Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olga_Kuts
Advisor
Jump to solution

MTA with SMTP over TLS

When we enable the MTA with SMTP over TLS, the mails are decrypted on the CheckPoint, and checked with certain blades. Are the messages encrypted back when they are transferred to a internal server after checking?

1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

View solution in original post

6 Replies
Daniel_Taney
Advisor

Others can correct me here, but it was my understanding it stays decrypted and just gets handed off to the mail server.

R80 CCSA / CCSE
Norbert_Bohusch
Advisor

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

Olga_Kuts
Advisor

Thanks f lot for your reply!

But I have one more question: are there nuances in mta_postfix_options.cf change шт case when we have VSX gateway and enable MTA on the one VS?

Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Olga,

FWDIR/conf is specific to each VS environment - the folder looks like $FWDIR/CTX/CTX0000<VSID>/conf/. So you can specify one dedicated MTA conf per VS. Also MTA is enabled per VS.

Regards Thomas

Norbert_Bohusch
Advisor

I don’t know for sure. I assume Thomas Werner can answer this!

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

- Config MTA sk108553 and  sk101870 (you can use Postfix MTA settings)

- VSX are  supported on GAIA R80.10 (see sk79700)

Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each VS instance (sk111841)

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events