Overview

Scenario In certain cases one may need to move an SQL database that stores KSE operational data to another SQL server/instance. The following procedure can be used to achieve that: Step-by-step guide Change the startup type of KSE services to Manual. Stop the KSE services which use this database (may be located on several hosts in case of DAG, for example). Create a backup of the KSE database using MS SQL tools. Restore the database on a new SQL server/instance using MS SQL tools. Assign the required rights for this database according to this article. Manually edit the file BackendDatabaseConfiguration*.config on every KSE server that will use this database. See this article for instructions. In the scenario when KSE doesn't use the DB default port, we must edit the BackendDatabaseConfiguration*.config file properly, here is an example when custom port is 1435: <SqlServerName>sqlag02ls,1435</SqlServerName> Manually change the values of BackendDatabaseName and BackendSqlServerName with the new ones in the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Kaspersky Lab\Kaspersky Security for Microsoft Exchange Server" on every KSE server that will use this new database. Return the startup type for the KSE services back to original values. Start the KSE services. Verify that there are no errors in event logs after the service will be started.

Issue During initial deployments you may encounter errors like this: Jun 3 12:50:13 ksmg postfix/smtpd[841]: NOQUEUE: reject: RCPT from ksmg.example.com[10.10.10.1]: 450 4.1.2 <test@example.com>: Recipient address rejected: Domain not found; from=<test@example.com> to=<test@example.com> proto=ESMTP helo=<example.com> This means that the recipient domain could not be verified in DNS. Solution There are multiple ways to avoid it: create a proper DNS records for the mentioned domain on the DNS server that is used by KSMG configure to use a different DNS server that has proper records just disable this check in Settings -> MTA -> Advanced Settings -> Reject messages for unknown recipient domains When that check is enable, requests are rejected, when the RCPT TO domain has no DNS MX and no DNS A record a malformed MX record (a record with a zero-length MX hostname)

Problem Currently KSMG has IPv6 support enabled in Postfix: inet_protocols = all However, Postfix 2.6 has a known limitation: http://www.postfix.org/IPV6_README.html "Postfix SMTP clients before version 2.8 try to connect over IPv6 before trying IPv4. With more recent Postfix versions, the order of IPv6 versus IPv4 outgoing connection attempts is configurable with the smtp_address_preference parameter. " http://www.postfix.org/postconf.5.html#inet_protocols "Postfix versions before 2.8 attempt to connect via IPv6 before attempting to use IPv4. " Solution Disable IPv6 to evade limitation by configuring: KSMG1.1 inet_protocols = ipv4 in both /opt/kaspersky/klms-appliance-addon/share/templates/main.cf.template and /etc/postfix/main.cf and restarting Postfix afterwards: systemctl restart postfix KSMG2.0 inet_protocols = ipv4 in /opt/kaspersky/ksmg-appliance-addon/share/templates/main.cf.template Then change any setting in Web-UI Settings - Build-In MTA - Basic settings. You can change value of Message size limit (bytes) by 1