We have Checkpoint 5600 series R80.20 gateways in cluster in distributed deployment. The issue is that we are not able to see the sender and recipient information in Smartlog for Anti-spam blade while TLS is enabled in mail gateway. However, we can see those sender and recepient information in Threat Emulation logs. We searched on the internet and support forums but could not find any answer to this problem. The architecture/mail flow is as follows:
For outgoing mails: User -> Mail Server-> Mail Gateway (TLS Enabled) -> Outside Internet
For incoming mails reverse to that of above architecture/direction.
Mail gateway is directly connected with Checkpoint firewall and which is publicly NAT translated in Checkpoint.
Any suggestion will be highly appreciated.