Mail Transfer Agent Update

Support Center > Search Results > SecureKnowledge Details

Mail Transfer Agent Update - What's New

Solution ID	sk123174
Product	Mail Transfer Agent
Version	R80.10, R80.20, R80.30
Date Created	27-Aug-2018
Last Modified	04-Oct-2019

Solution

The Mail Transfer Agent Engine Update is an accumulation of new features and bug fixes to the MTA engine.

MTA updates can be installed (as a separate hotfix) on top of R80.10 with R80.10 Jumbo Hotfix Accumulator (Jumbo HFA) Take_142 and above, and also on top of R80.20 GA and R80.30 GA.

MTA updates are delivered in the form of a CPUSE Hotfix and can be installed and upgraded manually through the CPUSE User Interface and CLISH commands. cpstop/cpstart or reboots are not required. The latest MTA engine update is automatically shown as a CPUSE recommended package for MTA Gateways.

The updates do not conflict with the regular Jumbo HFAs (e.g., R80_10_jumbo_hf) and can be updated independently.

The list of resolved issues below describes each resolved issue and provides the Take number in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). The table also lists the date on which a take was made available.

To check the current version of Mail Transfer Agent Update, run this command:

cat $FWDIR/conf/mta_ver

Note: In order to download the Offline Updates below, you will need to have a Software Subscription or Active Support plan.

For R80.30 releases

Date	Release	Version	What's New
3.10.19	80_30_mta Take 32 Offline Update	8030.991002047 (MTA_V6)	Improved Threat Emulation inspection for files behind shortened links (requires the Anti-Virus blade to be enabled) Fixed a bug causing emails that were released due to timeout to be mistakenly listed as in queue by the CPView utility (see sk101878) Fixed a bug that might cause a failure to remove malicious links from the email body in rare cases.
25.8.19	80_30_mta Take 30 Offline Update	8030.991002045 (MTA_V5)	Fixed a bug that might cause URLs in email body not to be inspected in rare cases Fixed a bug that might cause delay in email delivery in case Threat Extraction, Threat Emulation and Anti-Virus blades are configured in Detect-only mode
17.7.19	80_30_mta Take 28 Offline Update	8030.991002043 (MTA_V4)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes Several additional minor fixes
17.6.19	80_30_mta Take 27 Offline Update	8030.991002041 (MTA_V3)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) Additional minor fixes
26.5.19	80_30_mta Take 24 Offline Update	8030.991002038 (MTA_V2)	Enhanced Protection against BaseStriker: MTA Gateways now protect against malicious emails containing URLs using the BaseStriker technique. Improved disk usage utilization for MTA Gateways. Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails. Fixed a bug in the latest R80.20 MTA engine that caused emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction. Fixed a bug the might cause emails to be stuck in the Gateway after a Gateway upgrade if the next hop of the Gateway is a DNS name (used to allow for load balancing see sk110369). Fixed a bug that might cause an inaccurate confidence level to be included in an Anti-Virus log and in the "X-Checkpoint-Verdict" email header for emails released by the MTA. Fixed a bug that might cause MTA to not function properly when Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list. Various small fixes in the Anti-Spam engine.

For R80.20 releases

Date	Release	Version	What's New
3.10.19	80_20_mta Take 52 Offline Update	8020.991002132 (MTA_V6)	Improved Threat Emulation inspection for files behind shortened links (requires the Anti-Virus blade to be enabled) Fixed a bug causing emails that were released due to timeout to be mistakenly listed as in queue by the CPView utility (see sk101878) Fixed a bug that might cause a failure to remove malicious links from the email body in rare cases.
25.8.19	80_20_mta Take 49 Offline Update	8020.991002129 (MTA_V5)	Fixed a bug that might cause URLs in email body not to be inspected in rare cases Fixed a bug that might cause delay in email delivery in case Threat Extraction, Threat Emulation and Anti-Virus blades are configured in Detect-only mode
17.7.19	80_20_mta Take 47 Offline Update	8020.991002127 (MTA_V4)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes Several additional minor fixes
17.6.19	80_20_mta Take 46 Offline Update	8020.991002125 (MTA_V3)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) Additional minor fixes
26.5.19	80_20_mta Take 43 Offline Update	8020.991002122 (MTA_V2)	Enhanced Protection against BaseStriker: MTA Gateways now protect against malicious emails containing URLs using the BaseStriker technique. Improved disk usage utilization for MTA Gateways. Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails. Fixed a bug in the latest R80.20 MTA engine that caused emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction. Fixed a bug the might cause emails to be stuck in the Gateway after a gateway upgrade if the next hop of the Gateway is a DNS name (used to allow for load balancing see sk110369). Fixed a bug that might cause an inaccurate confidence level to be included in an Anti-Virus log and in the "X-Checkpoint-Verdict" email header for emails released by the MTA. Fixed a bug that might cause MTA to not function properly if Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list. Various small fixes in the Anti-Spam engine.
11.4.19	80_20_mta Take 34 Offline Update	8020.991002114 (MTA_V1)	Threat Emulation for Files behind Bitly Links: The body of an email sometimes includes customized Bitly links pointing to files. With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks. This capability requires Threat Emulation and Anti-Virus to be enabled and the Gateway to be configured as MTA/ Fix for bug that might in rare cases cause Threat Emulation not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821). Fix for bug that might in rare cases cause malicious links in the email body not to be removed. Various small fixes to the Anti-Spam engine.
4.4.19	80_20_mta Take 31 Offline Update	8020.991002111	Enhanced control over MTA actions in cases of failures: MTA is often configured to block emails in case SandBlast fails to scan them. Administrators can now configure MTA so that in the event of specific failure types, the emails will bypass SandBlast and not be blocked. The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them. For details and configuration instructions, refer to sk145552. Additional Details in MTA Timeout Log: MTA logs indicating that an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation, and Threat Extraction Fixed a bug causing emails whose Threat Emulation scan failed to remain in the MTA queue until their defined timeout instead of being released as failed immediately. Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode: Email scan failed and SandBlast is configured to bypass protections in cases of failures. AntiVirus Detect logs Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented if Threat Extraction sanitized the file. Fixed a bug causing redundant warning messages to be included under /var/log/maillog. Fixed a bug causing the download link for the original file not to appear in the email body if Threat Extraction is enabled and the email body is binary-encoded. Fixed a bug causing MTA to restart in rare cases when Anti-Spam is enabled together with another engine (e.g., Anti-Virus). Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off. Fixed a bug that might in rare cases cause MTA performance degradation and high memory consumption.
24.2.19	R80_20_mta Take 27 Offline Update	8020.991002106	Threat Emulation configuration for exclusion of specific senders / recipients now supports '' as wildcard character. Improved failure handling: Failure to inspect attachments will result* in applying the set fail-mode (in the Threat Prevention Advanced Settings) either allow (fail-open) or drop/replace the attachment (fail-close). Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service Resolved issues: SmartEvent fails to display log when the subject contains emoji characters. The File ID is displayed incorrectly in Threat Extraction logs.
29.1.19	R80_20_mta Take 24 Offline Update	8020.991002098	Bug fixes for customers using both Anti-Virus and Threat Emulation.
17.1.19	R80_20_mta Take 21 Offline Update	8020.991002094	Improve enforcement capabilities for signed emails Improve CpDiag AV report Debug enhancement Bug fixes and enhancements
12.12.18	R80_20_mta Take 18 Offline Update	8020.991002090	Support Anti-Virus hash (MD5) exceptions for all files (refer to sk142452) Bug fixes and enhancements
12.11.18	R80_20_mta Take 15 Offline Update	8020.991002086	Improved detection for Anti-Virus hash & URL reputation engines Customizable port for incoming & outgoing SMTP sessions Minor bug fixes and enhancements
24.10.18	R80_20_mta Take 11	8020.991002081	MTA admin quarantine support (requires R80.20 General Availability Security Management Server + Hotfix, currently in Early Availability) Minor bug fixes and enhancements
10.10.18	R80_20_mta Take 7	8020.991002075	The following are available in R80.20 Gateway & Management: Anti-Virus over MTA support MTA performance improvements Several fixes and enhancements

For R80.10 releases

Date	Release	Version	What's New
3.10.19	80_10_mta Take 62 Offline Update	8010.991003079 (MTA_V6)	Improved Threat Emulation inspection for files behind shortened links (requires the Anti-Virus blade to be enabled) Fixed a bug causing emails that were released due to timeout to be mistakenly listed as in queue by the CPView utility (see sk101878) Fixed a bug that might cause a failure to remove malicious links from the email body in rare cases.
25.8.19	80_10_mta Take 59 Offline Update	8010.991003076 (MTA_V5)	Fixed a bug that might cause URLs in email body not to be inspected in rare cases Fixed a bug that might cause delay in email delivery in case Threat Extraction, Threat Emulation and Anti-Virus blades are configured in Detect-only mode
17.7.19	80_10_mta Take 58 Offline Update	8010.991003075 (MTA_V4)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes Several additional minor fixes
17.6.19	80_10_mta Take 57 Offline Update	8010.991003073 (MTA_V3)	Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) Additional minor fixes
26.5.19	80_10_mta Take 53 Offline Update	8010.991003069 (MTA_V2)	Enhanced Protection against BaseStriker MTA gateways now protect against malicious emails containing URLs utilizing BaseStriker technique Improved disk usage utilization in MTA gateways Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails Fixed a bug in the latest R80.20 MTA engine, causing emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction Fixed a bug the might cause emails to be stuck on the gateway after a gateway upgrade, in case the next hop of the Gateway is a DNS name (used to allow for load balancing see sk110369) Fixed a bug that might cause inaccurate confidence level to be included in an Anti-Virus log and the "X-Checkpoint-Verdict" email header for emails released by the MTA. Fixed a bug that might cause MTA to not function properly in case Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list Various small fixes in the Anti-Spam engine
11.4.19	80_10_mta Take 47 Offline Update	8010.991003061 (MTA_V1)	Threat Emulation for Files behind Bitly Links Email body sometimes include customized Bitly links pointing to files With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks This capability requires Threat Emulation and Anti-Virus to be enabled and the gateway to be configured as MTA Fixed a bug that might cause Threat Emulation in rare cases not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821) Fixed a bug that might cause malicious links in the email body not to be removed in rare cases Various small fixes in the Anti-Spam engine
4.4.19	80_10_mta Take 44 Offline Update	8010.991003058	Enhanced control over MTA actions in cases of failures - MTA is often configured to block emails in case SandBlast failed to scan them. Administrators can now configure MTA so that in case of specific failure types the emails will bypass SandBlast and not be blocked. The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them.More details and configuration instructions are in sk145552 Additional Details in MTA Timeout Log - MTA logs indicating an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation and Threat Extraction Fixed a bug causing emails, whose Threat Emulation scan failed, to remain in the MTA queue until their defined timeout instead of being released as failed immediately Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode: Email scan failed and SandBlast is configured to bypass protections in cases of failures. AntiVirus Detect logs Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented in case Threat Extraction sanitized the file Fixed a bug causing redundant warning messages to be included under /var/log/maillog Fixed a bug causing the link to download the original file not to appear in the email body, in case Threat Extraction is enabled and the email body is binary-encoded. Fixed a bug causing MTA to restart in rare cases where Anti-Spam is enabled and another engine (e.g., Anti-Virus) Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off Fixed a bug that might cause MTA performance degradation and high memory consumption in rare cases.
24.2.19	80_10_mta Take 37 Offline Update	8010.991003050	Threat Emulation configuration for exclusion of specific senders / recipients now supports '' as a wildcard character. Improved failure handling: Failure to inspect attachments will result* in applying the set fail-mode (in the Threat Prevention Advanced Settings) - either allow (fail-open) or drop/replace the attachment (fail-close). Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service. Resolved issues: SmartEvent fails to display log when the subject contains emoji characters. File ID is displayed incorrectly in Threat Extraction logs.
29.1.19	80_10_mta Take 34 Offline Update	8010.991003044	Bug fixes for customers using both Anti-Virus and Threat Emulation.
17.1.19	R80_10_mta Take 31 Offline Update	8010.991003041	Improve enforcement capabilities for signed emails Improve CpDiag AV report Debug enhancement Bug fixes and enhancements
12.12.18	R80_10_mta Take 28 Offline Update	8010.991003037	Support Anti-Virus hash (MD5) exceptions for all files (refer to sk142452) Bug fixes and enhancements
12.11.18	R80_10_mta Take 25 Offline Update	8010.991003033	Improved detection for Anti-Virus hash & URL reputation engines Customizable port for incoming & outgoing SMTP sessions Minor bug fixes and enhancements
24.10.18	R80_10_mta Take 21	8010.991003028	Alignment to R80.20 MTA engine update Anti-Virus over MTA support MTA performance improvements MTA admin quarantine support (requires R80.20 General Availability Security Management Server + Hotfix, currently in Early Availability) Minor bug fixes and enhancements
26.8.18	R80_10_mta Take 19	8010.991003025	The following are available in R80.20.M1 Security Management, or by Gateway configurations on pre-R80.20.M1 versions (refer to sk137572): MTA monitoring (requires R80.20 Management). Setting a next-hop server by domain name (requires R80.20 Management). Removing/replacing malicious links and attachments from e-mails with a customizable text. Adding a customized text to a malicious e-mail's body or subject. Malicious e-mail tagging using an X-header. Sending a copy of the malicious e-mail.

Installation instructions

Procedure:

Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Make sure MTA is enabled on the Gateway
  2. Install the latest build of CPUSE Agent from sk92449.
  3. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
  4. In the upper right corner, click on the Import Package button.
  5. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
  6. Above the list of all software packages, click on the Showing Recommended packages button - select All.
  7. Select the imported package R80.X Mail Transfer Agent (MTA) update (Take X) - click on the More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
  8. Select this package and click on Install Update button on the toolbar.
Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)
For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Make sure MTA is enabled on the Gateway
  2. Install the latest build of CPUSE Agent from sk92449.
  3. Connect to command line on target Gaia OS.
  4. Log in to Clish.
  5. Acquire the lock over Gaia configuration database:
    HostName:0> lock database override
  6. Import the package from the hard disk:
    Note: When import completes, this package is deleted from the original location.
    HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
  7. Show the imported packages:
    HostName:0> show installer packages imported
  8. Verify that this package can be installed without conflicts:
    HostName:0> installer verify <Package_Number>
  9. Install the imported package:
    HostName:0> installer install <Package_Number>

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of the CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
4. Right-click on the mail transfer agent update package - click on 'Uninstall'.

Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to command line on Gaia OS.
3. Log in to Clish.
4. Acquire the lock over Gaia configuration database:
  HostName:0> lock database override
5. Uninstall the package:
  HostName:0> installer uninstall <Package_Number>
  Note: The progress (in percent) will be displayed in Clish.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating