check_point.mgmt.cp_mgmt_resource_smtp module – Manages resource-smtp objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.2.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_resource_smtp.

New in check_point.mgmt 6.0.0

Synopsis

  • Manages resource-smtp objects on Checkpoint devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

Parameters

Parameter

Comments

action_1

dictionary

Use the Rewriting Rules to rewrite Sender and Recipient headers in emails, you can also rewrite other email headers by using the custom header field.

custom_field

dictionary

The name of the header.

field

string

The name of the header.

original

string

Original field.

rewritten

string

Replacement field.

recipient

dictionary

Rewrite Recipient header.

original

string

Original field.

rewritten

string

Replacement field.

sender

dictionary

Rewrite Sender header.

original

string

Original field.

rewritten

string

Replacement field.

action_2

dictionary

Use this window to configure mail inspection for the SMTP Resource.

allowed_characters

string

The MIME email headers can consist of 8 or 7 bit characters (7 ASCII and 8 for sending Binary characters) in order to encode mail data.

Choices:

  • "8_bit"

  • "7_bit"

mail_capacity

integer

Restrict the size (in kb) of incoming email attachments.

strip_activex_tags

boolean

Strip activeX tags.

Choices:

  • false

  • true

strip_applet_tags

boolean

Strip JAVA applets.

Choices:

  • false

  • true

strip_file_by_name

string

Strips file attachments of the specified name from the message.

boolean

Strip ftp links.

Choices:

  • false

  • true

strip_mime_of_type

string

Specifies the MIME type to strip from the message.

strip_port_strings

boolean

Strip ports.

Choices:

  • false

  • true

strip_script_tags

boolean

Strip JAVA scripts.

Choices:

  • false

  • true

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

check_rulebase_with_new_destination

boolean

The Rule Base will be rechecked with the new resolved IP address for mail delivery.

Choices:

  • false

  • true

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

cvp

dictionary

Configure CVP inspection on mail messages.

allowed_to_modify_content

boolean

Configures the CVP server to inspect but not modify content.

Choices:

  • false

  • true

enable_cvp

boolean

Select to enable the Content Vectoring Protocol.

Choices:

  • false

  • true

reply_order

string

Designates when the CVP server returns data to the Security Gateway security server.

Choices:

  • "return_data_after_content_is_approved"

  • "return_data_before_content_is_approved"

server

string

The UID or Name of the CVP server, make sure the CVP server is already be defined as an OPSEC Application.

deliver_messages_using_dns_mx_records

boolean

MX record resolving is used to set the destination IP address of the connection.

Choices:

  • false

  • true

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

error_check_rulebase_with_new_destination

boolean

The Rule Base will be rechecked with the new resolved IP address for error mail delivery.

Choices:

  • false

  • true

error_deliver_messages_using_dns_mx_records

boolean

MX record resolving will be used to set the source IP address of the connection used to send the error message.

Choices:

  • false

  • true

error_mail_delivery_server

string

Error mail delivery happens if the SMTP security server is unable to deliver the message within the abandon time, and Notify Sender on Error is checked.

exception_track

string

Determines if an action specified in the Action 2 and CVP categories taken as a result of a resource definition is logged.

Choices:

  • "none"

  • "exception log"

  • "exception alert"

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

mail_delivery_server

string

Specify the server to which mail is forwarded.

match

dictionary

Set the Match properties for the SMTP resource.

recipient

string

Set the Match recipient property for the SMTP resource.

sender

string

Set the Match sender property for the SMTP resource.

name

string / required

Object name.

notify_sender_on_error

boolean

Enable error mail delivery.

Choices:

  • false

  • true

state

string

State of the access rule (present or absent).

Choices:

  • "present" ← (default)

  • "absent"

tags

list / elements=string

Collection of tag identifiers.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: add-resource-smtp
  cp_mgmt_resource_smtp:
    deliver_messages_using_dns_mx_records: 'true'
    exception_track: exception log
    mail_delivery_server: deliverServer
    match:
      recipient: recipientName
      sender: senderName
    name: newSmtpResource
    state: present

- name: set-resource-smtp
  cp_mgmt_resource_smtp:
    mail_delivery_server: newServer
    name: newSmtpResource
    state: present

- name: delete-resource-smtp
  cp_mgmt_resource_smtp:
    name: newSmtpResource
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_resource_smtp

dictionary

The checkpoint object created or updated.

Returned: always, except when deleting the object.

Authors

  • Eden Brillant (@chkp-edenbr)