topic Core protection &quot;SMTP STARTTLS Command&quot; in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Core-protection-quot-SMTP-STARTTLS-Command-quot/m-p/275628#M104978 <P>Dear Check Mates,</P><P>I need some additional clarification about&nbsp;Core protection signature "SMTP STARTTLS Command" which is by default in Prevent mode.</P><P>Does this signature, prevent all STARTTLS over SMTP (port 25) or does it block only some irregular communication?</P><P>My network topology is very simple; SMTP gateway is behind Check Point firewall and perform NAT and access control.</P><P>Is it safe &amp; recommended to switch this signature in DETECT mode.</P><P>&nbsp;</P> Thu, 16 Apr 2026 15:08:13 GMT s_milidrag 2026-04-16T15:08:13Z Core protection "SMTP STARTTLS Command" https://community.checkpoint.com/t5/Firewall-and-Security-Management/Core-protection-quot-SMTP-STARTTLS-Command-quot/m-p/275628#M104978 <P>Dear Check Mates,</P><P>I need some additional clarification about&nbsp;Core protection signature "SMTP STARTTLS Command" which is by default in Prevent mode.</P><P>Does this signature, prevent all STARTTLS over SMTP (port 25) or does it block only some irregular communication?</P><P>My network topology is very simple; SMTP gateway is behind Check Point firewall and perform NAT and access control.</P><P>Is it safe &amp; recommended to switch this signature in DETECT mode.</P><P>&nbsp;</P> Thu, 16 Apr 2026 15:08:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Core-protection-quot-SMTP-STARTTLS-Command-quot/m-p/275628#M104978 s_milidrag 2026-04-16T15:08:13Z Re: Core protection "SMTP STARTTLS Command" https://community.checkpoint.com/t5/Firewall-and-Security-Management/Core-protection-quot-SMTP-STARTTLS-Command-quot/m-p/275650#M104988 <P>This protection seems to trigger with some legit SMTP servers:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk166472" target="_blank">https://support.checkpoint.com/results/sk/sk166472</A><BR />In these cases, an exception should be applied.</P> Thu, 16 Apr 2026 23:58:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Core-protection-quot-SMTP-STARTTLS-Command-quot/m-p/275650#M104988 PhoneBoy 2026-04-16T23:58:09Z