FQDN names of the domains to which Kaspersky Secure Mail Gateway will be redirecting messages intended for the domains.

For example, if you want messages intended for the example.com domain to be redirected to the address 1.1.1.0:25, add the example.com domain to the transport map and then specify the IP address 1.1.1.0 and port number 25 for routing messages intended for the example.com domain.

To configure email routing for a domain:

  1. In the main window of the application web interface, open the management console tree and select the Domains section.
  2. In the list of domains, select the domain for which you want to configure email routing.
  3. In the Destination address and port number field, type the IP address of the server to which you want to configure routing of email.

    You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address (for example: 2607:f0d0:1002:51::4), or subnet address in CIDR format (for example: fc00::/7).

  4. Click OK in the lower part of the window.

Email routing is configured for the domain.

See also

Configuring MTA settings

Configuring transmission and reception of messages by the MTA

Adding local domains (relay_domains)

Adding trusted networks and network hosts (mynetworks)

Configuring advanced MTA settings

Page top

Adding trusted networks and network hosts (mynetworks)

Trusted networks and network hosts – networks and network hosts that are allowed to send email messages via Kaspersky Secure Mail Gateway.

As a rule, these are internal networks and network hosts of your organization.

For example, you can specify the IP addresses of Microsoft Exchange servers used at your organization.

If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving messages from internal mail servers and redirect them outside the network of your organization.

To add a list of trusted networks and network hosts:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and MTA subsection.
  2. In the Basic Settings section, click any link to open the Basic MTA settings window.
  3. In the Trusted networks field, type the list of trusted networks and network hosts for which you want to allow transmission of email messages via Kaspersky Secure Mail Gateway.

    Specify the IPv4 addresses in the CIDR notation.

  4. Click OK.

    The Basic MTA settings window closes.

The list of trusted networks and network hosts is added.

See also

Configuring MTA settings

Configuring transmission and reception of messages by the MTA

Adding local domains (relay_domains)

Configuring email routing (transport_map)

Configuring advanced MTA settings

Page top

Configuring advanced MTA settings

To configure advanced MTA settings:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and MTA subsection.
  2. Maximize the Advanced Settings section.
  3. Click any link in the upper part of the list of settings to open the Advanced MTA settings window.
  4. In the SMTP greeting text field, type the text that will accompany code 220 in the SMTP greeting.
  5. In the Maximum connection attempts field, specify the maximum number of connection attempts by one remote SMTP client to the service of the SMTP server per minute.

    Type 0 if restrictions are not required.

    The default value is 0 (unrestricted).

  6. In the Maximum simultaneous connection attempts field, specify the maximum number of simultaneous connection attempts by one remote SMTP client to the SMTP server.

    Type 0 if restrictions are not required.

    The default value is 50.

  7. In the Maximum mail delivery requests field, specify the maximum number of message delivery requests from one remote SMTP client to the SMTP server per minute, regardless of whether this mail server accepts these messages or not.

    Type 0 if restrictions are not required.

    The default value is 0 (unrestricted).

  8. In the SMTP session timeout field, specify the maximum period of time during which a request has to be received from the remote SMTP client and a response sent by the SMTP server.

    The default value is 30 seconds.

  9. In the Interval between destination address connection attempts, specify the interval between attempts by the MTA queue manager to connect to the message destination address if the destination address is unavailable.

    The default value is 60 seconds.

  10. In the Minimum delivery interval for Deferred queue field, specify the minimum interval between attempts to deliver a message that has been deferred into the Deferred queue.

    The default value is 300 seconds.

  11. In the Maximum delivery interval for Deferred queue field, specify the maximum interval between attempts to send a message that has been deferred into the Deferred queue.

    The default value is 4000 seconds.

  12. In the Maximum queue lifetime for a message, set a limit on the time during which a message with a permanent error status will be stored in the queue. When this time elapses, the message is considered undelivered.

    The default value is 3 days.

  13. In the Deferred queue processing interval field, specify the frequency of scanning of the Deferred queue by the queue manager.

    The default value is 1000 seconds.

  14. In the Maximum queue lifetime for a bounce message, set a limit on the time during which a bounce message with a permanent error status will be stored in the queue. When this time elapses, the message is considered undelivered.

    The default value is 3 days.

  15. In the BCC address for all messages field, specify an optional email address for receiving blind carbon copies of all messages received by the MTA.
  16. In the Check addresses format for RFC 821 compliance list, configure (enable or disable) checking of email addresses in the SMTP MAIL FROM and RCPT TO to verify that such addresses are in angle brackets and do not contain RFC 822 comments and phrases. This check prevents reception of messages from malicious applications.

    To configure checking of addresses, in the Check addresses format for RFC 821 compliance list select one of the following values:

    • Yes if you want to enable checking.
    • No if you want to disable checking.

    The default value is Yes.

  17. Configure the Disable recipient verification SMTP VRFY setting, which enables or disables the SMTP VRFY command. The SMTP VRFY command prevents certain services from collecting email addresses.

    To enable or disable the SMTP VRFY command, select one of the following values in the Disable recipient verification SMTP VRFY list:

    • Yes if you want to enable the command.
    • No if you want to disable the command.

    The default value is Yes.

  18. In the EHLO keywords not sent by SMTP server in response field, select check boxes next to those non-case-sensitive EHLO commands (for example: pipelining, starttls, auth), which your SMTP server will not announce in the response to the EHLO request from an external SMTP client.

    Default values: silent-discard, dsn, etrn.

  19. Click OK.

    The Advanced MTA settings window closes.

See also

Configuring MTA settings

Configuring transmission and reception of messages by the MTA

Adding local domains (relay_domains)

Configuring email routing (transport_map)

Adding trusted networks and network hosts (mynetworks)

Page top