Lee H. Marzke on 18 Feb 2018 12:15:32 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] VOIP texting - was Help with Postfix SASL auth to smarthost on RedHat distro |
See below, ----- Original Message ----- > From: "Keith C. Perry" <kperry@daotechnologies.com> > To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> > Sent: Sunday, February 18, 2018 2:05:00 PM > Subject: Re: [PLUG] VOIP texting - was Help with Postfix SASL auth to smarthost on RedHat distro > Yep, TLS / SASL to my Zimbra server here too. Life is good... > > I'm testing Google Fi stuff now but I haven't ported my number yet. My > understanding is that I can IM/txt in hangouts which is good. The little bit > of voice spam I have received also demonstrated to me how can be answered and > made via hangouts too. For me that is going to be ideal since 1) I don't talk > on my mobile line unless absolutely necessary and 2) I hate having to pick up > my phone to response/send text messages. So far I've avoided gmail ( I use Zimbra ) and Hangouts, and I use Google Fi and Google search only. Very happy with Fi so far, working WIfi tethering, and the free data-only SIM card for my Nexus 10 tablet. Looks like Hangouts integrates with Google Voice, and while I use Google Fi, I pretty much avoid the rest and use a wholesale VOIP trunks to my Asterisk box, so I'm not sure how Hangouts would work. Looks like it competes with WhatsApp, which does much the same thing - only it doesn't require a gmail account and works with any mobile phone number that has inbound SMS. > > I still use regular SMS but you are right that with so much movement towards > VoIP, that is going to have to change- I've been doing mid-sized VoIP office > deployments where this doesn't come up but now I'm seeing more interested in > the home office environment so I'm sure that question is going to come up at > some point. I stopped actively giving out my mobile number even though its in > my business card QR code contact. When I am out of the office I just turn on > the soft phone if I will be available for calls. Some of the supported VOIP solutions make integration easier I suppose. I'm using wholesale VOIP trunks and a Panasonic DECT portable VOIP phone, and their is a lot of work to just get them working on FreePBX (even without encryption ). Now if you use supported Sipura phones or buy the commercial phone module much of this gets easier. Do you have encryption working to any softphones , or do you just run OpenVPN on the laptop ? I've seen FreePBX / OpenVPN integrations, but they seem to only support Sipura phones etc. > > If you are running FreePBX you might want to sign up for the Zulu beta which is > Sangoma's / FreePBX's softphone. If you are running a recent versions of > FreePBX, on activated systems you'll see it in the commercial modules listing. > It wasn't being pushed heavily since a major upgrade has been going on but it > looks like it just about ready. OK, I saw that and will take a look. I just migrated my office PBX to the latest FreePBX SNG7 distro, and that took quite a while. Even my SIP trunks were not connecting at first, so I signed up for the free trial of SipStation trunks, looked at how the config in /etc/asterisk/sip_additional.conf was done, and then experimented with the GUI to get my trunks to create a similar config. I think they add more and more fields to FreePBX GUI and change things just to make it difficult for any non SipStation trunks to work. > > https://www.sangoma.com/products/zulu/ > > The SMS component appears to require SIPStation's trunking service so that will > probably hold back more widespread testing. Yes, I started to consider SipStation trunks, but they only have standard usage trunks ( small fee for each DID, then ~$24/month for each trunk ). With low usage, and wholesale trunks ( I pay per minute for inbound/outbound local calls ) my typical monthly charge is more like $3/month instead of $24 The whole debate about unlimited vs wholesale trunks is here: http://nerdvittles.com/?p=13031 > > Also, for XMPP stuff and private IM/chat solutions I run and recommend Openfire > (https://www.igniterealtime.org/projects/openfire/). They do have a SIP plugin > but I haven't played around with it in awhile. I think it runs in capable web > browsers with the Spark web client (should be everything these days) and with > the Spark desktop client. 'Might ultimately be better to just use the FreePBX > XMPP client in the UCP though so you have one less think to worry about. I had looked at OpenFire/Spark, but never got it running, and with FreePBX XMPP on a public IP, I just set the domain name in FreePBX, and got a Pidgin client connected with no issues in 5 minutes. But I don't have much use for Private XMPP since this is just my office - and that's why I'm looking for SMS or similar solutions. Most of my solutions are for a home office ( 1 to 3 person office ) with extremely low recurring cost, while most UC solutions seem to have larger environments in mind. Thanks for all the info, Keith. The one remaining problem is that with FreePBX on a public IP (no NAT), and home phones behind pfSense firewall with NAT it works fine, but moving the FreePBX to EC2 (different public IP ) and my home phones lose RTP connectivity due to NAT issue ( no voice either direction ). Running on EC2 is really just for DR, or learning EC2 at this point so it's not required. But I still can't see why changing the Asterisk public IP breaks my local hardphones. Its doing the same RTP NAT traversal either way, and I've even set pfSense static port option and cleared the states per pfSense postings, but it didn't work. Lee > > ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ > Keith C. Perry, MS E.E. > Managing Member, DAO Technologies LLC > (O) +1.215.525.4165 x2033 > (M) +1.215.432.5167 > www.daotechnologies.com > > ----- Original Message ----- > From: "Lee H. Marzke" <lee@marzke.net> > To: "Philadelphia Linux User's Group Discussion List" > <plug@lists.phillylinux.org> > Sent: Sunday, February 18, 2018 8:00:00 AM > Subject: Re: [PLUG] VOIP texting - was Help with Postfix SASL auth to smarthost > on RedHat distro > > Thanks for reminding me to close down those gmail security exceptions, as I'm > running my > voicemail messages through my main SMTP server now, over TLS/SASL. > > I have a question. What do people use these days for texting ? > > SMS was popular on mobile phones, but doesn't have support by most VOIP > carriers. > Many VOIP carriers have inbound SMS, but the clients are often XMPP , not the > native SMS client. > > Even FreePBX 14 now has an embedded XMPP server, but that's not useful unless > you > have a whole company on your PBX. Pidgin on Linux talked to FreePBX XMPP > easily. > Or maybe people register with a whole bunch of XMPP services ? > > I would like to not publish my cell number since I route my incoming VOIP trunks > to it, so > the cell's SMS capability doesn't hide the cell number for me. > > I've also notices that WhatsApp is popular, and I have an unexpected number of > business and family with accounts. That service can be used on the phone with > any inbound number that receives texts so that may work for me. > > What are people using these days for texting? So many choices. > > Lee > > > > > ----- Original Message ----- >> From: "Keith C. Perry" <kperry@daotechnologies.com> >> To: "Philadelphia Linux User's Group Discussion List" >> <plug@lists.phillylinux.org> >> Sent: Saturday, February 17, 2018 9:05:06 PM >> Subject: Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro > >> I know this is a bit dated but I wanted to +1 this because after realizing many >> ISPs blocks port 25 for residential customers I ended up created an account on >> my mail server so that my clients that work out of their homes could relay >> their voicemail messages. As stated Gmail, is going to be a pita to use so it >> makes life easier just to run this traffic through my own server. >> >> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ >> Keith C. Perry, MS E.E. >> Managing Member, DAO Technologies LLC >> (O) +1.215.525.4165 x2033 >> (M) +1.215.432.5167 >> www.daotechnologies.com >> >> ----- Original Message ----- >> From: "Lee H. Marzke" <lee@marzke.net> >> To: "Philadelphia Linux User's Group Discussion List" >> <plug@lists.phillylinux.org> >> Sent: Monday, February 12, 2018 8:00:00 AM >> Subject: Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro >> >> FYI, >> >> OK SMTP auth over tls is working now. >> >> Turns out gmail relay still fails, and it forces you to allow "less secure apps" >> in your account settings before this works. >> So I've switched to my other smarthost and that is working as well. >> >> This is an example of why software code reviews can be so helpful, when you >> carefully explain or walk through the >> code with others, the error that you couldn't see before just jump out. >> >> >> >> Lee >> >> >> >> ----- Original Message ----- >>> From: "Lee H. Marzke" <lee@marzke.net> >>> To: "Philadelphia Linux User's Group Discussion List" >>> <plug@lists.phillylinux.org> >>> Sent: Sunday, February 11, 2018 10:45:22 PM >>> Subject: Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro >> >>> Wow, just typing this message out helped me find the likely error already. >>> >>>> -rw------- 1 root root 111 Feb 11 18:37 sasl_paswd >>>> -rw------- 1 root root 12288 Feb 11 19:42 sasl_paswd.db >>> >>> Looks like passwd is missing an 's' both places. How did I miss that. >>> >>> I'll let everyone know if that fixes it. >>> >>> Lee >>> >>> ----- Original Message ----- >>>> From: "Lee H. Marzke" <lee@marzke.net> >>>> To: "Philadelphia Linux User's Group Discussion List" >>>> <plug@lists.phillylinux.org> >>>> Sent: Sunday, February 11, 2018 10:36:36 PM >>>> Subject: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro >>> >>>> I'm having trouble with Postfix SMTP authentication to a smarthost on a new >>>> install of RH 7.3 >>>> >>>> This is actually the latest FreePBX SNG7 OS based on RH 7.3 but shouldn't >>>> matter. >>>> https://en.wikipedia.org/wiki/FreePBX_Distro >>>> >>>> I have Postfix SMTP auth over TLS working on an old Ubuntu release, but for >>>> some reason the Red Hat distro is giving me permission issues >>>> with nearly the same setup. Any clues where I should look next ? >>>> >>>> Basically SASL authentication strings are in the file /etc/postfix/sasl_passwd >>>> containing two smart hosts: >>>> >>>> [smtp.gmail.com]:587 username:password >>>> [smtp.smarthost2.net]:587 username:password >>>> >>>> and has permissions: >>>> >>>> -rw------- 1 root root 111 Feb 11 18:37 sasl_paswd >>>> -rw------- 1 root root 12288 Feb 11 19:42 sasl_paswd.db >>>> >>>> the hash is updated/created with: >>>> sudo postmap hash:/etc/postfix/sasl_passwd >>>> >>>> Notes with CentOS claim that postfix reads the .db map file as root, then drops >>>> permissions on startup. >>>> >>>> However, when I send email, I keep getting errors where postfix can't read the >>>> sasl_passwd.db file. >>>> >>>> Feb 11 22:12:42 freepbx postfix/smtp[11208]: Trusted TLS connection established >>>> to smtp.gmail.com[209.85.232.108]:587: TLSv1.2 with cipher >>>> ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >>>> Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: >>>> hash:/etc/postfix/sasl_passwd is unavailable. open database >>>> /etc/postfix/sasl_passwd.db: No such file or directory >>>> Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: >>>> hash:/etc/postfix/sasl_passwd lookup error for "smtp.gmail.com" >>>> Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: 89DF211780BB: >>>> smtp_sasl_passwd lookup error >>>> Feb 11 22:12:42 freepbx postfix/smtp[11208]: 89DF211780BB: local data error >>>> while talking to smtp.gmail.com[209.85.232.108] >>>> >>>> Now I know the file is there. And I've tried changing permissions to allow >>>> postfix group read, and other combination >>>> but they always fail the same way. >>>> >>>> >>>> The relevant sections of main.cf are: >>>> >>>> #Setup TLS, using default self-signed certs >>>> >>>> smtp_tls_security_level = may >>>> smtp_tls_loglevel = 1 >>>> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.trust.crt >>>> smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt >>>> smtp_tls_key_file = /etc/pki/tls/private/localhost.key >>>> >>>> # Use smarthost >>>> #relayhost = [smtp.protectedservice.net]:587 >>>> relayhost = [smtp.gmail.com]:587 >>>> >>>> # Setup SASL over TLS for smart host ( Gmail require TLS, others may not ) >>>> >>>> smtp_use_tls = yes >>>> smtp_sasl_auth_enable = yes >>>> broken_sasl_auth_clients = yes >>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >>>> smtp_sasl_security_options = noanonymous >>>> smtp_sasl_tls_security_options = noanonymous >>>> smtp_sasl_type = cyrus >>>> smtp_tls_security_level = encrypt >>>> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy >>>> >>>> ###DEBUG >>>> #debug_peer_list=smtp.gmail.com >>>> #debug_peer_level=3 >>>> >>>> >>>> The policy map tls_policy contains: (but this isn't causing issues so >>>> far) >>>> >>>> [smtp.gmail.com]:587 encrypt >>>> [smtp.othersmarhost.net]:587 encrypt >>>> >>>> >>>> Regards, >>>> >>>> >>>> Lee >>>> >>>> -- >>>> "Between subtle shading and the absence of light lies the nuance of iqlusion..." >>>> - Kryptos >>>> >>>> Lee Marzke, lee@marzke.net http://marzke.net/lee/ >>>> IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM >>>> >>>> ___________________________________________________________________________ >>>> Philadelphia Linux Users Group -- http://www.phillylinux.org >>>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >>>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug >>> >>> -- >>> "Between subtle shading and the absence of light lies the nuance of iqlusion..." >>> - Kryptos >>> >>> Lee Marzke, lee@marzke.net http://marzke.net/lee/ >>> IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM >>> +1 800-393-5217 office >>> +1 484-348-2230 fax >>> ___________________________________________________________________________ >>> Philadelphia Linux Users Group -- http://www.phillylinux.org >>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug >> >> -- >> "Between subtle shading and the absence of light lies the nuance of iqlusion..." >> - Kryptos >> >> Lee Marzke, lee@marzke.net http://marzke.net/lee/ >> IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM >> +1 800-393-5217 office >> +1 484-348-2230 fax >> ___________________________________________________________________________ >> Philadelphia Linux Users Group -- http://www.phillylinux.org >> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug >> ___________________________________________________________________________ >> Philadelphia Linux Users Group -- http://www.phillylinux.org >> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce >> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > > -- > "Between subtle shading and the absence of light lies the nuance of iqlusion..." > - Kryptos > > Lee Marzke, lee@marzke.net http://marzke.net/lee/ > IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM > +1 800-393-5217 office > +1 484-348-2230 fax > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug -- "Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos Lee Marzke, lee@marzke.net http://marzke.net/lee/ IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug