Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

There are multiple types of extension in Asterisk, which are using different ports to register.

The most popular one is PJSIP (UDP5060) which is default by most of the sip phones, on iPhone, the Softphone, Xlite.

The option you need to configure are:

  • Extension number: which is used as the UserName
  • Secret: which is used as the password, and blurred by system.
  • Outbound CID: which is the caller ID shown on called party’s phone.

 

Download Softphone on the iPhone, fill the below field:

  • Username: Extension
  • password: secret
  • Domain: your public DNS, or public IP address.

 

Voice mail
  • *97: Access your own voicemail.
  • *98: Access your voicemail or another extension’s voicemail. You will be prompted to enter a mailbox number.

 

Email setup

 

Feepbx (Asterisk) use postfix send email. The setup in the Web need Pro version, but you can do it from SSH.

Settings > Voicemail Admin > Settings > Email Config

Under Server Email type your email address: info@frankfu.click, which is a office365 account.

Log on FreePBX ssh:

 

Create a file called sasl_passwd in /etc/postfix:

vi /etc/postfix/sasl_passwd

add below line:

[smtp.office365.com]:587 info@frankfu.click:password

Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.

postmap hash:/etc/postfix/sasl_passwd

This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.

Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).

For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called generic in /etc/postfix.

vi /etc/postfix/generic

Here you can add the next line.

/.+/ info@frankfu.click

Att.: Replace info@frankfu.click with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.

postmap hash:/etc/postfix/generic

For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db 
chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db 
chown root:root /etc/postfix/generic /etc/postfix/generic.db 
chmod 644 /etc/postfix/generic /etc/postfix/generic.db

I prefer to use TLS to transmit mail.

Find the cert file :

ls /etc/ssl/certs/

ca-bundle.crt  ca-bundle.trust.crt  localhost.crt  make-dummy-cert  Makefile  renew-dummy-cert

Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf

.....
inet_protocols = ipv4 
relayhost = [smtp.office365.com]:587 


# enable SASL authentication

smtp_sasl_auth_enable = yes

# disallow methods that allow anonymous authentication.

smtp_sasl_security_options = noanonymous

# where to find sasl_passwd

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

# Enable STARTTLS encryption

smtp_use_tls = yes

# where to find CA certificates

smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

sender_canonical_maps = regexp:/etc/postfix/generic

smtp_tls_security_level = may

…..
Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.

Restart Posfix.

service postfix restart

Now we can send a test message to see if everything worked.

open anther terminal and type below command to monitor the mail activity:

tail -f /var/log/maillog

Send a test mail:

echo "body of email" | mail -s "subjectline" -r "info@frankfu.click"  receiver@test.com

You should receive below log:

Oct 22 12:59:32 freepbx postfix/pickup[20587]: 59C39811CF59: uid=995 from=<asterisk>

Oct 22 12:59:32 freepbx postfix/cleanup[23253]: 59C39811CF59: message-id=<Asterisk-5-1980779442-010-2132@xxx>

Oct 22 12:59:32 freepbx postfix/qmgr[20588]: 59C39811CF59: from=<info@frankfu.click>, size=81156, nrcpt=1 (queue active)

Oct 22 12:59:32 freepbx postfix/smtp[23256]: connect to smtp.office365.com[2603:1016:401:1031::2]:587: Network is unreachable

Oct 22 12:59:32 freepbx postfix/smtp[23256]: connect to smtp.office365.com[2603:1016:401:1004::2]:587: Network is unreachable

Oct 22 12:59:32 freepbx postfix/smtp[23256]: connect to smtp.office365.com[2603:1016:401:1840::2]:587: Network is unreachable

Oct 22 12:59:33 freepbx postfix/smtp[23256]: 59C39811CF59: to=<receiver@test.com>, relay=smtp.office365.com[52.98.2.2]:587, delay=1.5, delays=0.59/0.02/0.67/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK <Asterisk-5-1980779442-010-2132@xxx> [Hostname=ME2PR01MB2564.ausprd01.prod.outlook.com])

Oct 22 12:59:33 freepbx postfix/qmgr[20588]: 59C39811CF59: removed

 

Mail queue

Checking Email Queue

  1. SSH into system
  2. type the following commands
    • flush all emails- type
      • postfix flush
    • To see mail queue type
      • mailq
    • To remove all mail from the queue type
      • postsuper -d ALL

 

Fail2ban

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

To configure this from GUI: go to Admin > System Admin. On the right hand side, click Intrusion Detection.

The parameters to configure:

  • Ban time:  Length of time in seconds a remote IP is banned before he/she can retry login. eg. 3600
  • Max retry: how many failed try with in find time. eg. 5
  • Find time: time range a failed timer is reset. eg. 300

What they means are, if a login request from an IP failed to login for 5 times within 300 seconds(5 minutes), the user will be banned for 3600 seconds( 1 hour )

Email: the notification will be sent to this email if any address been banned.

Whitelist: the IP that fail2ban will ignore to check, which means it can fail for as many times as it can with in find time.

If you click submit, all the configuration basically will be written to  /etc/fail2ban/jail.local .

Click reset to restart the fail2ban service to make the system load the whitelist.

Reference

https://wiki.freepbx.org/display/PPS/Setup+Postfix+Manually

Fail2Ban configuration reference: https://www.fail2ban.org/wiki/index.php/Asterisk