Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bishal_Upadhyay
Contributor

Anti-spam blade not showing senders and recepients in smartlog

Hi Everyone,

We have Checkpoint 5600 series R80.20 gateways in cluster in distributed deployment. The issue is that we are not able to see the sender and recipient information in Smartlog for Anti-spam blade while TLS is enabled in mail gateway. However, we can see those sender and recepient information in Threat Emulation logs. We searched on the internet and support forums but could not find any answer to this problem. The architecture/mail flow is as follows:

For outgoing mails: User -> Mail Server-> Mail Gateway (TLS Enabled) -> Outside Internet

For incoming mails reverse to that of above architecture/direction.

Mail gateway is directly connected with Checkpoint firewall and which is publicly NAT translated in Checkpoint.

Any suggestion will be highly appreciated.

Thank You.

Bishal

4 Replies
Bishal_Upadhyay
Contributor

So from previous community forum posts, it seems that Checkpoint will not be able to show sender and recipients information till we disable TLS at email gateway
0 Kudos
Wolfgang
Authority
Authority

Hello Bishal,

here is a screenshot from our logs. You can see the recipients and senders mail address. Gateway and management are R80.20, MTA with TLS is enabled, Antispam bade is enabled.

AntiSpam.PNG

 

Wolfgang

Bishal_Upadhyay
Contributor

Hi Wolfgang,

Thank you for the reply.
It seems you have configured the firewall as MTA, hence you are able to view the sender and recipient information on the logs.
I have not configured the firewall as MTA, so it might be due to this reason I am not able to view those information.
However, I could not understand how "Threat Emulation" blade(filtered with port 25) is able to show sender and recipient information even having TLS enabled on mail gateway and firewall NOT configured as MTA.

WBR,
Bishal
0 Kudos
Wolfgang
Authority
Authority

Dear Bishal,

you're right. I have enabled MTA to support TLS on the gateway. This is the only way to have SMTP-TLS decrypted and did some inspection like ThreatPrevention or AntiVirus.

If you don't use CheckPoints MTA with TLS support, you'll never see something from insight an SMTP-TLS connection.

This is like an HTTPS-session, you see only corresponding IP-address but nothing of the content.

As I understand your writing, you want to see sender and recipient on the CheckPoint gateway of a TLS encrypted SMTP-session without TLS enabled MTA on this gateway ? This is not possible.

Wolfgang

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events