Jabber - OS settings

Start from configuring XMPP-related service records in DNS.

chat                IN   A
jabber              IN   CNAME    chat
conference          IN   CNAME    chat
irc                 IN   CNAME    chat
_jabber._tcp        IN   SRV      10 0 5269 chat.ourdom.com
_xmpp-server._tcp   IN   SRV      10 0 5269 chat.ourdom.com<
BIND complains that SRV records must not point to CNAMEs. Therefore either xmpp/jabber should be replaced by mail or make them A-type records.
Addresses that potentially allow SSL should have alias mail.ourdom.com because certificate uses this name.
Configure firewall. Open ports 5222 (XMPP), 5223 (XMPPs), 5269 (XMPP srv):
-A FWL -m state --state NEW -p tcp -m multiport --dports 5222,5223,5269 -j ACCEPT<