Application licensing

This section covers the main aspects of application licensing.

About the End User License Agreement

The End User License Agreement is a binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.

Read through the terms of the End User License Agreement carefully before you start using the application.

You can view the terms of the License Agreement in the following ways:

• During installation of Kaspersky Secure Mail Gateway.
• By reading the license.txt file. This file is included in the application's distribution kit.

By confirming that you agree with the End User License Agreement when installing the application, you signify your acceptance of the terms of the End User License Agreement. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application.

About the license

A license is a time-limited right to use the application, granted under the End User License Agreement.

A current license entitles you to the following kinds of services:

• Use of the application in accordance with the terms of the End User License Agreement
• Getting technical support

The scope of services and application usage term depend on the type of license under which the application is activated.

The following license types are provided:

• Trial – a free license intended for trying out the application.

  A trial license is usually of limited duration. As soon as the license expires, all Kaspersky Secure Mail Gateway features are disabled. To continue using the application, you need to purchase a commercial license.

  You can activate the application under a trial license only once.

• Commercial – a pay-for license that is provided when you buy the application.

  When the commercial license expires, the application continues running with limited functionality (for example, Kaspersky Secure Mail Gateway database updates are not available). To continue using Kaspersky Secure Mail Gateway in fully functional mode, you must renew your commercial license.

We recommend renewing the license before its expiration to ensure maximum protection of your computer against security threats.

About the license certificate

The License Certificate is a document provided with the key file.

The License Certificate contains the following license information:

• License number
• Details of the license holder
• Information about the application that can be activated using the license
• Limitation on the number of licensing units (devices on which the application can be used under the license)
• License start date
• License expiration date or license validity period
• License type

About the key

A key is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement (license type, license term, and licensing restrictions).

A key is generated by Kaspersky Lab. After you add a key to the application, the key is displayed in the application interface as a unique alphanumeric sequence. You can add a key to the application by using a key file.

Kaspersky Lab can black-list a key over violations of the End User License Agreement. If the key has been black-listed, you have to add a different key to continue using the application.

There are two types of keys: active and additional.

An active key is the key that is currently used by the application. A trial or commercial license key can be added as the active key. The application cannot have more than one active key.

An additional key  is a key that entitles the user to use the application, but is not currently in use. An additional key automatically becomes active when the license associated with the current active key expires. An additional key can be added only if the active key is available.

A key for a trial license can be added only as the active key. A key for a trial license cannot be added as an additional key.

An additional key can be added only if the active key is available.

Kaspersky Secure Mail Gateway uses keys of the following types:

• Fully-functional key. When a key is added, the application works in full-functionality mode, performing scans for spam, phishing, viruses and other types of malware.
• Key for Anti-Virus protection. When this key is added, the application scans messages for viruses and other threats but does not scan messages for spam. The status label assigned by the application to a message following a spam scan contains information about limited functionality.
• Key for Anti-Spam and Anti-Phishing protection. When this key is added, the application scans messages for spam and phishing but does not scan messages for viruses and other threats. The status label assigned by the application to a message following a scan for viruses and other threats contains information about limited functionality.

The type of additional key should match the type of the previously added active key. If the type of the additional key does not match the type of a previously added active key, the available application functionality changes in accordance with the type of the additional key when the additional key becomes active.

Anti-Spam and Anti-Virus databases are updated regardless of key type.

About the key file

A key file is a file with the .key extension that you receive from Kaspersky Lab. Key files are designed to activate the application by adding a key.

You receive a key file at the email address that you provided when you bought Kaspersky Secure Mail Gateway or ordered the trial version of Kaspersky Security.

You do not need to connect to Kaspersky Lab activation servers in order to activate the application with a key file.

You can recover a key file if it is accidentally deleted. You may need a key file to register with Kaspersky CompanyAccount.

To recover a key file, do one of the following:

• Contact your license distributor
• Obtain a key file on the Kaspersky Lab website based on your existing activation code.

About data provision

Kaspersky Secure Mail Gateway operates with the use of data whose transmission and processing requires the consent of the Kaspersky Secure Mail Gateway administrator.

You can view the list of data and the terms on which it is used as well as give consent to data processing in the following agreements between your organization and Kaspersky Lab:

• In the End User License Agreement (for example, when installing Kaspersky Secure Mail Gateway or upgrading the system in the Settings section, System Upgrade subsection of the main window of the Kaspersky Secure Mail Gateway web interface).

  According to the terms of the End User License Agreement that you have accepted, you consent to the automatic transmission to Kaspersky Lab of the information enumerated in the License Agreement under Data Submission. This information is needed to improve the level of mail server security.

• In the KSN Statement.

  When you participate in Kaspersky Security Network, information obtained as a result of Kaspersky Secure Mail Gateway operation is automatically sent from the computer to Kaspersky Lab. The KSN Statement specifies the list of data that is transmitted.

Kaspersky Lab protects any information received in this way as prescribed by law and applicable rules of Kaspersky Lab.

Kaspersky Lab uses any retrieved information in anonymized form and as general statistics only. General statistics are automatically generated using original collected information and do not contain any private data or other confidential information. The original information received is destroyed as new information is accumulated (once a year). General statistics are stored indefinitely.

User data may be present in the following Kaspersky Secure Mail Gateway components:

• Message queue (file names, email addresses of message senders and recipients, message texts).
• Backup (file names, email addresses of message senders and recipients, message texts).
• Kaspersky Secure Mail Gateway operation reports (file names, email addresses of message senders and recipients).
• Kaspersky Secure Mail Gateway event log (email addresses of message senders and recipients, names of attachment files, IP addresses of computers of message senders).
• Trace files (files names, paths to files, proxy server names, user account data, IP addresses of computers that connect to Kaspersky Secure Mail Gateway database update sources, names and IP addresses of update sources, information about files downloaded and the download speed).
• Files storing settings of the connection to the LDAP server and proxy server (data of LDAP server and proxy server user accounts).

When Kaspersky Secure Mail Gateway connects to DNS, SURBL, and DNSBL servers, Kaspersky Secure Mail Gateway uses IP addresses and FQDN names of domains that contact these servers.

Managing Kaspersky Secure Mail Gateway via the administration console of Kaspersky Secure Mail Gateway in Technical Support Mode with super-user account privileges lets you manage dump settings. A dump is generated during application crashes and may be needed to analyze the causes of the crash. The dump may include any data, including fragments of messages and files analyzed.

The corporate LAN administrator is responsible for access to this information.

By default, dump generation in Kaspersky Secure Mail Gateway is disabled.

Data of the email message queue currently being processed by Kaspersky Secure Mail Gateway as well as data of LDAP server and proxy server user accounts are stored in Kaspersky Secure Mail Gateway in unencrypted form.

Such data can be accessed from the Kaspersky Secure Mail Gateway Administration Console in Technical Support Mode with super-user account privileges.

The administrator of Kaspersky Secure Mail Gateway must personally ensure the security of such data.

The administrator of Kaspersky Secure Mail Gateway is responsible for access to this information.

Data about events and processes of Kaspersky Secure Mail Gateway is logged and stored in the following Kaspersky Secure Mail Gateway logs:

• Event log
• Trace log

Viewing information about the license and added keys

To viewing information about the license and added keys,

in the main window of the application web interface, open the management console tree and select the Settings section and Licensing subsection.

The following key details appear in the Active key section of the workspace:

• Alphanumeric sequence of the key
• Key status
• License type
• Number of users
• Application activation date
• Key expiration date
• Number of days until key expiration

Adding a key

To add a key:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Licensing subsection.
2. Click the Add button.

   The Add a key window opens.

3. Click the Browse button.

   The file selection window opens.

4. Select the key file that you want to add.
5. Click OK.

Once added, a key can have active or additional status. The first key to be added automatically becomes active. You can use the application as soon as you add an active key.

After adding an active key, you can add an additional key. The additional key automatically becomes active on expiration of the license. This ensures that protection is maintained in the period between expiration and renewal of the license.

Removing a key

To remove a key:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Licensing subsection.
2. In the workspace of the window, select the check box next to the key that you want to delete.
3. Click the Delete button.

   The Remove key window opens.

4. Click Yes.

The selected key is removed.

If you remove the active key and an additional key has been added for Kaspersky Secure Mail Gateway, the additional key automatically becomes active.

If you remove the active and additional keys, you cannot use the application functionality available under your license.

Modes of Kaspersky Secure Mail Gateway operation under license

Kaspersky Secure Mail Gateway can operate in various modes depending on the license.

Unlicensed

Kaspersky Secure Mail Gateway runs in this mode from the time when you install the application and start its web interface and until you add an active key.

Kaspersky Secure Mail Gateway does not scan email messages in Unlicensed mode.

Trial license

In this mode, Kaspersky Secure Mail Gateway scans email messages and updates databases.

When the trial license key expires, Kaspersky Secure Mail Gateway stops scanning email messages and updating databases.

In order for Kaspersky Secure Mail Gateway to resume operation, you have to install a commercial license key.

Commercial license

In this mode, Kaspersky Secure Mail Gateway scans email messages and updates databases.

When the commercial license key expires, Kaspersky Secure Mail Gateway continues scanning email messages but stops updating databases.

To resume database updates, add a new commercial license key or renew the existing commercial license key.

Kaspersky Secure Mail Gateway supports the following types of commercial license keys:

• Fully-functional key. When a key is added, the application works in full-functionality mode, performing scans for spam, phishing, viruses and other types of malware.
• Key for Anti-Virus protection. When this key is added, the application scans messages for viruses and other threats but does not scan messages for spam. The status label assigned by the application to a message following a spam scan contains information about limited functionality.
• Key for Anti-Spam and Anti-Phishing protection. When this key is added, the application scans messages for spam and phishing but does not scan messages for viruses and other threats. The status label assigned by the application to a message following a scan for viruses and other threats contains information about limited functionality.

Black list of keys

A key can be added to the black list of keys in a number of cases. If this has happened, Kaspersky Secure Mail Gateway stops scanning email messages but continues attempts to update databases in case the key is removed from the black list of keys.

As soon as the key has been removed from the black list of keys, Kaspersky Secure Mail Gateway resumes scanning of email messages in accordance with the valid license.

After scanning of email messages in Kaspersky Secure Mail Gateway is disabled, the following functionality remains available: the mail transfer agent (MTA), the connection to the LDAP server, the event log, and Kaspersky Secure Mail Gateway operation reports. You also have access to all Kaspersky Secure Mail Gateway settings (except the protection settings) via the web interface.

Notification about license expiration

The application checks the license validity period after each update. When the number of days specified in the Send notification setting remains until license expiration, the application starts sending notifications to the email addresses of Kaspersky Secure Mail Gateway administrator.

By default, the application starts sending license expiration notifications 30 days before license expiration.

License expiration notifications are sent once a day.

The application stops sending license expiration notifications in the following cases:

• You have added a key whose validity period exceeds the validity period of the previous key and the value of the Send notification setting.
• License has expired. In this case, the application sends a notification that the license has expired.

To configure the start date for sending notifications, edit the header or text of the notification about an expiring license:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Notifications subsection.
2. In the License expires soon section, click any link to open the Notification settings window.
3. In the Subject field, type the header of the expiring license notification.
4. In the Message field, type the text of the expiring license notification.
5. In the Send notification list, specify the number of days until license expiry that you want to start receiving the notification.
6. Click the Save button.

   The Notification settings window closes.

To enable or disable delivery of license expiration notifications:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Notifications subsection.
2. In the License expires soon section, do one of the following:
   • Flip on the toggle switch next to the name of the License expires soon group of settings if you want to enable delivery of license expiration notifications.
   • Flip off the toggle switch next to the name of the License expires soon group of settings if you want to disable delivery of license expiration notifications.

If an additional key is installed in the application, the notification is not sent. After the expiry of the active key, the additional key automatically becomes active.

If the additional key validity period expires before the application is configured to start sending notifications, the first notification is sent at the time when the active key is replaced with the additional key.