cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Olga_Kuts
Silver

MTA with SMTP over TLS

Jump to solution

When we enable the MTA with SMTP over TLS, the mails are decrypted on the CheckPoint, and checked with certain blades. Are the messages encrypted back when they are transferred to a internal server after checking?

1 Solution

Accepted Solutions

Re: MTA with SMTP over TLS

Jump to solution

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

6 Replies

Re: MTA with SMTP over TLS

Jump to solution

Others can correct me here, but it was my understanding it stays decrypted and just gets handed off to the mail server.

Re: MTA with SMTP over TLS

Jump to solution

By default the backend SMTP connection to nexthop is in clear but there is a way to configure it also for TLS with parameter “smtp_use_tls=yes” in $FWDIR/conf/mta_postfix_options.cf on MTA gateway.

Olga_Kuts
Silver

Re: MTA with SMTP over TLS

Jump to solution

Thanks f lot for your reply!

But I have one more question: are there nuances in mta_postfix_options.cf change шт case when we have VSX gateway and enable MTA on the one VS?

Employee++
Employee++

Re: MTA with SMTP over TLS

Jump to solution

Hi Olga,

FWDIR/conf is specific to each VS environment - the folder looks like $FWDIR/CTX/CTX0000<VSID>/conf/. So you can specify one dedicated MTA conf per VS. Also MTA is enabled per VS.

Regards Thomas

Re: MTA with SMTP over TLS

Jump to solution

I don’t know for sure. I assume Thomas Werner can answer this!

0 Kudos

Re: MTA with SMTP over TLS

Jump to solution

- Config MTA sk108553 and  sk101870 (you can use Postfix MTA settings)

- VSX are  supported on GAIA R80.10 (see sk79700)

Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each VS instance (sk111841)

Regards

Heiko