This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Libin_Thomas
Contributor
‎2017-09-26 11:36 PM

Multiple MTA on TE devices

The customer has one MTA configured for a domain on the TE2000X appliance. For MTA load balancing we have followed sk110369 and used the config script. Now we would like to configure a 2nd MTA for a new domain. Can we follow the same procedure for this ? 
Are multiple MTA^s supported for Threat Emulation/Extraction on TE2000x?

can we add another domain on DNS loadbalancing 

6 Replies
PhoneBoy
Admin
Admin
‎2017-09-28 03:30 PM

Yes you follow the same procedure on the second appliance also.

For multiple domains, you would configure rules as shown in the ATRG: ATRG: Mail Transfer Agent (MTA) 

0 Kudos
Libin_Thomas
Contributor
‎2017-10-04 12:21 AM
In response to PhoneBoy

if customer having TLS for both domain , can we import 2 certificates. i can only see the option of importing one certificate

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-10-04 05:36 AM
In response to Libin_Thomas

Hi Thomas,

multiple certificate support is on the roadmap. If it is a critical issue please contact your local SE and discuss opening a RFE. Workaround would be the setup of an additional MTA e.g. on a virtual machine or VSX.


Regards Thomas

EdesLC
Collaborator
‎2018-01-04 09:55 AM

I think it is possible, look at this sk110369.

Configure the relevant mail forwarding rules:

To configure a single mail forwarding rule:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -d <Domain_Name> -n <NextHop_DNS_Name>

Example:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -d "*" -n checkpoint.com
Note that for a single mail forwarding rule, double-quotes are required for using asterisk (*) as the domain.
To configure multiple mail forwarding rules:

Create a configuration file with the relevant mail forwarding rules:

[Expert@HostName:0]# touch /<path_to>/<name_of_file_with_mail_forwarding_rules>

It is recommended to place this file in the same directory with the dns_mail_forwarding.sh shell script.
Add the relevant mail forwarding rules into the configuration file:

[Expert@HostName:0]# vi /<path_to>/<name_of_file_with_mail_forwarding_rules>

Each line in this file represents a single mail forwarding rule using the following format:
<Domain_Name> <NextHop_DNS_Name>

Example:
* checkpoint.com
support.checkpoint.com supportcheckpoint.com
Note: A line "acme.com [192.168.80.80]" will cause all mails destined for "acme.com" to be forwarded to the mail server "192.168.80.80" without doing an MX lookup.

Load the mail forwarding rules from the configuration file:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -f /<path_to>/<name_of_file_with_mail_forwarding_rules>
To revert to the original mail forwarding configuration:

[Expert@HostName:0]# ./dns_mail_forwarding.sh -r

Alisson_Lima
Contributor
‎2018-12-07 02:38 AM
In response to EdesLC

Recently I applied this configuration on a customer, very good Edes, thank you!

Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2018-12-13 06:18 AM
In response to Alisson_Lima

With R80.20 you can even do this in the GUI with a domain object:

 

 

Now MTA will forward all emails with recipient domain "acme.com" via DNS MX resolution for acme.com.

So in DNS you could e.g. add to MX entries with similar weigth for acme.com to do load balancing.

Be sure to install latest MTA take as there was an issue in earlier versions.

Regards Thomas