Steps to getting FreePBX to work with Office 365 email


(Matthew B) #1

Introduction

Using the Commercial System Admin module makes this a bit easier. It would still be possible to do this without the Commercial System Admin module, but you will need to configure many more options manually through editing the files of course. See “Setup Postfix Manually” (below) in the references section.

Many of the Asterisk, FreePBX, Linux gurus out there don’t yet fully understand, is that Office 365 is more paranoid than most SMTP systems. It requires a few things before an email can be relayed, one of them being from a known account, and the other one being that it has to be from a known good IP. These type of setups will become standard fare for new email systems, and will be accepted best practice going forward.

Requirements for this method

  1. You are using a fixed public IP address with DNS entry that works in the wild.
  2. You don’t need IPv6 on your PBX (as Office 365 does not support it, yet)
  3. A known good Office 365 account and password
  4. Commercial System Admin module (It has the handy SMTP Email Setup)

NOTE: There is another method that you can use to setup emails for FreePBX and Office 365. I had this working nicely as well, and that is to use another SMTP relay on your local network. I did that with my IIS server SMTP relay, and it worked great. I would prefer using that method actually, however, not all my clients have an on-prem setup like that, and I wanted to ensure that I could get this to work with their Office 365 setup as is. If you want more information on how to setup IIS with SMTP relay, see reference #4 at the end of this post.

STEPS

A. Tell Office 365 you are “coming to dinner”. In that sense you will need to edit your DNS record and setup an SPF text record for your domain that informs Office 365 that you are a “known and trusted system”, and that your public facing IP address can be trusted. Since Office 365 requires an SPF record already, you will not so much need to add it, but modify the existing one it so that it include the external IP of your PBX. So, with aaa.bbb.ccc.ddd representing your public pbx ip address, this is what your TEXT record should read as:

v=spf1 ip4:aaa.bbb.ccc.ddd include:spf.protection.outlook.com ~all <-- be sure to replace aaa.bbb.ccc.ddd with your public ip address

If you already have an ip4: in there with an IP, you can add another.

B. Modify your /etc/postfix/generic by adding these lines, replacing RealAccountInOffice365@YourRealDomain.com with a real email account in your Office 365 system.

root RealOffice365Account@YourO365Domain.com
root@localhost RealOffice365Account@YourO365Domain.com
root@localhost.localdomain RealOffice365Account@YourO365Domain.com
root@freepbx RealOffice365Account@YourO365Domain.com
root@freepbx.localdomain RealOffice365Account@YourO365Domain.com
asterisk RealOffice365Account@YourO365Domain.com
asterisk@localhost RealOffice365Account@YourO365Domain.com
asterisk@localhost.localdomain RealOffice365Account@YourO365Domain.com
asterisk@freepbx RealOffice365Account@YourO365Domain.com
asterisk@freepbx.localdomain RealOffice365Account@YourO365Domain.com
vm@asterisk RealOffice365Account@YourO365Domain.com
asterisk@ RealOffice365Account@YourO365Domain.com
@freepbx.localdomain @YourO365Domain.com

C. Add the following to the end of /etc/postfix/main.cf
smtp_generic_maps = hash:/etc/postfix/generic
and
inet_protocols = ipv4

The inet_protocols = ipv4 tells postfix to not use ipv6. ipv6 is bad mojo with most SMTP servers.

Reload postfix by running these commands:
postmap /etc/postfix/generic
service postfix restart

OPTIONAL: I also took the liberty to disable IPv6 at the Centos OS level as well. I do not need IPv6, nor is it supported end to end everywhere, so I don’t want it to ever be an issue until I know IPv6 is supported everywhere. If you want to disable IPv6 at the OS level you can do so by going to /etc/sysctl.conf and adding the following line: net.ipv6.conf.all.disable_ipv6 = 1 save the file, then reload the system ip configuration by issuing this command: sysctl -p Keep in mind you will still need to disable IPv6 in main.cf to inform postfix that you are only using ipv4

D. Using the Commercial System Admin module, go to Email Setup. Use these settings (see graphic below)

SMTP Server: Use External SMTP Server [1]
My Hostname: Put in your real PBX hostname. This must resolve back to your PBX external IP. [2]
My Origin: YourRealDomain.com This can be anything as far as I can tell [3]
My Domain: YourRealDomain.com Same as above [4]
Provider: Other <-- Don’t use Office 365, as you want explicit control of the settings here [5]
SMTP Server: smtp.office365.com:587 [6] This is a real value for Office 365 smtp server, don’t forget the port number
Use Auth: Use Authentication [7]
Use TLS: Use TLS (Hell yes!) [no number, ooops]
SASL Security Options: Disable Security [8]
Username: RealOffice365Account@YourDomain.com <-- Use a real office365 account [9]
Password: TheRealPassword <---- Use real office365 account password [10]

E. Click on the Submit button

TESTING / DEBUGGING

  • While still in Email Setup, Click on Debug, and then use a real email address to sent it to. The output of the debug should show you want is right/wrong and should help if you still have issues with the setup.
  • If you need more details on your smtp communications, you can always get to /var/log/maillog to gather more information. BE SURE TO TAKE A CAREFUL LOOK AT ALL OF THE FROM ADDRESSES IN THERE, AND MAKE SURE THEY INDICATE COMING FROM YOUR DOMAIN, OR THEY WILL NOT WORK. There is a possibility that you might need to add/adjust an entry in your /etc/postfix/generic file to ensure this happens.
  • Use postconf -n to get a dump of all parameters which may of been altered from the default ones.
  • View /etc/postfix/sasl_passwd and make sure your credentials show up there as you would expect them to be

References

  1. Setup Postfix Manually - https://wiki.freepbx.org/display/PPS/Setup+Postfix+Manually
  2. How to set up a multifunction device or application to send email using Office 365 - See section 3, click on “Settings for Office 365 SMTP relay” https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4
  3. Turning off IPv6 on CentOS - http://www.networkinghowtos.com/howto/disable-ipv6-on-centos/
  4. How to configure IIS for relay with Office 365 - https://support.office.com/en-us/article/How-to-configure-IIS-for-relay-with-Office-365-eb57abd2-3859-4e79-b721-2ed1f0f579c9
  5. Postfix documentation

Email configuration for Office 365
FreePBX Voicemail to Email Notification Configuration Using Office 365 - Help!
Email configuration for Office 365
Changing the voicemail email FROM address?
Configuring email on PBXact UC 40
Office 365 Exchange Email and FreePBX (Updated 9/23/2019)
Possible to change "from" email to something other than asterisk@domain.com?
(tkldr) #2

THANK YOU! THANK YOU! THANK YOU!

So far this is the only method that has worked for us.

Cheers!
Seth


(Matthew B) #3

Glad it helped you. If you noted any issues, let me know, and I can add it to this “FAQ” posting. Happy Thanksgiving!


(JT Harvey) #4

This may be noted somewhere in this thread, though after weeks of not being able to get it to work reliably, I made one additional adjustment that seems to have reliably resolved the issue.

The email from the PBXact/FreePBX system needs to be sent from a registered O365 user. This is in addition to the authorized user name (#9 above) on the settings tab.

I will work to get screenshots if anyone is interested.


(Mvogel4949) #5

Where is this change made? Within Office365 or elsewhere? Great guide!


(Matthew B) #6
Where is this change made?  Within Office365 or elsewhere?  Great guide!

It is made with your domain registrar. (Godaddy, etc).


Voicemail to email network unreachable
(Marbled) #7

Frequently but not always…

It is only made there for people who don’t have their own DNSes or are not using a third party DNS…

At least one of my personal (as in for home) domain and my employer have one or all of their domains hosted elsewhere than at the domain registrar…

Your domain registrar has to know which DNSes resolve your domain(s) but does not have to host them, they just frequently do but it’s pretty easy to find example of domains which are not using their registrar DNSes…

Have a nice day!

Nick

Nick


(Matthew B) #8

@jtharveyjr brought up another item to configure. That would be for the Voicemail Email Config settings. The specific change is related to the Server Email setting that specifies where the email should appear to come from. (see below)

Go to Settings, Voicemail, and then click on the Settings main tab, and then the Email Config sub-tab. Next, change the Server Email field to a REAL office 365 account.

Once this is configured, your emails will be sent from a trusted known account in your Office 365 tenant.

Thanks.


(Bob Reiber) #9

the other option is to set up an office 365 connector which allows your pbx to use office 365 to reply email. if the connector is setup properly,you do not need a real office 365 user name (or license)


(Andrew Birch) #10

Thank you Thank you… works like a champ!


(Kevin Gupta) #11

Sorry to bring this back up.
I have followed all the steps and mostly everything is working except fax emails.

I don’t even see them in the maillog file trying to send, do they use something different to send email other than postfix?


(Dave Burgess) #12

Explain please?

Incoming? Outgoing? How is your FAX system set up? Why would you expect it to work with this? What isn’t working? What is? Why isn’t your request it’s own thread instead of you pulling up one that’s been quiet for 8 months?

If they aren’t in the maillog, something further upstream is hurting you - this may not have anything to do with Office365…


(Kevin Gupta) #13

You’re right, I probably should have opened a new post.
I posted here because the only change that was made was going to office365 and voicemail emails were working.
I wanted to make sure that the e-faxes use the same settings, which they do appear to.

Either way, it must have been something with the fax we were sending from, as I have verified from other sources that they are going through.

Thank you.


#14

@mattbratt post about changing the Server Email filed. This is what fixed it for me. It would pass the debug test email but asterisk would be unable to send emails, it was getting knocked down by Microsoft’s servers with a SendAsDenied error. Changed this field and it started working.


(Matthew B) #15

Updated instructions: Office 365 Exchange Email and FreePBX (Updated 9/23/2019)