Hi,

I configured the MTA on a CP 5800 Cluster running on R80.10. The customer want to evaluate the Sandblast Feature and therefore asked me to implement the feature. I followed the Admin Guide and everything seems to work. Design looks like this:

Mail gateway (10.223.181.X) -> forwards Mails to MTA -> then forwards them to the Exchange DAG (10.223.181.X)

But when we tested the connection (telnet 10.223.181.X 25) between the Firewall Cluster and his Exchange DAG - we received the following error: "421 4.3.2 Service not available"

It seems that the current receive connector at the Exchange DAG did not accept connections from the Check Point MTA. But that didn’t made any sense to me since the Mail gateway, Check Point and the Exchange DAG are in the same subnet. So I thought the MTA would send out mails via the Gateway IP Address in that subnet. So we changed the receive connector policy to accept connections from any subnet. That worked and we could test send an mail from the MTA to the Exchange Server. Within the mail header information we found out that the IP Address that was used to send the mail was from a complete different subnet.

My question: Is there a way to define which interface has to be used by the MTA for forwarding mails?