@Lesley thanks for the detail explanation.

Is enabling MTA a must to use Anti spam and email security? And what are both the advantages and disadvantages of MTA enabling on a maestro? 

If email is transported with TLS, an MTA is required as we won't be able to see the mail content otherwise.

@gemechis MTA is not required for AntiSpam-Blade. Without MTA you have features like BlackList block, IP reputation and content spam check for messages they are not sent encrypted (mentioned by @PhoneBoy )

ThreatExtraction (SandBoxing, remove malicious content from file-attachments or convert to pdf) requires MTA.

As a hint....All features they must be configured in the old SmartDasboard can be used without MTA. All other configuration in the mail tab of ThreatPrevention-Profile needs MTA enabled.

@Wolfgang Thanks for the reply.

Today, I have tried to configure "Configuring a Content Anti-Spam Policy", "Configuring an IP Reputation Policy", "Configuring a Block List". From this 3, IP retutation is working. But we tried to block using domains but emails are arriving at our mailbox.

What could be the issue. I have not enabled MTA, 

Any help on this 

@Lesley @PhoneBoy @Wolfgang 

I have checked all MTA articles and found there are three (3) deployment methods for it.
1. Check Point MTA as the organization MX record
2. Check Point MTA as an internal MTA
3. Check Point MTA in BCC Mode

My question is that if we configure using option 3 which is "Check Point MTA in BCC Mode" How does the mail extraction and emulation going to be done? 

In BCC mode, a copy of the email is sent to emulation, but it is not prevented from reaching the end users inbox.
For full prevention, you need to deploy it with one of the other methods.

Hi @PhoneBoy 

Thanks for the reply.

Today, I have tried to configure "Configuring a Content Anti-Spam Policy", "Configuring an IP Reputation Policy", "Configuring a Block List". From this 3, IP retutation is working. But we tried to block using domains but emails are arriving at our mailbox.

What could be the issue. I have not enabled MTA, 

If SMTP is sent via TLS, then you will not be able to block by domain as there is no way to see what domains are involved in the email.
In this case, you will need to use MTA mode.

@PhoneBoy okay.

So,
      1. Which one's can I configure without enabling MTA?
      2. If enabling MTA is a must to, which mode do you recommend considering resource utilization.

Dear @gemechis all depends on what do you want to achieve...

You can configure to block a mail domain, but as @PhoneBoy mentioned this wil only work if the mail arrives without TLS. You can configure to block a mail by IP-address, this will be blocked with TLS or without.

The content of a mail-message can't be checked if send via TLS, you have to decrypt these messages to do any content scan.

You can enable MTA and all features of "Configuring a Content Anti-Spam Policy", "Configuring an IP Reputation Policy", "Configuring a Block List" will work with TLS and without.

If you want to get the most valuable, you have to enable MTA, the Content Anti-Spam Policy,   the IP Reputation Policy, the Block List and the ThreatExtraction features.

@Wolfgang Thanks for the explanation. But If don't want to enable MTA is AntiSpam and IP-reputation the only option working without MTA? 

Who is responsible for analysing attachments?

What have you configured in the block list ip/domain/email?

Is anti-spam seeing SMTP TLS traffic (sk98973)?

Yes. It's encrypted. 

Would you mind send us some screenshots how this is configured? Just blur out the sensitive data.

Andy

@the_rock 

Below you can find the screenshots.

Looks right. I would confirm with TAC, but what Phoneboy said seems most logical.

Andy

@the_rock 

Ok. one thing i need to clarify. What are the possible configurations I can do with out enabling MTA?

@gemechisd 

Sorry for the delay mate, just saw this message, apologies. I really cant give you good suggestion on that, as Im not sure. I would verify with TAC.

Andy