I have a corporate mail account (exchange 2007) that uses a self-signed SSL certificate. No matter what I do, Mail always complains about this when I connect. If I look at the details it always says the certificate name post does not match the dns name I used to connect.
I had the bright idea to add an entry in /private/etc/hosts that mapped the name post to the external IP of the server. This works beautifully and the certificate error is gone and everything works when I am out of the office.
The problem with this is that when I am in the office I need to access the server by its internal address, and the only way I could connect was to remove the line I added to hosts, or to change the IP from the external IP to the internal IP.
Now for the question: Is there a way I can format multiple entries in the hosts file for the same host name, but with different addresses? I know this is done with real dns servers, but it appears not to work in a hosts file. The idea is for the name lookup to return both IP addresses and Mail will fail over to the second address when the first does not work.
I know there is a setting in Mail for internal and external names for the server, but using this brings back the original certificate errors. After some thought, I also wondered what would happen if I make a second entry for the same name but using IPv6 instead of IPv4? Should have IPv6 some time later this year, and if I understand correctly you can have one name listed twice in hosts when one address is IPv6.
Best Answer
Unfortunately, the answer is no. The hosts file is a static lookup file, and because of this it has no concept of multiple-address per name failover, round-robin, or other features baked into the name resolver.
You can specify multiple names for a given IP address, but not multiple IP addresses mapping back to a single name.
Dare I ask, why can't you access the external interface of the mailserver while internal to your office? We configure all of our clients to use Mail/Jabber externally so they never run into this issue.
Despite conventional wisdom, using the external interface when internally does not "pull all the way across the internet", if configured correctly, of course.