Probably easy - but how do you get the *97 command to not ask for a password. My SIP phone is obviously already registered to the PBX or else I wouldn’t receive any calls.
Using snom 300 v. 7.1.35
and FreePBX 2.5.1.1
(sorry if already discussed, searches found many unrelated items)
The answer is simple, you can’t.
and the reasoning is simple. A voicemail account without a password is totally unsecure. without a password it can be abused, compromised, voic email greetings changed without anybody knowing, assigned a password locking people out of it, etc…
Also remember that from any other extension you can dial *98 and answer the extension prompt (or dial *98xxx where xxx is the extension) and without a password I would be in to that extensions messages and all the above applies.
Thanks. But I don’t want to get rid of the voicemail password completely, just when I call from my phone. My phone currently registers itself with the PBX by giving it its extension and password - the password I’m referring to here is the ‘secret’ code put on the extensions page under ‘Device Options’. I also have voicemail enabled and have its ‘Voicemail Password’ set to the same number as the ‘secret’ code for the extension (although not necessary for my request).
So if I dial *97 from my phone, I want it to go directly into voicemail without asking for the password. However, if someone dials *98, then my extension from another phone, I do want it to ask for the password.
My phone has proven that it is the extension it says it is when it registered. Why should I have to reprove it when I dial voicemail from it?
Because someone could go to YOUR phone and access your VM. That Being Said…
Sometime back, I played around with programming a speed dial button that dialed *97 (A Few Pauses) then the Password. That worked, but I never used it.
There is an app for the AASTRA phones supporting XML which gives single voicemai button (http://nerdvittles.com/?p=207). This app is included as part of the FreePbx training, so I’m not sure if it’s available for general(Free)Distribution.
BIll/W5WAF
Using the secret code of the phone as the voicemail password is also not the smartest thing in the world as that sends simple dtml tone codes and can easly be decoded if somebody wanted to sniff the traffic. The phone’s (extension) secret that is used to authenticated against with the server is very important and should be secured properly otherwise it is possible that somebody could register another phone using that code. Then they could make long distance calls from your system and you’d not know until it’s to late.
So a extensions secret is something that only the system admin should know. I know that our CEO or CFO would have a HUGE issue if I knew the password to there voicemail. Yes as phone system admin I know it’s stored as clear text in the voicemail.conf file and if I wanted it I could look it up, but 1. I’m not stupid enough to tell them that, 2 I don’t tell them that and 3. I don’t go and do that either.
A voicemail password HAS TO BE numbers so that it can be entered on a phone.
A extensions secret should be just like any GOOD password and made up of letters (upper and lower case), numbers and symbols, not a word in a dictionary, your SSN, etc.
There are many attacks going on against open SIP ports attempting to register as an extension currently and limiting yourself to simple passwords like only number patterns can be broken in a few minutes, then you could suddenly be stuck with thousands of dollars in phone calls in just a hours time, and potentially be liable for any phone phishing that is generated from your system. (see: http://www.ic3.gov/media/2008/081205-2.aspx )
I didn’t realize the secret code could be anything other than numbers. Thanks for the warning. I’ll update ours. I just followed the PBX in a Flash without Tears guide. Maybe someone should put a good warning like this on the extensions page.
As for the voicemail, if someone else could physically get to my phone, I wouldn’t care if they hear the voicemail. We’ve got a small office. I guess I’d only be worried about someone dialing in from outside and hitting *. Then I’d want it to ask for a password. Sounds like it can’t be done easily. Thanks for your help.
Hi John,
I agree with you that your intention of not using a password when logging in from the extension itself is good in terms of the ergonomics. If someone can get to my desk the last thing I care about is my voicemail password. That was how my previous Aterisk v 1.0 system worked, and it was intuitive.
Obviously from other extensions or outside lines a password should be required.
Did you find a solution to this?
Nigel.
Hi Nigel, have one simple solutions for you.
edit the file extensions_additional.conf in the context [app-vmmain]
and change line:
exten => 999,check+101(mbexist),VoiceMailMain(${AMPUSER}@${VMCONTEXT})
to:
exten => 999,check+101(mbexist),VoiceMailMain(${AMPUSER}@${VMCONTEXT}|s)
your mailbox will enter automaticaly
[]s
Never edit the extensions_additional.conf. It will be overwritten the next time you reload FreePBX.
Bill/W5WAF
It’s 2011 and I gave up paper checks, out houses, and fax machines eons ago…it’s time to let go of VM pins from the desk. 
Yes, most definitely–it is a waste to edit extensions_additional.conf.
Instead, edit /var/www/html/admin/modules/voicemail/functions.inc.php and search for the two lines that have “mbexist” on them. Replace the one that looks like:
[php]
$ext->add($id, $c, ‘mbexist’, new ext_vmmain(’${AMPUSER}@${VMCONTEXT}’),‘check’,101);
[/php]
with:
[php]
$ext->add($id, $c, ‘mbexist’, new ext_vmmain(’${AMPUSER}@${VMCONTEXT},s’),‘check’,101);
[/php]
All we’re doing there is adding the “,s” part there right after VMCONTEXT}. This is resilient to extension changes that overwrite extensions_additional.conf and still forces voicemail passwords when calling from anywhere else. Note that updates to your voicemail module in FreePBX would likely overwrite this config improvement.
This should be a configuration option in General Settings, system-wide, off by default to not scare the paranoids. I’ll work on a patch to offer, in the meantime I hope the above helps you.
Thanks Lyle, that got my Polycom ‘Messages’ button going without having to enter a password.
In version 2.10, you must modify in: /var/www/html/admin/modules/voicemail/functions.inc.php following two lines with adding “,s” in the end:
$ext->add($id, $c, ‘check’, new ext_vmexists(’${AMPUSER}@${VMCONTEXT},s’));
$ext->add($id, $c, ‘mbexist’, new ext_vmmain(’${AMPUSER}@${VMCONTEXT},s’),‘check’,101);
I’ve used your settings with great success since this posting. Yesterday, version 2.9.0.6 of Voicemail was installed in a module upgrade. This no longer works… Where else should I look; is there now another setting?
After editing, I did perform an amportal restart, also a full reboot.
FreePBX 2.9.0.10 - Asterisk (Ver. 1.8.3.2)
Thanks!
The update overwrote your changes, you need to put them back in.
One other quick note.
There is no need to reboot machines that are running. Linux servers run for years without an update.
All Asterisk modules can be reloaded. In this case the command “dialplan reload” would have taken care of these changes.
You can always use amportal restart. To safely restart Asterisk and FreePBX.
I’ve tried that to no avail. After changing and performing both a amportal restart, or a reboot, the system still requests a password on internal calls. Is there something else I should try?
Sigh.
Later - gone from bad to worse. Now when I dial *97, it asks me for my mailbox number, then password. I’ll let you know how this turns out, running update-programs, fixes now.
Had to perform a complete restore; there are some bad updates in these modules:
Update There are 9 modules available for online upgrades
queues 2.9.0.13 (current: 2.9.0.12)
framework 2.9.0.10 (current: 2.9.0.9)
daynight 2.9.0.4 (current: 2.9.0.3)
iaxsettings 2.9.0.5 (current: 2.9.0.4)
fax 2.9.0.6 (current: 2.9.0.5)
pinsets 2.9.0.2 (current: 2.9.0.1)
disa 2.9.0.5 (current: 2.9.0.4)
core 2.9.0.5 (current: 2.9.0.4)
voicemail 2.9.0.6 (current: 2.9.0.5)
Good news is, everything is back to normal. Bad news is, I’m not updating any of these modules until resolve is found.
It does get broken with 2.9.0.6. I wrote up a bug report here : http://pbxinaflash.com/forum/showthread.php?t=12511
I completely did a clean install on a test box and it failed as well.
Makes me wonder if there is another version of the php nestled somewhere else now…
On 2.10.0.4 the above fix does not work. I’m now asked for my mailbox and password on both numbers (*97 and *98). Is there a fix for this version?
I left the FPBX functionality as per default, so as not to inadvertendlty break anything during module upgrades etc. I decided to use “1000” as the number to dial into my voicemail which I then assigned to the Messages button on my Cisco handsets and also my DECT handset (which incidentally had a foible in that it did not like saving the ‘*’ character from the default VM feature codes in its phone memory).
In my extensions_custom.conf I have the following:
[from-internal-custom]
; Direct extension for voicemail retrieval
exten => 1000,1,VoiceMailMain(s${CALLERID(num)})
exten => 1000,n,HangupWorks a treat across Asterisk versions and FPBX module upgrades!!
Above works fine
Iam also working on a module patch so admins can choose to bypass the password! This fix wont effect incoming its for the dial out exten only!