Hi folks! This one is somehwat complicated, so I’ll try to summarize it as easily as possible:
I have a client who recently moved their web hosting from a local IIS server to an commercial external host. However, the new host has repeatedly shut off access from the client site because their server is detecting “port scans” from the client’s IP address. As part of the troubleshooting process, I’ve been running Wireshark on the servers, and the server that runs OpenFire ("xmpp-server’) is repeatedly trying to contact the new webhost on port 5269.
My question is… why is OpenFire trying to do this?
As a bit of background: I set up this client with a COMPANYNAME.LOCAL AD domain, and a forward lookup zone for COMPANYNAME.COM, so that internal users could use the same addresses whether internal or external. The users at this site are not very technical, so I was afraid they wouldn’t understand using SBSSERVER.LOCAL to access the public site internally and WWW.COMPANYNAME.COM to access it externally. I also set up an A record for CHAT.COMPANYNAME.COM so that they’d have one address to connect to the OpenFire server. However, when moving the public website to an external host, I deleted the forward lookup zone on the SBS server, so this should no longer be an issue.
Also, on April 11, 2011 I had to add COMPANYNAME.COM as system property xmpp.fqdn to get OpenFire to work with non-Spark clients like Pidgin. However, that bug was fixed in 2.7.0 and so I deleted xmpp.fqdn on August 10, 2011. So I don’t even know how OpenFire “knows” about the external site.
BTW, I will upgrade this client to 3.8.1 after EOB today, if that helps.