Configuring integration with a mail server via SMTP
If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.
Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
To configure integration with a mail server over SMTP:
Select the Sensor servers section in the window of the application web interface.
The Server list table will be displayed.
Select the Sensor component for which you want to configure integration with the mail server via SMTP.
This opens the Sensor component settings page.
Select the SMTP integration section.
In the State field, set the toggle switch to Enabled.
In the Destination domains field, specify the name of the mail domain or subdomain. The application will scan email messages sent to mailboxes of the specified domains.
To disable a domain or subdomain, enclose it in the !domain.tld form.
If you leave the mail domain name blank, the application will receive messages sent to any email address.
In the Clients field, specify the IP addresses of hosts and/or masks of subnets (in CIDR notation) with which the application is allowed to interact over the SMTP protocol.
To disable a host or subnet, enclose the address in the !host form.
If you leave this field blank, the application will receive the following messages:
From any email addresses if you specified email domains in the Destination domains field.
From a mail server in the same subnet as the server with the Sensor component if no domain is indicated in the Destination domains field.
If you want the application to receive messages of any size, in the Message size limit settings group, select the Unlimited check box.
If you want to set a maximum allowed size of incoming messages:
Clear the Unlimited check box.
In the field under the check box, enter the maximum allowed size of a message.
In the drop-down list to the right of the field, select the unit of measurement.
Click Apply.
Integration with a mail server via SMTP will be configured. The application will scan email messages received over the SMTP protocol according to the defined settings.
To configure fault-tolerant integration with the mail server:
Configure Round Robin on the DNS server for the domain name corresponding to the Central Node cluster.
Specify this domain name in the mail server settings.
Integration with the mail server will be configured based on the domain name. The mail server will communicate with a random server in the cluster. If this server fails, the mail server will communicate with another healthy server in the cluster.