Specify Hostname instead of IP in Network Security section of PAC Manager?

In the Network Security portion of PAC Manager where you can specify a “whitelist” of allowed IP addresses with subnet masks, is it possible to instead specify a hostname? In this particular case I am using an email server hostname that is resolved on the network to any of 3 actual machine IPs depending on traffic etc. I use this email server hostname to send Alarm emails etc. I would like to add it to the whitelist as the hostname rather than static IPs since IPs may be changed by IT dept. in the future while hostname should remain static. Thanks in advance to anyone that can help.

Short answer: No. IP only.

Long answer… I am sure that the whitelist area does not work like you think / hope.
From the PAC Manager manual:

Limiting Access to Specific Computers

You can limit access to the controller or I/O unit based on the IP address of the computer or other host device attempting to communicate with it. You specify the IP addresses that may access the controller or I/O unit. Anyone on a computer or other host device with an acceptable IP address has access.

Work with your network administrator to make sure you are specifying the correct IP addresses. See Configuring Ethernet Security on an I/O Unit or Configuring Ethernet Security on a Standalone Controller for instructions.

So in other words, that area is for inbound connections, not outbound like Email.

In the strategy where you are using the email command, just be sure to use the host name there and configure the gateway and DNS settings in the controller Network settings and you will be fine.

1 Like

Ah, I see, ok. So I should be able to leave the email server IPs off the Network Secuirty whitelist and still send emails outbound using the email server hostnname. I’ll give that a try.

Hmm. I’m getting both -454 Cannot connect to DNS or -443 Could not receive on Socket (when I try using email server IP rather than hostname) now when using Send Email command in OptoScript block. Only change was removing email server IPs from whitelist. I thought maybe I needed to add my DNS server IPs to whitelist, which I did, but no change. Does SMTP not do a handshake that requires both inbound/outbound access?

Its always worth checking errors against this post here:

When I check your -454 error, some trouble shooting options present themselves:

-454: “Unable to connect to DNS server. Check DNS and gateway configuration.”

So, lets check the DNS and gateway. Without those two being configured correctly, the email server host name will not be able to be resolved and you will get an error.

Open PAC Manager and do an inspect of the controller you are trying to send the email from.
It should have the following 4 sections filled out correctly for your network:


My controller is using both interfaces, yours may or may not.
If not, it should be using Ethernet 1.
You will have an IP address and subnet, if you didn’t, you could not connect to the controller at all.
The Gateway and DNS are the two critical ones for using host names in any sort of comm handle in your strategy.
The Gateway and DNS probably should be IP addresses to be safe and sure.
They both must be on the same subnet as the controller.

From there, you must set up the string tables as per the manual:

arrstrServer[0] = "myaccount@speedmail.com"; // User Account

arrstrServer[1] = "mypassword"; // Password

arrstrServer[2] = "smtp.speedmail.com"; // Server. May or may not need 'smtp'.

arrstrServer[3] = "587"; // Port#

arrstrServer[4] = "tls"; // "ssl", "tls", "none"

To be clear, you do not need to whitelist anything in the controller.
The email command connects to the email host name by looking it up via the DNS IP address and the email is sent. That is all you need to get configured correctly.

The only whitelisting that might be required is the PAC Controllers IP address in the IT departments email servers as they are probably not used to getting email send requests from such a device.
They can easily do this since the PAC Controller has a static IP address.

Are you sure this is correct and it doesn’t limit both directions?

(By both directions, I mean the email server needs to respond and that is what is going to get blocked.)

I could be wrong, but I’m pretty sure you need your email server IP on the whitelist to accomplish the SMTP “handshake”. The only thing I changed is removing email server IPs from the whitelist and it stops working. Put the email server IPs back in the whitelist and it works. This is not even using a hostname that would need to be resolved in the Send Email command, I’m specifying email server IP in Send Email command and if it’s not on the whitelist it won’t send. error code: -443 Could not receive on socket.