Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Libin_Thomas
Contributor

Multiple MTA on TE devices

The customer has one MTA configured for a domain on the TE2000X appliance. For MTA load balancing we have followed sk110369 and used the config script. Now we would like to configure a 2nd MTA for a new domain. Can we follow the same procedure for this ? 
Are multiple MTA^s supported for Threat Emulation/Extraction on TE2000x?

can we add another domain on DNS loadbalancing 

6 Replies
PhoneBoy
Admin
Admin

Yes you follow the same procedure on the second appliance also.

For multiple domains, you would configure rules as shown in the ATRG: ATRG: Mail Transfer Agent (MTA) 

0 Kudos
Libin_Thomas
Contributor

if customer having TLS for both domain , can we import 2 certificates. i can only see the option of importing one certificate

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Thomas,

multiple certificate support is on the roadmap. If it is a critical issue please contact your local SE and discuss opening a RFE. Workaround would be the setup of an additional MTA e.g. on a virtual machine or VSX.


Regards Thomas

EdesLC
Collaborator

I think it is possible, look at this sk110369.

Configure the relevant mail forwarding rules:

To configure a single mail forwarding rule:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -d <Domain_Name> -n <NextHop_DNS_Name>

Example:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -d "*" -n checkpoint.com
Note that for a single mail forwarding rule, double-quotes are required for using asterisk (*) as the domain.
To configure multiple mail forwarding rules:

Create a configuration file with the relevant mail forwarding rules:

[Expert@HostName:0]# touch /<path_to>/<name_of_file_with_mail_forwarding_rules>

It is recommended to place this file in the same directory with the dns_mail_forwarding.sh shell script.
Add the relevant mail forwarding rules into the configuration file:

[Expert@HostName:0]# vi /<path_to>/<name_of_file_with_mail_forwarding_rules>

Each line in this file represents a single mail forwarding rule using the following format:
<Domain_Name> <NextHop_DNS_Name>

Example:
* checkpoint.com
support.checkpoint.com supportcheckpoint.com
Note: A line "acme.com [192.168.80.80]" will cause all mails destined for "acme.com" to be forwarded to the mail server "192.168.80.80" without doing an MX lookup.

Load the mail forwarding rules from the configuration file:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -f /<path_to>/<name_of_file_with_mail_forwarding_rules>
To revert to the original mail forwarding configuration:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -r

Alisson_Lima
Contributor

Recently I applied this configuration on a customer, very good Edes, thank you!

Thomas_Werner
Employee Alumnus
Employee Alumnus

With R80.20 you can even do this in the GUI with a domain object:

 

 

Now MTA will forward all emails with recipient domain "acme.com" via DNS MX resolution for acme.com.

So in DNS you could e.g. add to MX entries with similar weigth for acme.com to do load balancing.

Be sure to install latest MTA take as there was an issue in earlier versions.

Regards Thomas 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events