Connections are being denied for allowed hosts
search cancel

Connections are being denied for allowed hosts

book

Article ID: 160500

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Web Data Loss Prevention Network Web Data Loss Prevention Network Protect Data Loss Prevention Network Email Data Loss Prevention

Issue/Introduction

Connections to Prevent server being denied from allowed machines

 

 

Cause

You have entered multiple machines in the "RequestProcessor.AllowHosts"  or "Icap.AllowHosts" of the "Detector Detail: Advanced Settings" page for a Network Prevent Server.
Connections are still being denied from the machines entered.
RequestProcessor0.log clearly shows the traffic being denied from the legitimate machine.

 

Example of RequestProcessor0.log, showing traffic being denied from machine 1.2.3.4:

Sep 23, 2019 4:45:50 PM com.vontu.mta.rp.ESMTPRequestProcessorThread run
WARNING: RPT(28): Could not establish session peers. An incoming connection from /1.2.3.4:12539 was rejected because it is not an allowed host.
Sep 23, 2019 4:45:50 PM com.vontu.mta.rp.ESMTPRequestProcessorThread run
WARNING: RPT(28): Complete exception follows.
java.io.IOException: An incoming connection from /1.2.3.4:12539 was rejected because it is not an allowed host.
 at com.vontu.mta.rp.ESMTPRequestProcessorThread._acceptPeer(ESMTPRequestProcessorThread.java:625)
 at com.vontu.mta.rp.ESMTPRequestProcessorThread._establishPeers(ESMTPRequestProcessorThread.java:659)
 at com.vontu.mta.rp.ESMTPRequestProcessorThread.run(ESMTPRequestProcessorThread.java:1072)
 at java.lang.Thread.run(Thread.java:595)

Resolution

All machines entered into the "RequestProcessor.AllowHosts"  or "Icap.AllowHosts" should be separated by commas, with NO SPACES in the data entry.  Any spaces in the data entry will cause all machines after the space to be ignored. 

IP addresses or fully qualified domain names (FQDN) are recommended instead of short machine names.  (If a short machine name must be used, it should be added to the local hosts file on the Network Prevent and Enforce servers.)