Steps to getting FreePBX to work with Office 365 email

Introduction

Using the Commercial System Admin module makes this a bit easier. It would still be possible to do this without the Commercial System Admin module, but you will need to configure many more options manually through editing the files of course. See “Setup Postfix Manually” (below) in the references section.

Many of the Asterisk, FreePBX, Linux gurus out there don’t yet fully understand, is that Office 365 is more paranoid than most SMTP systems. It requires a few things before an email can be relayed, one of them being from a known account, and the other one being that it has to be from a known good IP. These type of setups will become standard fare for new email systems, and will be accepted best practice going forward.

Requirements for this method

  1. You are using a fixed public IP address with DNS entry that works in the wild.
  2. You don’t need IPv6 on your PBX (as Office 365 does not support it, yet)
  3. A known good Office 365 account and password
  4. Commercial System Admin module (It has the handy SMTP Email Setup)

NOTE: There is another method that you can use to setup emails for FreePBX and Office 365. I had this working nicely as well, and that is to use another SMTP relay on your local network. I did that with my IIS server SMTP relay, and it worked great. I would prefer using that method actually, however, not all my clients have an on-prem setup like that, and I wanted to ensure that I could get this to work with their Office 365 setup as is. If you want more information on how to setup IIS with SMTP relay, see reference #4 at the end of this post.

STEPS

A. Tell Office 365 you are “coming to dinner”. In that sense you will need to edit your DNS record and setup an SPF text record for your domain that informs Office 365 that you are a “known and trusted system”, and that your public facing IP address can be trusted. Since Office 365 requires an SPF record already, you will not so much need to add it, but modify the existing one it so that it include the external IP of your PBX. So, with aaa.bbb.ccc.ddd representing your public pbx ip address, this is what your TEXT record should read as:

v=spf1 ip4:aaa.bbb.ccc.ddd include:spf.protection.outlook.com ~all ← be sure to replace aaa.bbb.ccc.ddd with your public ip address

If you already have an ip4: in there with an IP, you can add another.

B. Modify your /etc/postfix/generic by adding these lines, replacing [email protected] with a real email account in your Office 365 system.

root [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
asterisk [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
@freepbx.localdomain @YourO365Domain.com

C. Add the following to the end of /etc/postfix/main.cf
smtp_generic_maps = hash:/etc/postfix/generic
and
inet_protocols = ipv4

The inet_protocols = ipv4 tells postfix to not use ipv6. ipv6 is bad mojo with most SMTP servers.

Reload postfix by running these commands:
postmap /etc/postfix/generic
service postfix restart

OPTIONAL: I also took the liberty to disable IPv6 at the Centos OS level as well. I do not need IPv6, nor is it supported end to end everywhere, so I don’t want it to ever be an issue until I know IPv6 is supported everywhere. If you want to disable IPv6 at the OS level you can do so by going to /etc/sysctl.conf and adding the following line: net.ipv6.conf.all.disable_ipv6 = 1 save the file, then reload the system ip configuration by issuing this command: sysctl -p Keep in mind you will still need to disable IPv6 in main.cf to inform postfix that you are only using ipv4

D. Using the Commercial System Admin module, go to Email Setup. Use these settings (see graphic below)

SMTP Server: Use External SMTP Server [1]
My Hostname: Put in your real PBX hostname. This must resolve back to your PBX external IP. [2]
My Origin: YourRealDomain.com This can be anything as far as I can tell [3]
My Domain: YourRealDomain.com Same as above [4]
Provider: OtherDon’t use Office 365, as you want explicit control of the settings here [5]
SMTP Server: smtp.office365.com:587 [6] This is a real value for Office 365 smtp server, don’t forget the port number
Use Auth: Use Authentication [7]
Use TLS: Use TLS (Hell yes!) [no number, ooops]
SASL Security Options: Disable Security [8]
Username: [email protected] ← Use a real office365 account [9]
Password: TheRealPassword <---- Use real office365 account password [10]

E. Click on the Submit button

TESTING / DEBUGGING

  • While still in Email Setup, Click on Debug, and then use a real email address to sent it to. The output of the debug should show you want is right/wrong and should help if you still have issues with the setup.
  • If you need more details on your smtp communications, you can always get to /var/log/maillog to gather more information. BE SURE TO TAKE A CAREFUL LOOK AT ALL OF THE FROM ADDRESSES IN THERE, AND MAKE SURE THEY INDICATE COMING FROM YOUR DOMAIN, OR THEY WILL NOT WORK. There is a possibility that you might need to add/adjust an entry in your /etc/postfix/generic file to ensure this happens.
  • Use postconf -n to get a dump of all parameters which may of been altered from the default ones.
  • View /etc/postfix/sasl_passwd and make sure your credentials show up there as you would expect them to be

References

  1. Setup Postfix Manually - Setup Postfix Manually - PBX Platforms - Documentation
  2. How to set up a multifunction device or application to send email using Office 365 - See section 3, click on “Settings for Office 365 SMTP relay” How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs
  3. Turning off IPv6 on CentOS - How To Disable IPv6 on CentOS - Networking HowTos
  4. How to configure IIS for relay with Office 365 - How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs
  5. Postfix documentation
5 Likes

THANK YOU! THANK YOU! THANK YOU!

So far this is the only method that has worked for us.

Cheers!
Seth

1 Like

Glad it helped you. If you noted any issues, let me know, and I can add it to this “FAQ” posting. Happy Thanksgiving!

This may be noted somewhere in this thread, though after weeks of not being able to get it to work reliably, I made one additional adjustment that seems to have reliably resolved the issue.

The email from the PBXact/FreePBX system needs to be sent from a registered O365 user. This is in addition to the authorized user name (#9 above) on the settings tab.

I will work to get screenshots if anyone is interested.

1 Like

Where is this change made? Within Office365 or elsewhere? Great guide!

Where is this change made?  Within Office365 or elsewhere?  Great guide!

It is made with your domain registrar. (Godaddy, etc).

Frequently but not always…

It is only made there for people who don’t have their own DNSes or are not using a third party DNS…

At least one of my personal (as in for home) domain and my employer have one or all of their domains hosted elsewhere than at the domain registrar…

Your domain registrar has to know which DNSes resolve your domain(s) but does not have to host them, they just frequently do but it’s pretty easy to find example of domains which are not using their registrar DNSes…

Have a nice day!

Nick

Nick

@jtharveyjr brought up another item to configure. That would be for the Voicemail Email Config settings. The specific change is related to the Server Email setting that specifies where the email should appear to come from. (see below)

Go to Settings, Voicemail, and then click on the Settings main tab, and then the Email Config sub-tab. Next, change the Server Email field to a REAL office 365 account.

Once this is configured, your emails will be sent from a trusted known account in your Office 365 tenant.

Thanks.

the other option is to set up an office 365 connector which allows your pbx to use office 365 to reply email. if the connector is setup properly,you do not need a real office 365 user name (or license)

1 Like

Thank you Thank you… works like a champ!

Sorry to bring this back up.
I have followed all the steps and mostly everything is working except fax emails.

I don’t even see them in the maillog file trying to send, do they use something different to send email other than postfix?

Explain please?

Incoming? Outgoing? How is your FAX system set up? Why would you expect it to work with this? What isn’t working? What is? Why isn’t your request it’s own thread instead of you pulling up one that’s been quiet for 8 months?

If they aren’t in the maillog, something further upstream is hurting you - this may not have anything to do with Office365…

You’re right, I probably should have opened a new post.
I posted here because the only change that was made was going to office365 and voicemail emails were working.
I wanted to make sure that the e-faxes use the same settings, which they do appear to.

Either way, it must have been something with the fax we were sending from, as I have verified from other sources that they are going through.

Thank you.

@mattbratt post about changing the Server Email filed. This is what fixed it for me. It would pass the debug test email but asterisk would be unable to send emails, it was getting knocked down by Microsoft’s servers with a SendAsDenied error. Changed this field and it started working.

Updated instructions: Office 365 Exchange Email and FreePBX (Updated 9/23/2019)

Thank you SOO much. This post is still helping people in 2022! :grinning:

1 Like

Thanks!

Keep in mind that this is an old thread and an article was created in the Wiki to support this issue going forward: How to setup FreePBX to work with Office 365 Exchange Email - FreePBX Documentation - Documentation

Can the from address be set as a shared mailbox in O365 or it has to be a dedicated user account?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.