Support Center > Search Results > SecureKnowledge Details
Mail Transfer Agent Update - What's New
Solution

The Mail Transfer Agent Engine Update is an accumulation of new features and bug fixes to the MTA engine. 

MTA updates can be installed (as a separate hotfix) on top of R80.10 with R80.10 Jumbo Hotfix Accumulator (Jumbo HFA) Take_142 and above, and also on top of R80.20 GA and R80.30 GA.

MTA updates are delivered in the form of a CPUSE Hotfix and can be installed and upgraded manually through the CPUSE User Interface and CLISH commands. cpstop/cpstart or reboots are not required. The latest MTA engine update is automatically shown as a CPUSE recommended package for MTA Gateways.

The updates do not conflict with the regular Jumbo HFAs (e.g., R80_10_jumbo_hf) and can be updated independently.
The list of resolved issues below describes each resolved issue and provides the Take number in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). The table also lists the date on which a take was made available.

To check the current version of Mail Transfer Agent Update, run this command:

  • cat $FWDIR/conf/mta_ver


Note: In order to download the Offline Updates below, you will need to have a Software Subscription or Active Support plan.

 

For R80.30 releases

Date Release Version What's New
17.7.19

80_30_mta Take 28

Offline Update

 8030.991002043

(MTA_V4)

 

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes
  • Several additional minor fixes
17.6.19 

80_30_mta Take 27 

Offline Update

8030.991002041

(MTA_V3)

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout 
  • Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552)
  • Additional minor fixes
26.5.19 

80_30_mta Take 24 

Offline Update

8030.991002038

(MTA_V2)

  • Enhanced Protection against BaseStriker: MTA Gateways now protect against malicious emails containing URLs using the BaseStriker technique.
  • Improved disk usage utilization for MTA Gateways.
  • Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails.
  • Fixed a bug in the latest R80.20 MTA engine that caused emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction.
  • Fixed a bug the might cause emails to be stuck in the Gateway after a Gateway upgrade if the next hop of the Gateway is a DNS name (used to allow for load balancing – see sk110369).
  • Fixed a bug that might cause an inaccurate confidence level to be included in an Anti-Virus log and in the "X-Checkpoint-Verdict" email header for emails released by the MTA.
  • Fixed a bug that might cause MTA to not function properly when Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list.
  • Various small fixes in the Anti-Spam engine. 

 

For R80.20 releases

 

Date Release Version What's New
17.7.19

80_20_mta Take 47 

Offline Update

8020.991002127 

(MTA_V4)

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes
  • Several additional minor fixes
17.6.19 

80_20_mta Take 46 

Offline Update

8020.991002125

(MTA_V3)

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout 
  • Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) Additional minor fixes
26.5.19 

80_20_mta Take 43 

Offline Update

8020.991002122

(MTA_V2)

  • Enhanced Protection against BaseStriker: MTA Gateways now protect against malicious emails containing URLs using the BaseStriker technique.
  • Improved disk usage utilization for MTA Gateways.
  • Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails.
  • Fixed a bug in the latest R80.20 MTA engine that caused emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction.
  • Fixed a bug the might cause emails to be stuck in the Gateway after a gateway upgrade if the next hop of the Gateway is a DNS name (used to allow for load balancing – see sk110369).
  • Fixed a bug that might cause an inaccurate confidence level to be included in an Anti-Virus log and in the "X-Checkpoint-Verdict" email header for emails released by the MTA.
  • Fixed a bug that might cause MTA to not function properly if Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list.
  • Various small fixes in the Anti-Spam engine. 
11.4.19 

80_20_mta Take 34 

Offline Update

8020.991002114

(MTA_V1)

  • Threat Emulation for Files behind Bitly Links: The body of an email sometimes includes customized Bitly links pointing to files.
    With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks.
    • This capability requires Threat Emulation and Anti-Virus to be enabled and the Gateway to be configured as MTA/
  • Fix for bug that might in rare cases cause Threat Emulation not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821).
  • Fix for bug that might in rare cases cause malicious links in the email body not to be removed.
  • Various small fixes to the Anti-Spam engine.
4.4.19 

80_20_mta Take 31 

Offline Update

8020.991002111
  • Enhanced control over MTA actions in cases of failures: MTA is often configured to block emails in case SandBlast fails to scan them. Administrators can now configure MTA so that in the event of specific failure types, the emails will bypass SandBlast and not be blocked.
    The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them. For details and configuration instructions, refer to sk145552.
  • Additional Details in MTA Timeout Log: MTA logs indicating that an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation, and Threat Extraction
  • Fixed a bug causing emails whose Threat Emulation scan failed to remain in the MTA queue until their defined timeout instead of being released as failed immediately.
  • Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode:
    • Email scan failed and SandBlast is configured to bypass protections in cases of failures.
    • AntiVirus Detect logs
  • Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented if Threat Extraction sanitized the file. 
  • Fixed a bug causing redundant warning messages to be included under /var/log/maillog.
  • Fixed a bug causing the download link for the original file not to appear in the email body if Threat Extraction is enabled and the email body is binary-encoded.
  • Fixed a bug causing MTA to restart in rare cases when Anti-Spam is enabled together with another engine (e.g., Anti-Virus). 
  • Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off.
  • Fixed a bug that might in rare cases cause MTA performance degradation and high memory consumption.
24.2.19

R80_20_mta Take 27

Offline Update

8020.991002106
  • Threat Emulation configuration for exclusion of specific senders / recipients now supports '*' as wildcard character. Improved failure handling: Failure to inspect attachments will result in applying the set fail-mode (in the Threat Prevention Advanced Settings) – either allow (fail-open) or drop/replace the attachment (fail-close). Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service
  • Resolved issues: SmartEvent fails to display log when the subject contains emoji characters. The File ID is displayed incorrectly in Threat Extraction logs.
29.1.19

R80_20_mta Take 24

Offline Update

8020.991002098
  • Bug fixes for customers using both Anti-Virus and Threat Emulation.
17.1.19

R80_20_mta

Take 21

Offline Update

8020.991002094
  • Improve enforcement capabilities for signed emails
  • Improve CpDiag AV report
  • Debug enhancement
  • Bug fixes and enhancements
12.12.18

R80_20_mta

Take 18

Offline Update

8020.991002090
  • Support Anti-Virus hash (MD5) exceptions for all files
    (refer to sk142452)
  • Bug fixes and enhancements
12.11.18

R80_20_mta

Take 15

Offline Update

8020.991002086
  • Improved detection for Anti-Virus hash & URL reputation engines
  • Customizable port for incoming & outgoing SMTP sessions
  • Minor bug fixes and enhancements
24.10.18

R80_20_mta

Take 11

8020.991002081
  • MTA admin quarantine support (requires R80.20 General Availability Security Management Server + Hotfix, currently in Early Availability)
  • Minor bug fixes and enhancements
10.10.18

R80_20_mta

Take 7

8020.991002075

The following are available in R80.20 Gateway & Management:

  • Anti-Virus over MTA support
  • MTA performance improvements
  • Several fixes and enhancements

 

For R80.10 releases

 

Date Release Version What's New
17.7.19

80_10_mta Take 58

Offline Update

8010.991003075 

(MTA_V4)

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes
  • Several additional minor fixes
17.6.19 

80_10_mta Take 57 

Offline Update

8010.991003073

(MTA_V3)

  • Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
  • Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout 
  • Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552
  • Additional minor fixes
26.5.19 

80_10_mta Take 53 

Offline Update

8010.991003069

(MTA_V2)

  • Enhanced Protection against BaseStriker – MTA gateways now protect against malicious emails containing URLs utilizing BaseStriker technique
  • Improved disk usage utilization in MTA gateways
  • Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails
  • Fixed a bug in the latest R80.20 MTA engine, causing emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction
  • Fixed a bug the might cause emails to be stuck on the gateway after a gateway upgrade, in case the next hop of the Gateway is a DNS name (used to allow for load balancing – see sk110369)
  • Fixed a bug that might cause inaccurate confidence level to be included in an Anti-Virus log and the "X-Checkpoint-Verdict" email header for emails released by the MTA.
  • Fixed a bug that might cause MTA to not function properly in case Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list
  • Various small fixes in the Anti-Spam engine
11.4.19 

80_10_mta Take 47 

Offline Update

8010.991003061

(MTA_V1)

  • Threat Emulation for Files behind Bitly Links – Email body sometimes include customized Bitly links pointing to files
    With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks
    • This capability requires Threat Emulation and Anti-Virus to be enabled and the gateway to be configured as MTA
  • Fixed a bug that might cause Threat Emulation in rare cases not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821)
  • Fixed a bug that might cause malicious links in the email body not to be removed in rare cases
  • Various small fixes in the Anti-Spam engine
4.4.19 

80_10_mta Take 44

Offline Update 

8010.991003058
  • Enhanced control over MTA actions in cases of failures - MTA is often configured to block emails in case SandBlast failed to scan them.
    Administrators can now configure MTA so that in case of specific failure types the emails will bypass SandBlast and not be blocked.
    The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them.More details and configuration instructions are in sk145552
  • Additional Details in MTA Timeout Log - MTA logs indicating an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation and Threat Extraction
  • Fixed a bug causing emails, whose Threat Emulation scan failed, to remain in the MTA queue until their defined timeout instead of being released as failed immediately
  • Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode:
    • Email scan failed and SandBlast is configured to bypass protections in cases of failures.
    • AntiVirus Detect logs
  • Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented in case Threat Extraction sanitized the file 
  • Fixed a bug causing redundant warning messages to be included under /var/log/maillog
  • Fixed a bug causing the link to download the original file not to appear in the email body, in case Threat Extraction is enabled and the email body is binary-encoded.
  • Fixed a bug causing MTA to restart in rare cases where Anti-Spam is enabled and another engine (e.g., Anti-Virus) 
  • Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off
  • Fixed a bug that might cause MTA performance degradation and high memory consumption in rare cases.
24.2.19 80_10_mta

Take 37

Offline Update

8010.991003050
  • Threat Emulation configuration for exclusion of specific senders / recipients now supports '*' as a wildcard character.
  • Improved failure handling:
    • Failure to inspect attachments will result in applying the set fail-mode (in the Threat Prevention Advanced Settings) - either allow (fail-open) or drop/replace the attachment (fail-close).
    • Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service.
  • Resolved issues:
    • SmartEvent fails to display log when the subject contains emoji characters.
    • File ID is displayed incorrectly in Threat Extraction logs.
29.1.19 80_10_mta

Take 34

Offline Update

8010.991003044
  • Bug fixes for customers using both Anti-Virus and Threat Emulation.
17.1.19

R80_10_mta

Take 31

Offline Update

8010.991003041
  • Improve enforcement capabilities for signed emails
  • Improve CpDiag AV report
  • Debug enhancement
  • Bug fixes and enhancements
12.12.18

R80_10_mta

Take 28

Offline Update

8010.991003037 
  • Support Anti-Virus hash (MD5) exceptions for all files (refer to sk142452)
  • Bug fixes and enhancements
12.11.18

R80_10_mta

Take 25

Offline Update

8010.991003033
  • Improved detection for Anti-Virus hash & URL reputation engines
  • Customizable port for incoming & outgoing SMTP sessions
  • Minor bug fixes and enhancements
24.10.18

R80_10_mta

Take 21

8010.991003028
  • Alignment to R80.20 MTA engine update
    • Anti-Virus over MTA support
    • MTA performance improvements
  • MTA admin quarantine support (requires R80.20 General Availability Security Management Server + Hotfix, currently in Early Availability)
  • Minor bug fixes and enhancements
26.8.18

R80_10_mta

Take 19


8010.991003025

The following are available in R80.20.M1 Security Management, or by Gateway configurations on pre-R80.20.M1 versions (refer to sk137572):

  • MTA monitoring (requires R80.20 Management).
  • Setting a next-hop server by domain name (requires R80.20 Management).
  • Removing/replacing malicious links and attachments from e-mails with a customizable text.
  • Adding a customized text to a malicious e-mail's body or subject.
  • Malicious e-mail tagging using an X-header.
  • Sending a copy of the malicious e-mail.

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Make sure MTA is enabled on the Gateway
      2. Install the latest build of CPUSE Agent from sk92449.
      3. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      4. In the upper right corner, click on the Import Package button.
      5. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      6. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      7. Select the imported package R80.X Mail Transfer Agent (MTA) update (Take X) - click on the More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      8. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Make sure MTA is enabled on the Gateway 
      2. Install the latest build of CPUSE Agent from sk92449.
      3. Connect to command line on target Gaia OS.
      4. Log in to Clish.
      5. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      6. Import the package from the hard disk:
        Note: When import completes, this package is deleted from the original location.
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      7. Show the imported packages:
        HostName:0> show installer packages imported
      8. Verify that this package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      9. Install the imported package:
        HostName:0> installer install <Package_Number>

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment