Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

MTA with SMTP over TLS

Jump to solution

When we enable the MTA with SMTP over TLS, the mails are decrypted on the CheckPoint, and checked with certain blades. Are the messages encrypted back when they are transferred to a internal server after checking?

1 Solution

Accepted Solutions
Highlighted

Re: MTA with SMTP over TLS

Jump to solution

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

View solution in original post

6 Replies
Highlighted

Re: MTA with SMTP over TLS

Jump to solution

Others can correct me here, but it was my understanding it stays decrypted and just gets handed off to the mail server.

R80 CCSA / CCSE
Highlighted

Re: MTA with SMTP over TLS

Jump to solution

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

View solution in original post

Highlighted
Silver

Re: MTA with SMTP over TLS

Jump to solution

Thanks f lot for your reply!

But I have one more question: are there nuances in mta_postfix_options.cf change шт case when we have VSX gateway and enable MTA on the one VS?

Highlighted
Employee++
Employee++

Re: MTA with SMTP over TLS

Jump to solution

Hi Olga,

FWDIR/conf is specific to each VS environment - the folder looks like $FWDIR/CTX/CTX0000<VSID>/conf/. So you can specify one dedicated MTA conf per VS. Also MTA is enabled per VS.

Regards Thomas

Highlighted

Re: MTA with SMTP over TLS

Jump to solution

I don’t know for sure. I assume Thomas Werner can answer this!

0 Kudos
Highlighted

Re: MTA with SMTP over TLS

Jump to solution

- Config MTA sk108553 and  sk101870 (you can use Postfix MTA settings)

- VSX are  supported on GAIA R80.10 (see sk79700)

Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each VS instance (sk111841)

Regards

Heiko