81_10_mta Take 9

Offline Update

81.10.991002006
(MTA_V13)

• Fixed an issue that might cause emails with cleaned attachments (Threat Extraction) not to contain the link to retrieve the original version of the attachments.
  This would usually happen in emails sent by automated messaging systems, that do not contain a body component.
  To include the link in these emails, follow this article: sk175093
• Fixed an issue causing inability to retrieve the original version of a cleaned attachment in case the attachment name is long and contains spaces.
  
• Fixed an issue that might cause emails to mistakenly fail SPF check.
  Note – SPF enforcement is off by default and can be enabled by following this article: sk146412
  
• Fixed an issue that caused Anti-Phishing and Click-Time URL Protection not to be enforced on all users, in case they were previously configured to be enforced only on some of the users and then switched to enforce on all.
  Note – to enable Anti-Phishing and Click-Time URL Protection on the MTA, follow these articles:
  o   sk165814: Preventing Phishing Emails with MTA Anti-Phishing
  o   sk162618: MTA Click-Time URL Protection (Link Re-Writing)
  
• Fixed an issue that might cause the body of some emails with removed malicious links or re-written links (Click-Time URL Protection) to be corrupted.

81_mta Take 8

Offline Update

81.991002013
(MTA_V14)

• Support Sender Policy Framework (SPF)
  • SPF is a validation system that allows ISPs and webmail servers to check if the incoming mail is sent from an authorized server.
  • Feature includes:
    • Ability to allow or reject emails from an unknown SPF.
    • Whitelist domains and IPs to skip SPF validation.
• Fixed an issue that might cause missing verdict on emails from Threat Emulation logs.

81_mta Take 7

Offline Update

81.991002011
(MTA_V13)

• Fixed an issue that might cause emails with cleaned attachments (Threat Extraction) not to contain the link to retrieve the original version of the attachments.
  This would usually happen in emails sent by automated messaging systems, that do not contain a body component.
  To include the link in these emails, follow this article: sk175093
• Fixed an issue causing inability to retrieve the original version of a cleaned attachment in case the attachment name is long and contains spaces.
  
• Fixed an issue that might cause emails to mistakenly fail SPF check.
  Note: SPF enforcement is off by default and can be enabled by following this article: sk146412
  
• Fixed an issue that caused Anti-Phishing and Click-Time URL Protection not to be enforced on all users, in case they were previously configured to be enforced only on some of the users and then switched to enforce on all.
  Note – to enable Anti-Phishing and Click-Time URL Protection on the MTA, follow these articles:
  o   sk165814: Preventing Phishing Emails with MTA Anti-Phishing
  o   sk162618: MTA Click-Time URL Protection (Link Re-Writing)
  
• Fixed an issue that might cause the body of some emails with removed malicious links or re-written links (Click-Time URL Protection) to be corrupted.

81_mta Take 4

Offline Update

81.991002009
(MTA_V12)

• Fixed an issue that might cause inspection of emails containing multiple picture attachments to fail, if Threat Extraction is enabled.
  
• Fixed an issue that caused some email inspections to fail when Threat Extraction is enabled.
  
• Fixed an issue that in rare cases might allow end users to access the original attachment after it is was cleaned by Threat Extraction but before Threat Emulation finished scanning it.
  
• Fixed an issue that caused some Anti-Phishing inspections of emails to fail.
  
• Enhanced protection against URL obfuscation inside emails.

80_40_mta Take 14

Offline Update

8040.991002047
(MTA_V13)

• Fixed an issue that might cause emails with cleaned attachments (Threat Extraction) not to contain the link to retrieve the original version of the attachments.
  This would usually happen in emails sent by automated messaging systems, that do not contain a body component.
  To include the link in these emails, follow this article: sk175093
• Fixed an issue causing inability to retrieve the original version of a cleaned attachment in case the attachment name is long and contains spaces.
  
• Fixed an issue that might cause emails to mistakenly fail SPF check.
  Note: SPF enforcement is off by default and can be enabled by following this article: sk146412
  
• Fixed an issue that caused Anti-Phishing and Click-Time URL Protection not to be enforced on all users, in case they were previously configured to be enforced only on some of the users and then switched to enforce on all.
  Note – to enable Anti-Phishing and Click-Time URL Protection on the MTA, follow these articles:
  o   sk165814: Preventing Phishing Emails with MTA Anti-Phishing
  o   sk162618: MTA Click-Time URL Protection (Link Re-Writing)
  
• Fixed an issue that might cause the body of some emails with removed malicious links or re-written links (Click-Time URL Protection) to be corrupted.

80_40_mta Take 13

Offline Update

8040.991002046
(MTA_V12)

• Fixed an issue that might cause inspection of emails containing multiple picture attachments to fail if Threat Extraction is enabled.
  
• Fixed an issue that caused some email inspections to fail when Threat Extraction is enabled.
  
• Fixed an issue that in rare cases might allow end users to access the original attachment after it is was cleaned by Threat Extraction but before Threat Emulation finished scanning it.
  
• Fixed an issue that caused some Anti-Phishing inspections of emails to fail.
  
• Enhanced protection against URL obfuscation inside emails.

80_40_mta Take 11

Offline Update

8040.991002041
(MTA_V11)

• Enhanced Granular Control for Fail-Open / Fail-Close Handling of Emails
  • Administrators can now configure the MTA so that in case the following happens:
    • The general error handling configuration is fail-close
      AND
    • A specific error is configured to trigger a fail-open handling
      Then, the email that will be released due to this error will be the original one, regardless of whether or not the MTA already removed attachments or altered links in it.
      
  • An X-header will be added to emails for every error that took place.
    Until this update, only the first error would generate an X-header.
  • Support for the following errors:
    • Attachment size exceeded the configured maximum size
    • The number of URLs in the email exceeded the configured maximum
      
    • The number of headers in the email exceeded the configured maximum
    • Threat Emulation and/or Anti-Virus failed to scan an attachment
    • Threat Emulation failed to extract files from an archive
    • Threat Emulation failed to open a file for inspection
    • Threat Emulation failed because the number of concurrent emulations exceeded the configured maximum permitted
    • File type not supported by Threat Emulation
    • The number of files inside an archive attachment exceeded the configured maximum number
    • The MTA failed to remove an attachment or a link from the email
    • The MTA failed to read URLs in the email
    • The MTA failed to read the email
    • The MTA failed to send a file to emulation due to an internal error
    • Signature-based detection failed due to a connectivity issue
    • Signature-based detection timed out
    • Signature-based detection failed due to an internal error
    • Non-categorized failures

80_40_mta Take 9

Offline Update

8040.991002039
(MTA_V10)

• Important Note – due to recent infrastructure improvements, MTA gateways that enabled the Early Availability version of Click-Time URL Protection are advised to be upgraded to this MTA update.
  For more information about Click-Time URL Protection and how to enable it (after installing this MTA update), please follow SK162618.
• Fixed an issue causing Phishing inspection not to run for emails sent to certain users, when the phishing inspection is disabled for the entire organization and enabled only for them.
  For more information on the new MTA Phishing inspection and how to enable and configure it for your environment, please follow SK165814. 
• Fixed an issue that in rare cases might cause a CPU usage increase of up to a couple of minutes on the MTA gateway, during which the inspection of some emails might end in an error (and be delivered or not according to the fail open/close settings).

80_40_mta Take 7

Offline Update

8040.991002037
(MTA_V9)

• Added the ability to exclude emails from specific senders or to specific recipients from being inspected.
  To do that, follow the instruction in sk166272: MTA - Exclude emails from specific senders or to specific recipients from being inspected.
  
• Early Availability: The MTA Gateway can now prevent phishing emails, using a new and dedicated engine. 
  To enable and configure phishing prevention, follow the instructions in sk165814: Preventing Phishing Emails with MTA Anti-Phishing. 
• Early Availability: The MTA Gateway can now re-write links in the email body, so that they are inspected again with every user click. To learn more and to enable this capability, follow the instructions in sk162618: MTA Click-Time URL Protection (Link Re-Writing. 
• Fixed an issue that might cause attachments not to be scanned if the email is sent using a specific non-common email client.
• Fixed an issue that might cause the email body to be corrupted (base-64 encoded) if an upstream MTA is added an email header in a non-conventional format.
• Fixed an issue that might cause the MTA process to reboot if ALL of the following take place:
  • Threat Extraction is enabled.
  • The hash of a specific document is excluded from inspection in the Threat Prevention policy (using a Whitelist File exception).
  • An email arrives with the excluded file.
• Fixed an issue that might cause the MTA process to reboot when processing a large document attachment while Threat Extraction is enabled.
• Fixed an issue that might cause files to be removed from emails as malicious even though they were specifically excluded in the Threat Prevention policy.

80_20_mta Take 69

Offline Update

8020.991002152
(MTA_V13)

• Fixed an issue that might cause emails with cleaned attachments (Threat Extraction) not to contain the link to retrieve the original version of the attachments.
  This would usually happen in emails sent by automated messaging systems, that do not contain a body component.
  To include the link in these emails, follow this article: sk175093
• Fixed an issue causing inability to retrieve the original version of a cleaned attachment in case the attachment name is long and contains spaces.
  
• Fixed an issue that might cause emails to mistakenly fail SPF check.
  Note: SPF enforcement is off by default and can be enabled by following this article: sk146412
  
• Fixed an issue that caused Anti-Phishing and Click-Time URL Protection not to be enforced on all users, in case they were previously configured to be enforced only on some of the users and then switched to enforce on all.
  Note – to enable Anti-Phishing and Click-Time URL Protection on the MTA, follow these articles:
  o   sk165814: Preventing Phishing Emails with MTA Anti-Phishing
  o   sk162618: MTA Click-Time URL Protection (Link Re-Writing)
  
• Fixed an issue that might cause the body of some emails with removed malicious links or re-written links (Click-Time URL Protection) to be corrupted.

80_20_mta Take 67

Offline Update

8020.991002149
(MTA_V12)

• Fixed an issue that might case inspection of emails containing multiple picture attachments to fail, in case Threat Extraction is enabled.
  
• Fixed an issue that caused some email inspections to fail when Threat Extraction is enabled.
  
• Fixed an issue that in rare cases might allow end users to access the original attachment, after it is was cleaned by Threat Extraction, but before Threat Emulation finished scanning it.
  
• Enhanced protection against URL obfuscation inside emails.

80_20_mta Take 66

Offline Update

8020.991002144
(MTA_V11)

• Enhanced Granular Control for Fail-Open / Fail-Close Handling of Emails
  • Administrators can now configure the MTA so that in case the following happens:
    • The general error handling configuration is fail-close
      AND
    • A specific error is configured to trigger a fail-open handling
      Then, the email that will be released due to this error will be the original one, regardless of whether the MTA already removed attachments or altered links in it.
  • An X-header will be added to emails for every error that took place. 
    Until this update, only the first error would generate an X-header.
  • Support for the following errors:
    • Attachment size exceeded the configured maximum size
    • The number of URLs in the email exceeded the configured maximum
    • The number of headers in the email exceeded the configured maximum
    • Threat Emulation and/or Anti-Virus failed to scan an attachment
    • Threat Emulation failed to extract files from an archive
    • Threat Emulation failed to open a file for inspection
    • Threat Emulation failed because the number of concurrent emulations exceeded the configured maximum permitted
    • File type not supported by Threat Emulation
    • The number of files inside an archive attachment exceeded the configured maximum number
    • The MTA failed to remove an attachment or a link from the email
    • The MTA failed to read URLs in the email
    • The MTA failed to read the email
    • The MTA failed to send a file to emulation due to an internal error
    • Signature-based detection failed due to a connectivity issue
    • Signature-based detection timed out
    • Signature-based detection failed due to an internal error
    • Non-categorized failures

80_20_mta Take 64

Offline Update

8020.991002142
(MTA_V10)

• Important Note – due to recent infrastructure improvements, MTA gateways that enabled the Early Availability version of Click-Time URL Protection are advised to be upgraded to this MTA update.
  For more information about Click-Time URL Protection and how to enable it (after installing this MTA update), please follow SK162618.
  
• Fixed an issue causing Phishing inspection not to run for emails sent to certain users, when the phishing inspection is disabled for the entire organization and enabled only for them.
  For more information on the new MTA Phishing inspection and how to enable and configure it for your environment, please follow SK165814. 
  
• Fixed an issue that in rare cases might cause a CPU usage increase of up to a couple of minutes on the MTA gateway, during which the inspection of some emails might end in an error (and be delivered or not according to the fail open/close settings).

80_20_mta Take 59

Offline Update

8020.991002140
(MTA_V9)

• Added the ability to exclude emails from specific senders or to specific recipients from being inspected.
  To do that, follow the instruction on sk166272: MTA - Exclude emails from specific senders or to specific recipients from being inspected.
  
• [Early Availability] The MTA gateway can now prevent phishing emails, using a new and dedicated engine. 
  To enable and configure phishing prevention, follow SK165814: Preventing Phishing Emails with MTA Anti-Phishing
• [Early Availability] The MTA gateway can now re-write links in the email body, so that they are inspected again with every user click.
  To learn more and to enable this capability, follow SK162618: MTA Click-Time URL Protection (Link Re-Writing)
• Fixed an issue that might cause attachments not to be scanned, in case the email is sent using a specific non-common email client
• Fixed an issue causing the email body to be corrupted (base-64 encoded) in case an upstream MTA added an email header in a non-conventional format
• Fixed an issue that might cause the MTA process to reboot, in case ALL of the below took place:
  • Threat Extraction is enabled
  • The hash of a specific document is excluded from inspection in the Threat Prevention policy (using a Whitelist File exception)
  • An email arrives with the excluded file
• Fixed an issue that might cause the MTA process to reboot, when processing a large document attachment and Threat Extraction is enabled
• Fixed an issue causing files to be removed from emails as malicious, even though there were specifically excluded in the Threat Prevention policy

80_20_mta Take 57

Offline Update

8020.991002139

(MTA_V8) 

• Fixed an issue that causes emails with corrupted attachments to be delivered to end users, in case the following is configured:
  • Threat Extraction and Threat Emulation are enabled
  • Threat Prevention is configured in fail open mode.
    (Manage & Settings -> Blades -> Threat Prevention -> Fail Mode)
  • Threat Extraction is configured to block corrupted files
    (Profile -> Threat Extraction -> Advanced -> Threat Extraction Exceptions)
• Fixed an issue that might cause the MTA to reboot in rare cases when Threat Extraction is enabled and Exceptions are defined for specific LDAP users / groups.
  (Profile -> Mail -> Exceptions -> Extraction Exclusion/Inclusion)
• Fixed an issue that caused Anti-Spam logs not to include the email subject
• Fixed an issue that might cause not removing attachments from emails, even if the attachment file type is configured to be dropped.
  (Profile -> Anti-Virus -> File Types -> Process Specific File Type Families). 
  These attachments still underwent Anti-Virus and Threat Emulation inspection for malware.
• Fixed an issue that might have caused large email queues in the last couple of days for some MTA gateways

80_20_mta Take 54

Offline Update

8020.991002135

(MTA_V7) 

•  Modified the configuration of the MTA so that it tries to send bounce messages only once,whether it reaches its destination or not.
•  Fixed a bug that might cause the MTA to inspect only parts of links containing special characters.
•  Fixed a bug causing inability to enable the DLP blade on MTA gateways

80_20_mta Take 52

Offline Update

 8020.991002132

(MTA_V6)

• Improved Threat Emulation inspection for files behind shortened links (requires the Anti-Virus blade to be enabled)
• Fixed a bug causing emails that were released due to timeout to be mistakenly listed as in queue by the CPView utility (see sk101878)
• Fixed a bug that might cause a failure to remove malicious links from the email body in rare cases. 

80_20_mta Take 49

Offline Update

 8020.991002129

(MTA_V5)

• Fixed a bug that might cause URLs in email body not to be inspected in rare cases
• Fixed a bug that might cause delay in email delivery in case Threat Extraction, Threat Emulation and Anti-Virus blades are configured in Detect-only mode 

80_20_mta Take 47 

Offline Update

8020.991002127 

(MTA_V4)

• Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
• Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes
• Several additional minor fixes

80_20_mta Take 46 

Offline Update

8020.991002125

(MTA_V3)

• Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
• Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout 
• Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) Additional minor fixes

80_20_mta Take 43 

Offline Update

8020.991002122

(MTA_V2)

• Enhanced Protection against BaseStriker: MTA Gateways now protect against malicious emails containing URLs using the BaseStriker technique.
• Improved disk usage utilization for MTA Gateways.
• Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails.
• Fixed a bug in the latest R80.20 MTA engine that caused emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction.
• Fixed a bug the might cause emails to be stuck in the Gateway after a gateway upgrade if the next hop of the Gateway is a DNS name (used to allow for load balancing – see sk110369).
• Fixed a bug that might cause an inaccurate confidence level to be included in an Anti-Virus log and in the "X-Checkpoint-Verdict" email header for emails released by the MTA.
• Fixed a bug that might cause MTA to not function properly if Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list.
• Various small fixes in the Anti-Spam engine. 

80_20_mta Take 34 

Offline Update

8020.991002114

(MTA_V1)

• Threat Emulation for Files behind Bitly Links: The body of an email sometimes includes customized Bitly links pointing to files.
  With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks.
  • This capability requires Threat Emulation and Anti-Virus to be enabled and the Gateway to be configured as MTA/
• Fix for bug that might in rare cases cause Threat Emulation not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821).
• Fix for bug that might in rare cases cause malicious links in the email body not to be removed.
• Various small fixes to the Anti-Spam engine.

80_20_mta Take 31 

Offline Update

• Enhanced control over MTA actions in cases of failures: MTA is often configured to block emails in case SandBlast fails to scan them. Administrators can now configure MTA so that in the event of specific failure types, the emails will bypass SandBlast and not be blocked.
  The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them. For details and configuration instructions, refer to sk145552.
• Additional Details in MTA Timeout Log: MTA logs indicating that an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation, and Threat Extraction
• Fixed a bug causing emails whose Threat Emulation scan failed to remain in the MTA queue until their defined timeout instead of being released as failed immediately.
• Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode:
  • Email scan failed and SandBlast is configured to bypass protections in cases of failures.
  • Anti-Virus Detect logs
• Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented if Threat Extraction sanitized the file. 
• Fixed a bug causing redundant warning messages to be included under /var/log/maillog.
• Fixed a bug causing the download link for the original file not to appear in the email body if Threat Extraction is enabled and the email body is binary-encoded.
• Fixed a bug causing MTA to restart in rare cases when Anti-Spam is enabled together with another engine (e.g., Anti-Virus). 
• Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off.
• Fixed a bug that might in rare cases cause MTA performance degradation and high memory consumption.

R80_20_mta Take 27

Offline Update

• Threat Emulation configuration for exclusion of specific senders / recipients now supports '*' as wildcard character. Improved failure handling: Failure to inspect attachments will result in applying the set fail-mode (in the Threat Prevention Advanced Settings) – either allow (fail-open) or drop/replace the attachment (fail-close). Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service

• Resolved issues: SmartEvent fails to display log when the subject contains emoji characters. The File ID is displayed incorrectly in Threat Extraction logs.

R80_20_mta Take 24

Offline Update

• Bug fixes for customers using both Anti-Virus and Threat Emulation.

R80_20_mta

Take 21

Offline Update

• Improve enforcement capabilities for signed emails
• Improve CpDiag AV report
• Debug enhancement
• Bug fixes and enhancements

R80_20_mta

Take 18

Offline Update

• Support Anti-Virus hash (MD5) exceptions for all files
  (refer to sk142452)
• Bug fixes and enhancements

R80_20_mta

Take 15

Offline Update

• Improved detection for Anti-Virus hash & URL reputation engines
• Customizable port for incoming & outgoing SMTP sessions
• Minor bug fixes and enhancements

R80_20_mta

Take 11

• Minor bug fixes and enhancements

R80_20_mta

Take 7

The following are available in R80.20 Gateway & Management:

• Anti-Virus over MTA support
• MTA performance improvements
• Several fixes and enhancements

R80_10_mta
Take 74
offline update

• Fixed an issue that might cause emails with cleaned attachments (Threat Extraction) not to contain the link to retrieve the original version of the attachments.
  This would usually happen in emails sent by automated messaging systems, that do not contain a body component.
  To include the link in these emails, follow this article: sk175093
• Fixed an issue causing inability to retrieve the original version of a cleaned attachment in case the attachment name is long and contains spaces.
  
• Fixed an issue that might cause emails to mistakenly fail SPF check.
  Note – SPF enforcement is off by default and can be enabled by following this article: sk146412
  
• Fixed an issue that caused Anti-Phishing and Click-Time URL Protection not to be enforced on all users, in case they were previously configured to be enforced only on some of the users and then switched to enforce on all.
  Note – to enable Anti-Phishing and Click-Time URL Protection on the MTA, follow these articles:
  o   sk165814: Preventing Phishing Emails with MTA Anti-Phishing
  o   sk162618: MTA Click-Time URL Protection (Link Re-Writing)
  
• Fixed an issue that might cause the body of some emails with removed malicious links or re-written links (Click-Time URL Protection) to be corrupted.

R80_10_mta
Take 73
offline update

• Fixed an issue that might case inspection of emails containing multiple picture attachments to fail, in case Threat Extraction is enabled.
  
• Fixed an issue that caused some email inspections to fail when Threat Extraction is enabled.
  
• Fixed an issue that in rare cases might allow end users to access the original attachment, after it is was cleaned by Threat Extraction, but before Threat Emulation finished scanning it.
  
• Enhanced protection against URL obfuscation inside emails.

80_10_mta Take 72

Offline Update

• Enhanced Granular Control for Fail-Open / Fail-Close Handling of Emails
  • Administrators can now configure the MTA so that in case the following happens:
    • The general error handling configuration is fail-close
      AND
    • A specific error is configured to trigger a fail-open handling
      Then, the email that will be released due to this error will be the original one, regardless of whether the MTA already removed attachments or altered links in it.
      
  • An X-header will be added to emails for every error that took place. 
    Until this update, only the first error would generate an X-header.
    
  • Support for the following errors:
    • Attachment size exceeded the configured maximum size
    • The number of URLs in the email exceeded the configured maximum
    • The number of headers in the email exceeded the configured maximum
    • Threat Emulation and/or Anti-Virus failed to scan an attachment
    • Threat Emulation failed to extract files from an archive
    • Threat Emulation failed to open a file for inspection
    • Threat Emulation failed because the number of concurrent emulations exceeded the configured maximum permitted
    • File type not supported by Threat Emulation
    • The number of files inside an archive attachment exceeded the configured maximum number
    • The MTA failed to remove an attachment or a link from the email
    • The MTA failed to read URLs in the email
    • The MTA failed to read the email
    • The MTA failed to send a file to emulation due to an internal error
    • Signature-based detection failed due to a connectivity issue
    • Signature-based detection timed out
    • Signature-based detection failed due to an internal error
    • Non-categorized failures

80_10_mta Take 70

Offline Update

• Important Note – due to recent infrastructure improvements, MTA gateways that enabled the Early Availability version of Click-Time URL Protection are advised to be upgraded to this MTA update.
  For more information about Click-Time URL Protection and how to enable it (after installing this MTA update), please follow SK162618.
  
• Fixed an issue causing Phishing inspection not to run for emails sent to certain users, when the phishing inspection is disabled for the entire organization and enabled only for them.
  For more information on the new MTA Phishing inspection and how to enable and configure it for your environment, please follow SK165814. 
  
• Fixed an issue that in rare cases might cause a CPU usage increase of up to a couple of minutes on the MTA gateway, during which the inspection of some emails might end in an error (and be delivered or not according to the fail open/close settings).

80_10_mta Take 68

Offline Update

• Added the ability to exclude emails from specific senders or to specific recipients from being inspected.
  To do that, follow the instruction on sk166272: MTA - Exclude emails from specific senders or to specific recipients from being inspected.
  
• [Early Availability] The MTA gateway can now prevent phishing emails, using a new and dedicated engine. 
  To enable and configure phishing prevention, follow SK165814: Preventing Phishing Emails with MTA Anti-Phishing
• [Early Availability] The MTA gateway can now re-write links in the email body, so that they are inspected again with every user click.
  To learn more and to enable this capability, follow SK162618: MTA Click-Time URL Protection (Link Re-Writing)
• Fixed an issue that might cause attachments not to be scanned, in case the email is sent using a specific non-common email client
• Fixed an issue causing the email body to be corrupted (base-64 encoded) in case an upstream MTA added an email header in a non-conventional format
• Fixed an issue that might cause the MTA process to reboot, in case ALL of the below took place:
  • Threat Extraction is enabled
  • The hash of a specific document is excluded from inspection in the Threat Prevention policy (using a Whitelist File exception)
  • An email arrives with the excluded file
• Fixed an issue that might cause the MTA process to reboot, when processing a large document attachment and Threat Extraction is enabled
• Fixed an issue causing files to be removed from emails as malicious, even though there were specifically excluded in the Threat Prevention policy

80_10_mta Take 67

Offline Update

(MTA_V8)

• Fixed an issue that causes emails with corrupted attachments to be delivered to end users, in case the following is configured:
  • Threat Extraction and Threat Emulation are enabled
  • Threat Prevention is configured in fail open mode.
    (Manage & Settings -> Blades -> Threat Prevention -> Fail Mode)
  • Threat Extraction is configured to block corrupted files
    (Profile -> Threat Extraction -> Advanced -> Threat Extraction Exceptions)
• Fixed an issue that might cause the MTA to reboot in rare cases when Threat Extraction is enabled and Exceptions are defined for specific LDAP users / groups.
  (Profile -> Mail -> Exceptions -> Extraction Exclusion/Inclusion)
• Fixed an issue that caused Anti-Spam logs not to include the email subject
• Fixed an issue that might cause not removing attachments from emails, even if the attachment file type is configured to be dropped.
  (Profile -> Anti-Virus -> File Types -> Process Specific File Type Families). 
  These attachments still underwent Anti-Virus and Threat Emulation inspection for malware.
• Fixed an issue that might have caused large email queues in the last couple of days for some MTA gateways

80_10_mta Take 64

Offline Update

(MTA_V7)

• Modified the configuration of the MTA so that it tries to send bounce messages only once, whether it reaches its destination or not.
• Fixed a bug that might cause the MTA to inspect only parts of links containing special characters.
• Fixed a bug causing inability to enable the DLP blade on MTA gateways

80_10_mta Take 62

Offline Update

8010.991003079

(MTA_V6)

• Improved Threat Emulation inspection for files behind shortened links (requires the Anti-Virus blade to be enabled)
• Fixed a bug causing emails that were released due to timeout to be mistakenly listed as in queue by the CPView utility (see sk101878)
• Fixed a bug that might cause a failure to remove malicious links from the email body in rare cases. 

 80_10_mta Take 59

Offline Update

8010.991003076 

(MTA_V5)

• Fixed a bug that might cause URLs in email body not to be inspected in rare cases
• Fixed a bug that might cause delay in email delivery in case Threat Extraction, Threat Emulation and Anti-Virus blades are configured in Detect-only mode 

80_10_mta Take 58

Offline Update

8010.991003075 

(MTA_V4)

• Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
• Fixed a bug causing the configured customized subject prefix not to be added to malicious emails in case the MTA is configured to also send a copy of malicious emails to additional mailboxes
• Several additional minor fixes

80_10_mta Take 57 

Offline Update

8010.991003073

(MTA_V3)

• Fixed a bug that might cause some mail scans to fail on reputation problems, even though they did not contain any link
• Fixed a bug causing users not to receive notifications that an email was not delivered to them, in case the email scan could not be completed before the configured timeout 
• Fixed a bug causing MTA not to add failure headers to the emails, in some cases in which the gateway is configured to add headers only in specific error cases (using sk145552) 
• Additional minor fixes

80_10_mta Take 53 

Offline Update

8010.991003069

(MTA_V2)

• Enhanced Protection against BaseStriker – MTA gateways now protect against malicious emails containing URLs utilizing BaseStriker technique
• Improved disk usage utilization in MTA gateways
• Fixed a bug that might cause the MTA Live Monitoring dashboard view to mistakenly present 0 as the number of delivered emails
• Fixed a bug in the latest R80.20 MTA engine, causing emails to be delivered only after Threat Emulation is completed, even though their attachment file type is supported for Threat Extraction
• Fixed a bug the might cause emails to be stuck on the gateway after a gateway upgrade, in case the next hop of the Gateway is a DNS name (used to allow for load balancing – see sk110369)
• Fixed a bug that might cause inaccurate confidence level to be included in an Anti-Virus log and the "X-Checkpoint-Verdict" email header for emails released by the MTA.
• Fixed a bug that might cause MTA to not function properly in case Anti-Spam is enabled and emails are received from senders in the Anti-Spam block list
• Various small fixes in the Anti-Spam engine

80_10_mta Take 47 

Offline Update

8010.991003061

(MTA_V1)

• Threat Emulation for Files behind Bitly Links – Email body sometimes include customized Bitly links pointing to files
  With this release, files behind these links will now be scanned by Threat Emulation to detect zero-day attacks
  • This capability requires Threat Emulation and Anti-Virus to be enabled and the gateway to be configured as MTA
• Fixed a bug that might cause Threat Emulation in rare cases not to be able to open some password-protected archive files for scanning, even if the email body contained the password (refer to sk112821)
• Fixed a bug that might cause malicious links in the email body not to be removed in rare cases
• Various small fixes in the Anti-Spam engine

80_10_mta Take 44

Offline Update 

• Enhanced control over MTA actions in cases of failures - MTA is often configured to block emails in case SandBlast failed to scan them.
  Administrators can now configure MTA so that in case of specific failure types the emails will bypass SandBlast and not be blocked.
  The X-Header of emails bypassing SandBlast due to this configuration will include the failure type, allowing administrators to apply specific email rules on them.More details and configuration instructions are in sk145552
• Additional Details in MTA Timeout Log - MTA logs indicating an email scan has timed out now include details about the time it took the different engines to scan the mail. Engines included in the log are Anti-Virus, Threat Emulation and Threat Extraction
• Fixed a bug causing emails, whose Threat Emulation scan failed, to remain in the MTA queue until their defined timeout instead of being released as failed immediately
• Fixed a bug causing the following logs not to be sent when SandBlast is configured in MTA mode:
  • Email scan failed and SandBlast is configured to bypass protections in cases of failures.
  • AntiVirus Detect logs
• Fixed a bug causing Threat Emulation logs to mistakenly state a malicious file was prevented in case Threat Extraction sanitized the file 
• Fixed a bug causing redundant warning messages to be included under /var/log/maillog
• Fixed a bug causing the link to download the original file not to appear in the email body, in case Threat Extraction is enabled and the email body is binary-encoded.
• Fixed a bug causing MTA to restart in rare cases where Anti-Spam is enabled and another engine (e.g., Anti-Virus) 
• Fixed a bug causing mta_monitor to generate redundant dump files upon the first policy install after it was turned off
• Fixed a bug that might cause MTA performance degradation and high memory consumption in rare cases.

Take 37

Offline Update

• Threat Emulation configuration for exclusion of specific senders / recipients now supports '*' as a wildcard character.
• Improved failure handling:
  • Failure to inspect attachments will result in applying the set fail-mode (in the Threat Prevention Advanced Settings) - either allow (fail-open) or drop/replace the attachment (fail-close).
  • Added a separate fail-mode setting for connection failures with ThreatCloud service for Anti-Virus reputation service.

• Resolved issues:
  • SmartEvent fails to display log when the subject contains emoji characters.
  • File ID is displayed incorrectly in Threat Extraction logs.

Take 34

Offline Update

• Bug fixes for customers using both Anti-Virus and Threat Emulation.

R80_10_mta

Take 31

Offline Update

• Improve enforcement capabilities for signed emails
• Improve CpDiag AV report
• Debug enhancement
• Bug fixes and enhancements

R80_10_mta

Take 28

Offline Update

• Support Anti-Virus hash (MD5) exceptions for all files (refer to sk142452)
• Bug fixes and enhancements

R80_10_mta

Take 25

Offline Update

• Improved detection for Anti-Virus hash & URL reputation engines
• Customizable port for incoming & outgoing SMTP sessions
• Minor bug fixes and enhancements

R80_10_mta

Take 21

• Alignment to R80.20 MTA engine update
  • Anti-Virus over MTA support
  • MTA performance improvements
• Minor bug fixes and enhancements

R80_10_mta

Take 19

8010.991003025

The following are available in R80.20.M1 Security Management, or by Gateway configurations on pre-R80.20.M1 versions (refer to sk137572):

• MTA monitoring (requires R80.20 Management).
• Setting a next-hop server by domain name (requires R80.20 Management).
• Removing/replacing malicious links and attachments from e-mails with a customizable text.
• Adding a customized text to a malicious e-mail's body or subject.
• Malicious e-mail tagging using an X-header.
• Sending a copy of the malicious e-mail.