Office 365 Exchange Email and FreePBX (Updated 9/23/2019)

configuration
Tags: #<Tag:0x00007fafd34a1c00>

(Matthew B) #1

Note: This post will no longer be updated here and instead will be updated and maintained in the Wiki: https://wiki.freepbx.org/display/FDT/How+to+setup+FreePBX+to+work+with+Office+365+Exchange+Email?flashId=-1413946338

How to setup FreePBX to work with Office 365 Exchange Email

NOTE: These instructions are replacing the original thread " Steps to getting FreePBX to work with Office 365 email" dated 5/2017 with updated information

[09/27/2019: Updated: Step E3, “MyHostname” updated to indicate actual FQDN to your machine. ]

Introduction

Getting FreePBX to work with Office 365 can be tricky. Many of the Asterisk/FreePBX/Linux gurus out there don’t yet fully understand that Office 365 is more paranoid than most SMTP systems. Office 365 Exchange Servers require a few things before an email can be relayed to them. These instructions are a little easier than the old instructions.

Using the Commercial System Admin module makes this a bit easier. It would still be possible to do this without the Commercial System Admin module, but you will need to configure options manually through editing files through SSH

You must meet all of these requirements:

  1. You can reach your Office 365 Exchange Server through port 25. For example: yourdomain-com.mail.protection.outlook.com
  2. Your firewall is not blocking port 25
  3. Your ISP is not blocking port 25
  4. Office 365 is not blocking your IP
  5. You are using a fixed public IP address
  6. You don’t need IPv6 on your PBX (as Office 365 does not support it, yet) and are willing to disable it.
  7. Commercial System Admin module (It has the handy SMTP Email Setup)
  8. You have admin account to your Office 365
  9. You know what your Office 365 SMTP server is for your tenant account. To get this information, you can use https://mxtoolbox.com/SuperTool.aspx for your domain. It will tell you what it is.
  10. You have access to your DNS settings, so you can update your TXT SPF record.

STEPS

A. Edit your DNS records and setup a SPF text record for your domain. This informs Office 365 that you are a “known and trusted system”. Since Office 365 requires an SPF record already, you will not so much need to add it, but modify the existing one it so that it include the external IP of your PBX. So, with aaa.bbb.ccc.ddd representing your public pbx ip address, this is what your TEXT record should read as:

v=spf1 ip4: **aaa.bbb.ccc.ddd** include:spf.protection.outlook.com ~all <-- be sure to replace aaa.bbb.ccc.ddd with your public ip address

If you already have an ip4: in there with an IP, you can add another.

B. Add the following to the end of /etc/postfix/main.cf (You can’t do this from the admin module, SSH only)

inet_protocols = ipv4

The inet_protocols = ipv4 tells postfix to not use ipv6. ipv6 is bad mojo with most SMTP servers.

Reload postfix by running these command:

service postfix restart

OPTIONAL: I also took the liberty to disable IPv6 at the Centos OS level as well. I do not need IPv6, nor is it supported end to end everywhere, so I don’t want it to ever be an issue until I know IPv6 is supported everywhere. If you want to disable IPv6 at the OS level you can do so by going to /etc/sysctl.conf and adding the following line: net.ipv6.conf.all.disable_ipv6 = 1 save the file, then reload the system ip configuration by issuing this command: sysctl -p Keep in mind you will still need to disable IPv6 in main.cf to inform postfix that you are only using ipv4

C. Setup Office 365 Exchange Connector to allow your external IP to talk to it

  1. Login to Office 365 as admin.
  2. Go to Admin, select Exchange
  3. Go to the mail flow section, and click on connectors
  4. Click on the plus icon, and add a connector for your PBX external IP address. Use your external IP as the IP Address that is authorized to communicate with the Office 365 Exchange server.

D. Confirm you can connect using your external IP to Office 365 through port 25. From a telnet capable system that uses the same external gateway IP that your PBX will be using use telnet (yes, telnet!) to confim you can connect to Office 365 Exchange Server through port 25. Use the following telnet [Your domain]-com.mail.protection.outlook.com 25 . If you are able to connect, then you have nothing blocking port 25. If you cannot connect, you need to ensure your firewall is not blocking this, or your ISP is not blocking. If this step does not pass, then no point in going forward. STOP.

E. Setup Email settings in FreePBX using the Commercial System Admin module

  1. Go to Email Setup. Use these settings
  2. SMTP Server: Enable “Use External SMTP Server”
  3. My Hostname: [YourDomain].com ex: sipserver.yourcompany.com (use FQDN of your server)
  4. My Origin: [YourDomain].com ex: yourcompany.com (yourcompany.com is fine)
  5. My Domain: [YourDomain].com ex: yourcompany.com (yourcompany.com is fine)
  6. Provider: Other
  7. SMTP Server: [Your domain]-com.mail.protection.outlook.com:25 (This should be an mx record for your company already. Use https://mxtoolbox.com/SuperTool.aspx to find out what it is set to if you don’t remember)
  8. Use Auth: “No Authentication” – Your IP authorized through section C above.
  9. Use TLS: Use TLS
  10. SASL Security Options: Disable Security
  11. Click Submit
  12. Click on Debug
  13. Supply a valid email address to send to, click on submit.
  14. From the resultant debug output, ensure that you have a “status=sent” for the email
  15. Check the email address that you sent to ensure email was sent.
  16. If it did not work, your IP may be blocked by Office 365. You can use https://sender.office.com to unblock it. Microsoft says it will take about 30 minutes to unblock, mine took 45 minutes.
  17. Test again.

The above steps adapted from the below article:

How to set up a multifunction device or application to send email using Office 365

TESTING / DEBUGGING

  • While still in Email Setup, Click on Debug, and then use a real email address to sent it to. The output of the debug should show you want is right/wrong and should help if you still have issues with the setup.
  • If you need more details on your smtp communications, you can always get to /var/log/maillog to gather more information.
  • Use postconf -n to get a dump of all parameters which may of been altered from the default ones.

Steps to getting FreePBX to work with Office 365 email
#2

Good, complete info. Because of this complexity, we just setup a $4/month O365 mailbox and setup as an authenticated sender, rather than relaying.


#3

If you have a small system that sends fewer than 100 emails per day, a free SendGrid account is very easy to set up. It’s also a little more secure; if your system gets hacked into, the API key does not provide the attacker with any access to your email domain.

Here is a shell script fragment to set up sending mail via sendmail with SendGrid. It assumes that $1 contains your domain name and $3 contains your SendGrid API key.

# set up sending mail via SendGrid
cd /etc/mail
echo "AuthInfo:smtp.sendgrid.net \"U:apikey\" \"P:$3\" \"M:PLAIN\"" >>access
sed -i "/provider')dnl/adefine(\`SMART_HOST', \`smtp.sendgrid.net')dnl\nFEATURE(\`access_db')dnl\ndefine(\`RELAY_MAILER_ARGS', \`TCP \$h 587')dnl\ndefine(\`ESMTP_MAILER_ARGS', \`TCP \$h 587')dnl" sendmail.mc
m4 sendmail.mc >sendmail.cf
makemap hash access < access
sed -i "s/`hostname -I`/& $1 /" /etc/hosts
chmod 755 /var/spool/mqueue
systemctl restart sendmail

(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.