Kaspersky, the world leader in cybersecurity, has products to secure and protect email servers, protecting from spam, non-desired mail, and viruses.

Kaspersky has a new product called Kaspersky Secure Mail Gateway (KSMG) which replaces KLMS 8, as KLMS 8 is designed for an ancient debian system (debian 9). KLMS8 was made for 32-bit, and although it works on newer systems like Debian 12, it was necessary to compile Apache.

Previously, KSMG was a single unified VM, which was easy to install, but more difficult to integrate with a pre-existing mail server (MTA). Also, the VM image was based on CentOS (and it's commands are a bit different from Debian). Now there also exists a .deb package which can be installed on Ubuntu or Debian. Officialy, the package is only for Ubuntu, but it also works on Debian 12 without issues.

To install, first we remove the KLMS and KLMSUI packages:

sudo apt remove klms klmsui klnagent
sudo /var/opt/kaspersky/klms/cleanup.sh
dpkg -P klms

Verify that we don't have anything running on port 9045: lsof -i :9045 Apache might be running here (if we previously had KLMS on this machine). In this case, we stop apache with: sudo systemctl stop apache2. If you don't want to stop Apache (eg have another program that needs port 9045), don't worry, in KSMG it's possible to change the port.

If your machine doesn't have other websites on port 443, make sure port 443 is free. It might be necessary to modify Apache/Nginx configs so that they don't use 443 temporarily. If there are other webpages on 443, KSMG will use another port (eg 444)

We first install Nginx:

sudo apt install nginx

Now, we download the installation package of KSMG from Kaspersky, and install:

sudo apt install ./ksmg_2.1.0-7854_amd64.deb

Finally, we configure the program:

sudo /opt/kaspersky/ksmg/bin/setup.py --install

We want to use the Milter type integration, and KSMG can activate it automatically.

KSMG will create it's own cryptographic keys (not verified) so if we want to use https, it's recommended to use your own certificates (eg from Let'sEncrypt)

It's possible to modify /etc/nginx/conf.d/ksmg_webapi.conf and change the private key and certificates for your own. But don't modify ksmg_controlapi.conf and don't change the keys and certificates in that file, otherwise it breaks the configuration.

The installer can modify the nginx.conf file to include some 'include' extras, so if there are errors, we can remove them. Additionally, the installer installs the configuration files in /etc/nginx/conf.d. If you use a different directory for the websites (eg /etc/nginx/sites-enabled), move the config files there.

Finally, if you have a Kaspersky Security Centre (KSC), you can install the network agent with:

sudo apt install ./klnagent64_15.1.0-11795_amd64.deb and sudo /opt/kaspersky/klnagent64/lib/bin/setup/postinstall.pl

This allows KSMG to download the databases from KSC instead of using Kaspersky servers (if you have many servers, it's more efficient) but it's not possible to automatically provide the license to KSMG from KSC, and the functionality is limited.

Don't forget to verify the Postfix configuration /etc/postfix/main.cf. Because i was using KLMS8 before, there were some remnant Milter configurations, which were duplicated in the new KSMG. If so, remove the duplicates.

If everything works, you can access the web interface with the Administrator user, and the password that you set installing the program.

First you will need to introduce the license to update the databases. This is in Settings -> General -> License. And now you can update the databases and/or use the KSC to update in Settings -> External Services -> Databases.

Finally, it's recommended to use KSN which greatly increases the detection of spam and viruses. To activate, go to Settings -> External Services -> KSN/KPSN -> KSN settings, and select use KSN.

It's possible to activate and configure rules, and configure to save a backup copy of unwanted messages in case there's a false-positive.

I hope this guide was useful and you can protect your mail using this amazing product from Kaspersky.

You can find more info here