This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bishal_Upadhyay
Contributor
‎2019-04-08 11:54 PM

Anti-spam blade not showing senders and recepients in smartlog

Hi Everyone,

We have Checkpoint 5600 series R80.20 gateways in cluster in distributed deployment. The issue is that we are not able to see the sender and recipient information in Smartlog for Anti-spam blade while TLS is enabled in mail gateway. However, we can see those sender and recepient information in Threat Emulation logs. We searched on the internet and support forums but could not find any answer to this problem. The architecture/mail flow is as follows:

For outgoing mails: User -> Mail Server-> Mail Gateway (TLS Enabled) -> Outside Internet

For incoming mails reverse to that of above architecture/direction.

Mail gateway is directly connected with Checkpoint firewall and which is publicly NAT translated in Checkpoint.

Any suggestion will be highly appreciated.

Thank You.

Bishal

4 Replies
Bishal_Upadhyay
Contributor
‎2019-04-10 09:00 AM

So from previous community forum posts, it seems that Checkpoint will not be able to show sender and recipients information till we disable TLS at email gateway
0 Kudos
Wolfgang
Authority
Authority
‎2019-04-10 11:23 PM

Hello Bishal,

here is a screenshot from our logs. You can see the recipients and senders mail address. Gateway and management are R80.20, MTA with TLS is enabled, Antispam bade is enabled.

AntiSpam.PNG

 

Wolfgang

Bishal_Upadhyay
Contributor
‎2019-04-15 09:58 PM
In response to Wolfgang

Hi Wolfgang,

Thank you for the reply.
It seems you have configured the firewall as MTA, hence you are able to view the sender and recipient information on the logs.
I have not configured the firewall as MTA, so it might be due to this reason I am not able to view those information.
However, I could not understand how "Threat Emulation" blade(filtered with port 25) is able to show sender and recipient information even having TLS enabled on mail gateway and firewall NOT configured as MTA.

WBR,
Bishal
0 Kudos
Wolfgang
Authority
Authority
‎2019-04-16 12:00 PM
In response to Bishal_Upadhyay

Dear Bishal,

you're right. I have enabled MTA to support TLS on the gateway. This is the only way to have SMTP-TLS decrypted and did some inspection like ThreatPrevention or AntiVirus.

If you don't use CheckPoints MTA with TLS support, you'll never see something from insight an SMTP-TLS connection.

This is like an HTTPS-session, you see only corresponding IP-address but nothing of the content.

As I understand your writing, you want to see sender and recipient on the CheckPoint gateway of a TLS encrypted SMTP-session without TLS enabled MTA on this gateway ? This is not possible.

Wolfgang

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events