This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ANARINE
Participant
‎2025-11-23 06:55 AM
Jump to solution

Checkpoint MTA rejects outbound mail

Checkpoint MTA --> Internal Exchange Server (incoming works fine)

Internal Exchange Server --> Checkpoint MTA (outgoing to outsiderecipient@gmail.com) Fails

I cant figure out why. Even a telnet test confirms the MTA is rejecting these outside recipients.

 

CPGW:
Remote Server returned '554 5.7.1 <outsiderecipient@gmail.com>: Recipient address rejected: Access denied'

 

Is there some way to add the Exchange Server to Checkpoint as a client that can relay to these addresses ?

 

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
MVP Gold
MVP Gold
‎2025-11-23 11:04 AM
In response to ANARINE
Jump to solution

@ANARINE these are two different things, MTA and AntiSpam.

As mentioned by @Chris_Atkinson  you can‘t use MTA for outgoing mail traffic.

Blade AntiSpam can scan incoming and outgoing messages this is independent from MTA. Without MTA you can‘t scan encrypted mail. Only some IP reputation and blacklisting can be done. Nothing of the envelope of a mail message can be checked.

With MTA enabled you can scan all incoming mails and check for bad attachments or links or anything else in the messages. But you cant‘t use your MTA on a Check Point gateway as outgoing hop for mail delivery. 
You can send your mail through the gateway via SMTP protocol from your on premise Exchange directly to the recipients or via another SMTP-relay, but not your gateways MTA.

View solution in original post

6 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-11-23 07:43 AM
Jump to solution

You may check with TAC but I don't believe this is supported per sk109339.

CCSM R77/R80/ELITE
0 Kudos
ANARINE
Participant
‎2025-11-23 08:10 AM
In response to Chris_Atkinson
Jump to solution

I did come across that article, but why does smartconsole give the ability to scan emails in outgoing direction ?  see attached

 
 

 

Preview file
8 KB
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2025-11-23 11:04 AM
In response to ANARINE
Jump to solution

@ANARINE these are two different things, MTA and AntiSpam.

As mentioned by @Chris_Atkinson  you can‘t use MTA for outgoing mail traffic.

Blade AntiSpam can scan incoming and outgoing messages this is independent from MTA. Without MTA you can‘t scan encrypted mail. Only some IP reputation and blacklisting can be done. Nothing of the envelope of a mail message can be checked.

With MTA enabled you can scan all incoming mails and check for bad attachments or links or anything else in the messages. But you cant‘t use your MTA on a Check Point gateway as outgoing hop for mail delivery. 
You can send your mail through the gateway via SMTP protocol from your on premise Exchange directly to the recipients or via another SMTP-relay, but not your gateways MTA.

the_rock
MVP Diamond
MVP Diamond
‎2025-11-23 11:52 AM
Jump to solution

I would definitely open TAC case for this.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2025-11-23 10:31 PM
In response to the_rock
Jump to solution

@the_rock and @ANARINE ther's no need for  TAC. It is how it works. MTA never works as an MTA for outgoing messages.

the_rock
MVP Diamond
MVP Diamond
‎2025-11-24 04:25 AM
In response to Wolfgang
Jump to solution

Correct @Wolfgang 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events