There are multiple types of extension in Asterisk, which are using different ports to register.
The most popular one is PJSIP (UDP5060) which is default by most of the sip phones, on iPhone, the Softphone, Xlite.
The option you need to configure are:
- Extension number: which is used as the UserName
- Secret: which is used as the password, and blurred by system.
- Outbound CID: which is the caller ID shown on called party’s phone.
Download Softphone on the iPhone, fill the below field:
- Username: Extension
- password: secret
- Domain: your public DNS, or public IP address.
- *97: Access your own voicemail.
- *98: Access your voicemail or another extension’s voicemail. You will be prompted to enter a mailbox number.
Feepbx (Asterisk) use postfix send email. The setup in the Web need Pro version, but you can do it from SSH.
Settings > Voicemail Admin > Settings > Email Config
Under Server Email type your email address: email@example.com, which is a office365 account.
Log on FreePBX ssh:
Create a file called sasl_passwd in /etc/postfix:
add below line:
Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.
This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.
Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).
For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called generic in /etc/postfix.
Here you can add the next line.
Att.: Replace firstname.lastname@example.org with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.
For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db chown root:root /etc/postfix/generic /etc/postfix/generic.db chmod 644 /etc/postfix/generic /etc/postfix/generic.db
I prefer to use TLS to transmit mail.
Find the cert file :
ls /etc/ssl/certs/ ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile renew-dummy-cert
Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf
..... inet_protocols = ipv4 relayhost = [smtp.office365.com]:587 # enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt sender_canonical_maps = regexp:/etc/postfix/generic smtp_tls_security_level = may
Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.
service postfix restart
Now we can send a test message to see if everything worked.
open anther terminal and type below command to monitor the mail activity:
tail -f /var/log/maillog
Send a test mail:
echo "body of email" | mail -s "subjectline" -r "email@example.com" firstname.lastname@example.org
You should receive below log:
Oct 22 12:59:32 freepbx postfix/pickup: 59C39811CF59: uid=995 from=<asterisk> Oct 22 12:59:32 freepbx postfix/cleanup: 59C39811CF59: message-id=<Asterisk-5-1980779442-010-2132@xxx> Oct 22 12:59:32 freepbx postfix/qmgr: 59C39811CF59: from=<email@example.com>, size=81156, nrcpt=1 (queue active) Oct 22 12:59:32 freepbx postfix/smtp: connect to smtp.office365.com[2603:1016:401:1031::2]:587: Network is unreachable Oct 22 12:59:32 freepbx postfix/smtp: connect to smtp.office365.com[2603:1016:401:1004::2]:587: Network is unreachable Oct 22 12:59:32 freepbx postfix/smtp: connect to smtp.office365.com[2603:1016:401:1840::2]:587: Network is unreachable Oct 22 12:59:33 freepbx postfix/smtp: 59C39811CF59: to=<firstname.lastname@example.org>, relay=smtp.office365.com[126.96.36.199]:587, delay=1.5, delays=0.59/0.02/0.67/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK <Asterisk-5-1980779442-010-2132@xxx> [Hostname=ME2PR01MB2564.ausprd01.prod.outlook.com]) Oct 22 12:59:33 freepbx postfix/qmgr: 59C39811CF59: removed
Checking Email Queue
- SSH into system
- type the following commands
- flush all emails- type
- postfix flush
- To see mail queue type
- To remove all mail from the queue type
- postsuper -d ALL
- flush all emails- type
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
To configure this from GUI: go to Admin > System Admin. On the right hand side, click Intrusion Detection.
The parameters to configure:
- Ban time: Length of time in seconds a remote IP is banned before he/she can retry login. eg. 3600
- Max retry: how many failed try with in find time. eg. 5
- Find time: time range a failed timer is reset. eg. 300
What they means are, if a login request from an IP failed to login for 5 times within 300 seconds(5 minutes), the user will be banned for 3600 seconds( 1 hour )
Email: the notification will be sent to this email if any address been banned.
Whitelist: the IP that fail2ban will ignore to check, which means it can fail for as many times as it can with in find time.
If you click submit, all the configuration basically will be written to /etc/fail2ban/jail.local .
Click reset to restart the fail2ban service to make the system load the whitelist.
Fail2Ban configuration reference: https://www.fail2ban.org/wiki/index.php/Asterisk