This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Constant
Contributor
‎2019-12-19 09:20 AM
Jump to solution

Precision regarding MTA quarantine

Hi Team,

I’m not familiar with the MTA blade and I’m looking some information related to the MTA quarantine.

For my understanding, the view “MTA monitoring” in SmartView have many functions as quarantine: MTA place some email machine under quarantine where each user or admin you can check them and then decide whether to block or allow them.

  • Is it true?

Additionnaly, in « Threat Prevention R80.30 Administration Guide », there is a section that indicate how « To configure external quarantine for malicious emails: », see below the process : it’s not clear for me, can someone can help me to figure out it ?

For instance, with a tiers solution with their own quarantine (Proofpoint or Cisco ESA) , this process is relevant (I will contact Proofpoint and Cisco in order to know if their quarantine is available for tiers solution)

In advance, thank for your help

 

The process « To configure external quarantine for malicious emails: »

------------------

In SmartConsole:

Enable MTA on your gateway.
Clone the Profile you wish to configure and rename it.
In the new profile, go to Mail > General > Malicious Email Policy on MTA Gatewaysand select Allow the email.
Clear Remove attachments and links.
Select Add an X-Header to the email.
Note - When you add an X-Header to the email, the rest of the email is kept in the email's original form. The other options: Remove attachments and links, Add a prefix to the email subject and Add customized text to the email body, change the email, and therefore must be cleared.

Click OK.
Install Policy.

------------------

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2019-12-19 11:37 AM
Jump to solution

Constant,

if you need a real quarantine, Check Point MTA is not your solution.

I like the MTA feature and the mail checking from ThreatPrevention, but it‘s not a solution like specialised products for mail-handling from other vendors ( as an example TrendMicros E-Mail Security )

The quarantine in Check Points MTA allows only to send all malicious mail to an external mailbox. You have to have someone check these mailbox and forward mails to end users if they are save. There is no solution from Check Point to give users access to a quarantine and let them choose to block or allow messages.

Wolfgang

View solution in original post

0 Kudos
2 Replies
Wolfgang
Authority
Authority
‎2019-12-19 11:37 AM
Jump to solution

Constant,

if you need a real quarantine, Check Point MTA is not your solution.

I like the MTA feature and the mail checking from ThreatPrevention, but it‘s not a solution like specialised products for mail-handling from other vendors ( as an example TrendMicros E-Mail Security )

The quarantine in Check Points MTA allows only to send all malicious mail to an external mailbox. You have to have someone check these mailbox and forward mails to end users if they are save. There is no solution from Check Point to give users access to a quarantine and let them choose to block or allow messages.

Wolfgang

0 Kudos
Constant
Contributor
‎2019-12-20 02:42 AM
In response to Wolfgang
Jump to solution

Hi Wolfgang,

Thank for your reply, things are clearer. 

 

Constant

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events