While testing Wildfire 2.4.2 against my own S2S implementation ive discovered a bug when trying to contact components running on Wildfire such as conference and search, when my server sends disco info requests to all three entities:
conference.wildfire.mydomain.com
the requests to wildfire go fine with my server establishing three incoming streams to wildfire one for each domain name, but when wildfire replies with the disco results it only establishes one stream back and only dialback authenticates for the domain in the first stanza which will come through fine, but then wildfire tries to also send the other stanzas over this connection but without using another db:result first to authenticate the sending of stanzas from this extra domain name (as the xmpp specs say it should) which results in my server responding with an stream:error</stream:error> error and disconnects the socket.
Have a look at http://www.xmpp.org/specs/rfc3920.html#dialback-protocol, 8.3.10 specifically the following section:
“After successful dialback negotiation, the Receiving Server SHOULD accept subsequent db:result/ packets (e.g., validation requests sent to a subdomain or other hostname serviced by the Receiving Server) from the Originating Server over the existing validated connection; this enables “piggybacking” of the original validated connection in one direction.”
and
“Furthermore, a server MUST verify that the ‘‘from’’ attribute of stanzas received from the other server includes a validated domain for the stream; if a stanza does not meet this restriction, the server that receives the stanza MUST generate an stream error condition and terminate both the XML stream and the underlying TCP connection.”
Either this or you need to be creating extra connections on behalf of each domain name that you are sending out from.