PIONEERS Incredible PBX Smarthost

[wardmundy]

As noted in this thread, Google has begun warning that it is phasing out so-called "Less Secure Apps" from its platforms. What impact this ultimately will have on the Gmail Smarthost solution we have been using to provide outbound email service on Incredible PBX platforms remains unclear. But heeding the admonition of @ostridge, it did light a fire under us to begin searching for a stable alternative moving forward.

We've chosen a well-respected email platform, MXroute, and have taken advantage of their lifetime subscription offer to first bring the new Smarthost outbound email service to Incredible PBX 2022 (Rocky 8) using MXroute and Postfix. This will NOT damage your existing SendMail setup. We're simply going to turn off SendMail and turn on the existing Postfix platform. Once stable, we'll expand to Debian, Ubuntu, and Raspbian platforms.

Going into this, we obviously appreciate the potential for spammers to infiltrate our platform and use it for their own purposes. To deter this threat, we will need a username:password scheme that can quickly remove any identified bad actors and change the email credentials. This means that, from time to time, we may need to notify individual users to install a new password combination on their Incredible PBX platforms.

While still open to suggestions, "the plan" is to solicit names, addresses, IP and email info from every user that wishes to use the new service. We then can quickly send an update PIN when necessary to deploy modified username:password credentials. There would be a simple script (something like what's shown below) to load the updated credentials onto your server. We would deploy a script that prompts for the PIN of the day (104328 in the example), and the rest is automatic.

# Issue command: /root/smarthost-update 104328
cd /etc/postfix
wget http://incrediblepbx.com/email/$1/smarthost.tar.gz
tar zxvf smarthost.tar.gz
rm -f smarthost.tar.gz
systemctl restart postfix

We now have fully tested this and are ready for a few pioneers as well as any thoughts you may have on the process. You will need an Incredible PBX 2022 server or VirtualBox VM if you'd like to play.

To get started, send an email to [email protected] with the requested info:
Name
Address
Cellphone Number (for receipt of PINs)
Server IP Address (dynamic DNS change will NOT break anything)
Your Email Address (should match the sender email address of your message to [email protected])

 

[ostridge]

To get started, send an email to [email protected] with the requested info:
Name
Address
Cellphone Number (for receipt of PINs)
Server IP Address (dynamic DNS change will NOT break anything)
Your Email Address (should match the sender email address of your message to [email protected])

Query doesn't this need some encryption. and maybe a brief privacy statement like
"Your details will be automatically relayed to *mxroute.com and not held on our server" or whatever?

I don't like reading sort of 'War and Peace' sized eulas.

 

[wardmundy]

We all will use the same registration at MXroute to send outbound emails. So the collected information is solely for us and gives us a way to respond to any authorities that seek to go after a spammer down the road. The data will be kept in our [email protected] email account at MXroute and typically will be used to send email updates via email replies and SMS messages should a PIN code change become necessary.

FYI: Outbound SMTP log at MXroute has entries like this where 98, xxx, yyy, and zzz reflect actual IP address of sender:

[email protected] H=c-98-xxx-yyy-zzz.hsd1.fl.comcast.net

 

[cosmic]

It's disappointing that you didn't choose to try to make it work with one of the other existing free email providers that are out there. For example, GMX still offers free email accounts and has SMTP and POP support. If you don't like them then I was told that SMTP2GO has a free plan for those who send under 1,000 emails per month (move the slider near the top of the page all the way to the left to see it).

I just don't trust "lifetime" offers from any company, much less those with a fairly hefty upfront cost, because these days "lifetime" tends to mean "the life of the company, or until we decide to renege and charge additional fees" (yes that happens, see recent posts about PlayOn such as this one in the PlayOn subreddit for an example).

If a company such as this has no other source of income besides their email product then either they will not be around that long, or they will be putting the touch on users for more money soon enough. On the other hand, if they have other revenue streams (such as selling advertising on their home page and on other pages on their site) then there's really no reason they should need to charge for email at all, let alone that kind of hefty upfront fee. I just don't like the "smell" of this one.

 

[Samot]

I just don't like the "smell" of this one

MXRoute has been around since about 2013. They have a solid reputation. You sure that smell wasn't burnt toast?

 

[wardmundy]

Agree with @Samot on this one, which will come as a shocker to many. We're still exploring other options as well, @cosmic. Thanks for the suggestions. And, yes, we would prefer to get out of the middle of this if at all possible. But many free email platforms block serving as a RelayHost especially for multiple destination addresses, and that's what we need.

In case it wasn't clear, we've paid for the lifetime subscription at MXroute so there would be no cost to any Incredible PBX user.

 

[cosmic]

Oh, no that wasn't real clear, at least to me. Well if they are reputable and you think they will be around for awhile then that is indeed a good deal.

 

[JFrost]

Considering I just did something very similar on 2021 I have a runbook on adding postfix and setting up with standard SMTP. There are many providers, eg. sendgrid, mailjet, mailgun, and if you don't send more than a hundred or two emails a day their free tiers ought to suffice.

I'll ignore the rude heckling I got in my other thread for daring to want to use something other than the "sanctioned" gmail smarthost solution and for having the unmitigated gall to ask for a lead on how to get set up with standard SMPT and will offer my meager runbook here in case it benefits anyone.

As a linux novice (at best) and one who's careful to understand commands not just copy pasta, this took me about an hour total incl unraveling the `apt upgrade` stuff I had uncertainties about and documenting.

In reality it's fairly simple and probably takes the experienced among you 12-15 mins to complete including waiting for the downloads and such.

 

[JFrost]

It's disappointing that you didn't choose to try to make it work with one of the other existing free email providers that are out there. For example, GMX still offers free email accounts and has SMTP and POP support. If you don't like them then I was told that SMTP2GO has a free plan for those who send under 1,000 emails per month (move the slider near the top of the page all the way to the left to see it).

I just don't trust "lifetime" offers from any company, much less those with a fairly hefty upfront cost, because these days "lifetime" tends to mean "the life of the company, or until we decide to renege and charge additional fees" (yes that happens, see recent posts about PlayOn such as this one in the PlayOn subreddit for an example).

If a company such as this has no other source of income besides their email product then either they will not be around that long, or they will be putting the touch on users for more money soon enough. On the other hand, if they have other revenue streams (such as selling advertising on their home page and on other pages on their site) then there's really no reason they should need to charge for email at all, let alone that kind of hefty upfront fee. I just don't like the "smell" of this one.

You can also use Mailjet. Their primary business is as an email blasting platform but for larger scales of usage. They also have a free tier (couple hundred a day iirc) which is kinda like their "trial" package but great for small accounts too.
Sendgrid and Mailgun might have a free tier too and you can always snag a cheap $3 or $5/mo cpanel host and use the mailing in that with your own domain for bigger quants.

Just for the love of god not godaddy and not an EIG host.

 

[wardmundy]

Postfix tutorial now available on Nerd Vittles.

 

[ostridge]

You can also use Mailjet. Their primary business is as an email blasting platform but for larger scales of usage. They also have a free tier (couple hundred a day iirc) which is kinda like their "trial" package but great for small accounts too.
Sendgrid and Mailgun might have a free tier too and you can always snag a cheap $3 or $5/mo cpanel host and use the mailing in that with your own domain for bigger quants.

Just for the love of god not godaddy and not an EIG host.

Of course I could have done as you asked, but in doing so I have to re-configure to a different provider, and no matter what provider I may choose; the next request is for a different one. For me its easier to stay with what is working is secure and free.

You chose a different path, you made it work, and by doing so you will have learned a thing or two. I'd say that's a big win win.
So well done.

 

[kenn10]

Postfix tutorial now available on Nerd Vittles.

Works like a champ on Oracle and Azure free instances. Have not yet tried on my production 2021 systems but see no reason it would not.

 

[Samot]

I've got a question about this. I'm not sure about the install numbers or active deployments but if this is meant to be the default solution for IPBX deployments, how are you addressing the 300 emails/hour limit? I mean, if there are 100 deployments that would mean each could only send 3 emails per hour before the overall hourly limit is reached.

 

[JFrost]

Of course I could have done as you asked, but in doing so I have to re-configure to a different provider, and no matter what provider I may choose; the next request is for a different one. For me its easier to stay with what is working is secure and free.

Really not sure what you're replying or referring to. I did not ask you to do anything.

I simply quoted and replied to user Cosmic and offered some alternatives to MXroute, which s/he appeared to not be fond of

You ofc can and should use whatever suites you. I think that goes without saying.

You chose a different path, you made it work, and by doing so you will have learned a thing or two. I'd say that's a big win win.
So well done.

I come here to learn things, sometimes expand on the little I know. It is a win in my book so thank you.

 

[wardmundy]

I've got a question about this. I'm not sure about the install numbers or active deployments but if this is meant to be the default solution for IPBX deployments, how are you addressing the 300 emails/hour limit? I mean, if there are 100 deployments that would mean each could only send 3 emails per hour before the overall hourly limit is reached.

I think most will prefer a self-managed solution as we documented here.

 

[hawk#1]

works great and easy to use. I had set up my own email server and this sends it thru without any issues

 

[kenn10]

@wardmundy, I seem to have run into snag with the Sendgrid smarthost implementation. I have DynDNS addresses for my servers. IncrediblePBX, despite having correct settings for the "from Server" fields, is still sending email to Sendgrid showing the header as Asterisk@<DynDNS assigned>. I have a single sender defined in Sendgrid but my IPBX is not sending it even though it is in the voicemail settings.

Also, I cannot define "asterisk@<my DynDNS address> since my IPBX does not except the email verification request from Sendgrid. I can't define my entire domain since DynDNS doesn't allow you to set "A" records and such. Any ideas?

 

[wardmundy]

@wardmundy, I seem to have run into snag with the Sendgrid smarthost implementation. I have DynDNS addresses for my servers. IncrediblePBX, despite having correct settings for the "from Server" fields, is still sending email to Sendgrid showing the header as Asterisk@<DynDNS assigned>. I have a single sender defined in Sendgrid but my IPBX is not sending it even though it is in the voicemail settings.

Also, I cannot define "asterisk@<my DynDNS address> since my IPBX does not except the email verification request from Sendgrid. I can't define my entire domain since DynDNS doesn't allow you to set "A" records and such. Any ideas?

That's a limitation of almost all of these SmartHosts. You really need email addresses where you can at least receive incoming mail to confirm the address.

Here's an inbound email solution with Postfix. You'd probably have to enable port 25 in the firewall temporarily.

 

[kenn10]

That's a limitation of almost all of these SmartHosts. You really need email addresses where you can at least receive incoming mail to confirm the address.

I have one. But I can't get the PBX to modify the "From" to send the confirmed sender address.

 

[kenn10]

@wardmundy So here is what the /var/spool/mail.log is showing (even though I have a Sendgrid verified sender address on my gmail account which is placed in the settings > voicemail > email within FreePBX. So it is either a FreePBX issue or the "from" email is permanently set someplace during initial system setup and changing the voicemail settings does not modify it. I suspect some alias or generics table is needed in Postfix but have not delved into how to fix it. I cannot find where it is currently set except possibly in the /etc/mail/genericsdomain table.

tail -f /var/log/mail.log
Mar 23 15:53:08 xxxxxxxx postfix/cleanup[7806]: 2EA3419250: message-id=<[email protected]>
Mar 23 15:53:08 xxxxxxxx postfix/qmgr[25880]: 2EA3419250: from=<[email protected]>, size=47886, nrcpt=1 (queue active)
Mar 23 15:53:08 xxxxxxxx postfix/smtp[7809]: 2EA3419250: to=<[email protected]>, relay=smtp.sendgrid.net[167.89.123.97]:587, delay=0.56, delays=0.06/0.03/0.37/0.09, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[167.89.123.97] said: 550 The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved. Visit https://sendgrid.com/docs/for-developers/sending-email/sender-identity/ to see the Sender Identity requirements (in reply to end of DATA command))
Mar 23 15:53:08 xxxxxxxx postfix/cleanup[7806]: B3F451925C: message-id=<[email protected]>
Mar 23 15:53:08 xxxxxxxx postfix/qmgr[25880]: B3F451925C: from=<>, size=50422, nrcpt=1 (queue active)
Mar 23 15:53:08 xxxxxxxx postfix/bounce[7810]: 2EA3419250: sender non-delivery notification: B3F451925C
Mar 23 15:53:08 xxxxxxxx postfix/qmgr[25880]: 2EA3419250: removed
Mar 23 15:53:08 xxxxxxxx postfix/local[7812]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Mar 23 15:53:08 xxxxxxxx postfix/local[7812]: B3F451925C: to=<[email protected]>, relay=local, delay=0.05, delays=0/0.05/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 23 15:53:08 xxxxxxxx postfix/qmgr[25880]: B3F451925C: removed