Showing results for 
Search instead for 
Did you mean: 
Post a Question

MTA with TLS inspection

Hi Everyone,

I have configured MTA on Check Point with TLS inspection.Mail flow is like this

Logix----> Load Balancer----> Checkpoint.

Logix is hosting the mails on cloud which is pointing on Load Balancer public IP which is NATed to Check Point Gateway external IP.

Mails are not delivering to End users,Mail queue on Check Point is empty.

No errors in /var/log/maillog

Able to see continuous traffic on port 587 towards Check Point and reply from Check Point as well.

We are not able to Telnet Check Point with Port 587.

When we enable MTA on Checkpoint with TLS inspection,on which port it will expect the mails.

0 Kudos
5 Replies

Re: MTA with TLS inspection

0 Kudos

Re: MTA with TLS inspection

Hi Gunther,

In sk109699,it is mentioned that port 25 is the only supported port to send mails.

But customer wants to send mails from Logix to Gateway on port 587.

Expecting Checkpoint Gateway to receive on port 587.

Communication between Checkpoint Gateway and Logix should be on port 587 , is there any work around for this ?

0 Kudos

Re: MTA with TLS inspection

Open an SR# with TAC for the issue - they can help if anyone can...

0 Kudos

Re: MTA with TLS inspection

One more query related to MTA:We have two domains for which we want to enable MTA.

Can we use two different SSL certificates since there are two different domains.

I have got the link to merge the two certificates,but will it work for MTA with TLS inspection  for both the domains ?

openssl - Can I combine multiple certs into one without the private key? - Stack Overflow 

0 Kudos

Re: MTA with TLS inspection

Please look into the ATRG - it says:There is no option to use multiple certificates for different mail servers.