This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
benko2
Participant
‎2024-01-18 07:22 AM

MTA "Received:" header

I'm running Check Point MTA version 8120.991002021 on active-standby cluster (R81.20 JHF Take 41). It runs as the organization MX record. Only myhostname=gw.example.com configured in $FWDIR/conf/mta_postfix_options.cf. No changes in $FWDIR/conf/mail_security_config.

MTA is working as expected. But for every email from internet to our organization MTA adds headers like this:

Received: from localhost (localhost [127.0.0.1])
by gw.example.com (Postfix) with ESMTP id 4T7zDy6xdyz6PXZ
for <info@example.com>; Mon, 8 Jan 2024 16:56:02 +0100 (CET)
X-MTA-CheckPoint: {659C1B12-0-F35B6A0A-33EA}
Category=, control=Content Anti Spam
X-Control-Analysis: str=0001.0A682F22.659C1B13.0003,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Received: from mail-il1-f170.google.com (localhost [127.0.0.1])
by gw.example.com (Postfix) with ESMTPS id 4T7zDy5jnKz6PXY
for <info@example.com>; Mon, 8 Jan 2024 16:56:02 +0100 (CET)
Received: by mail-il1-f170.google.com with SMTP id e9e14a558f8ab-3608bd50cbeso4579985ab.3
for <info@example.com>; Mon, 08 Jan 2024 07:56:02 -0800 (PST)

The problem for me is the red text. Why MTA doesn't fill the real IP address of the google mail server and uses the localhost [127.0.0.1] instead?

Emails with such headers are marked as spam when they are forwared to Office 365.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2024-01-24 02:57 PM

If I had to guess, it's because of how traffic is directed to Postfix (the underlying MTA used).
In any case, this is probably worth a TAC case: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events