In some occations you might have to run MTA on a Check Point gateway in bridge mode.
You must take care about a proper network design otherwise packet processing for traffic destined for MTA will fail.
This is the setup:
The important and mandatory thing is that traffic to and from the MTA must never be seen on any bridge interface - otherwise it will implicitly be blocked by the firewall component because the same network packet must not be seen twice on different interfaces.
So the requirement is to run all MTA traffic via dedicated interfaces (non-bridge interfaces).
That requires proper traffic routing also because you need to make sure that emails are received and send via the dedicated MTA interfaces.