Connections are being denied for allowed hosts

book

Article ID: 160500

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Issue:  Connections to Prevent server being denied from allowed machines

Situation:
You have entered multiple machines in the "RequestProcessor.AllowHosts" (Icap.AllowHosts for version 9 or above) of the "Server Detail: Advanced" page for a Prevent Server.
Connections (generally email) are still being denied from the machines entered.
RequestProcessor0.log clearly shows the traffic being denied from the legitimate machine.

Example RequestProcessor0.log, showing traffic being denied from machine 1.2.3.4
=================================================================================
request processor log clearly shows that the machine is being rejected as not an allowed host:
Sep 23, 2009 4:45:50 PM com.vontu.mta.rp.ESMTPRequestProcessorThread run
WARNING: RPT(28): Could not establish session peers. An incoming connection from /1.2.3.4:12539 was rejected because it is not an allowed host.
Sep 23, 2009 4:45:50 PM com.vontu.mta.rp.ESMTPRequestProcessorThread run
WARNING: RPT(28): Complete exception follows.
java.io.IOException: An incoming connection from /1.2.3.4:12539 was rejected because it is not an allowed host.
 at com.vontu.mta.rp.ESMTPRequestProcessorThread._acceptPeer(ESMTPRequestProcessorThread.java:625)
 at com.vontu.mta.rp.ESMTPRequestProcessorThread._establishPeers(ESMTPRequestProcessorThread.java:659)
 at com.vontu.mta.rp.ESMTPRequestProcessorThread.run(ESMTPRequestProcessorThread.java:1072)
 at java.lang.Thread.run(Thread.java:595)

Resolution

All machines entered into the RequestProcessor.AllowHosts should be separated by commas, with NO SPACES in the data entry.  Any spaces in the data entry will cause all machines after the space to be ignored. 

IP addresses or fully qualfied domain names (FQDN) are recommended instead of short machine names.  (If a short machine name must be used, it should be added to the local hosts file on the Prevent and Enforce servers.)