Solved: Re: MTA with SMTP over TLS

Olga_Kuts · ‎2018-03-05

When we enable the MTA with SMTP over TLS, the mails are decrypted on the CheckPoint, and checked with certain blades. Are the messages encrypted back when they are transferred to a internal server after checking?

Norbert_Bohusch · ‎2018-03-05

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

View solution in original post

Daniel_Taney · ‎2018-03-05

Others can correct me here, but it was my understanding it stays decrypted and just gets handed off to the mail server.

R80 CCSA / CCSE

Norbert_Bohusch · ‎2018-03-05

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

Olga_Kuts · ‎2018-03-05

Thanks f lot for your reply!

But I have one more question: are there nuances in mta_postfix_options.cf change шт case when we have VSX gateway and enable MTA on the one VS?

Thomas_Werner · ‎2018-03-06

Hi Olga,

FWDIR/conf is specific to each VS environment - the folder looks like $FWDIR/CTX/CTX0000<VSID>/conf/. So you can specify one dedicated MTA conf per VS. Also MTA is enabled per VS.

Regards Thomas

Norbert_Bohusch · ‎2018-03-05

I don’t know for sure. I assume Thomas Werner can answer this!

HeikoAnkenbrand · ‎2018-03-06

- Config MTA sk108553 and sk101870 (you can use Postfix MTA settings)

- VSX are supported on GAIA R80.10 (see sk79700)

Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each VS instance (sk111841)

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Are you a member of CheckMates?

MTA with SMTP over TLS