I am currently having to do the following to allow mail sending in our java security policy.
permission java.net.SocketPermission "smtp.example.com", "resolve";
permission java.net.SocketPermission "10.0.0.1:25", "connect,resolve";
permission java.net.SocketPermission "10.0.0.2:25", "connect,resolve";
permission java.net.SocketPermission "10.0.0.3:25", "connect,resolve";
However the IP address is subject to change from time to time, and I need to ensure our applications don't break if someone adds a new smtp server.
Is it possible to compromise to allow connections based on hostname rather than IP address?
From the java doc of SocketPermission page:
A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host. The host is specified as
host = (hostname | IPv4address | iPv6reference) [:portrange]
An example of the creation and meaning of SocketPermissions:
new SocketPermission("puffin.eng.sun.com:7777", "connect,accept");