Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Constant
Contributor
Jump to solution

Precision regarding MTA quarantine

Hi Team,

I’m not familiar with the MTA blade and I’m looking some information related to the MTA quarantine.

For my understanding, the view “MTA monitoring” in SmartView have many functions as quarantine: MTA place some email machine under quarantine where each user or admin you can check them and then decide whether to block or allow them.

  • Is it true?

Additionnaly, in « Threat Prevention R80.30 Administration Guide », there is a section that indicate how « To configure external quarantine for malicious emails: », see below the process : it’s not clear for me, can someone can help me to figure out it ?

For instance, with a tiers solution with their own quarantine (Proofpoint or Cisco ESA) , this process is relevant (I will contact Proofpoint and Cisco in order to know if their quarantine is available for tiers solution)

In advance, thank for your help

 

The process « To configure external quarantine for malicious emails: »

------------------

In SmartConsole:

Enable MTA on your gateway.
Clone the Profile you wish to configure and rename it.
In the new profile, go to Mail > General > Malicious Email Policy on MTA Gatewaysand select Allow the email.
Clear Remove attachments and links.
Select Add an X-Header to the email.
Note - When you add an X-Header to the email, the rest of the email is kept in the email's original form. The other options: Remove attachments and links, Add a prefix to the email subject and Add customized text to the email body, change the email, and therefore must be cleared.

Click OK.
Install Policy.

------------------

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority

Constant,

if you need a real quarantine, Check Point MTA is not your solution.

I like the MTA feature and the mail checking from ThreatPrevention, but it‘s not a solution like specialised products for mail-handling from other vendors ( as an example TrendMicros E-Mail Security )

The quarantine in Check Points MTA allows only to send all malicious mail to an external mailbox. You have to have someone check these mailbox and forward mails to end users if they are save. There is no solution from Check Point to give users access to a quarantine and let them choose to block or allow messages.

Wolfgang

View solution in original post

0 Kudos
2 Replies
Wolfgang
Authority
Authority

Constant,

if you need a real quarantine, Check Point MTA is not your solution.

I like the MTA feature and the mail checking from ThreatPrevention, but it‘s not a solution like specialised products for mail-handling from other vendors ( as an example TrendMicros E-Mail Security )

The quarantine in Check Points MTA allows only to send all malicious mail to an external mailbox. You have to have someone check these mailbox and forward mails to end users if they are save. There is no solution from Check Point to give users access to a quarantine and let them choose to block or allow messages.

Wolfgang

0 Kudos
Constant
Contributor

Hi Wolfgang,

Thank for your reply, things are clearer. 

 

Constant

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events