tiredofit / docker-freepbx

Dockerized FreePBX 15 w/Asterisk 17, Seperate MySQL Database support, and Data Persistence and UCP
MIT License
515 stars 237 forks source link

msmtp bug / Error code 220 "with message" #180

Open jycemea opened 3 years ago

jycemea commented 3 years ago

Hi, I unfortunately had to remove this container. The freebpx-app is not relaying any voicemail or email notification at all. It is actually impossible to get the right working config. The dashboard notification is : Error code 220 "with message".

Not running with my email on port 25. Most of providers are blocking this port. Is there a solution to use port 587 / 565?.

Thanks

leorg99 commented 3 years ago

I am using a container for relaying mail and it works:

services:
  app:
    image: "tiredofit/freepbx:latest"
    restart: always
    depends_on:
      - db
      - gmail-relay
    ....
    networks:
      - web
      - backend
   ....
    environment:
      - "TIMEZONE=America/New_York"
      - "DEBUG_MODE=TRUE" # Adds additional debugging
      - "CONTAINER_LOG_LEVEL=DEBUG"
      - "ENABLE_LOGROTATE=TRUE"
      - "ENABLE_CRON=TRUE"
      - "ENABLE_FAIL2BAN=FALSE"

      - "ENABLE_SMTP=TRUE"
      - "SMTP_FROM=<fromAddress>"
      - "SMTP_HOST=gmail-relay"
      - "SMTP_PORT=587"
 ....

  gmail-relay:
    image: boky/postfix:latest
    restart: always
    environment:
      - "TZ=America/New_York"
      - "INBOUND_DEBUGGING=1"
      - XOAUTH2_SYSLOG_ON_FAILURE=yes
      # - XOAUTH2_FULL_TRACE=yes
      - MASQUERADED_DOMAINS=voice.mydomain.com
      - "POSTFIX_mynetworks=127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16"
      # - POSTFIX_smtpd_client_restrictions=permit_mynetworks
      # - POSTFIX_smtp_sasl_security_options=noanonymous
      - "RELAYHOST=[smtp.gmail.com]:587"
      - "RELAYHOST_USERNAME=myemail@gmail.com"
      # - "RELAYHOST_TLS_LEVEL=encrypt"
      - "XOAUTH2_CLIENT_ID=<clientId>"
      - "XOAUTH2_SECRET=<secret>"
      - "ALLOW_EMPTY_SENDER_DOMAINS=true"
      - "XOAUTH2_INITIAL_ACCESS_TOKEN=<init_token>"
      - "XOAUTH2_INITIAL_REFRESH_TOKEN=<refresh_token>"
    networks:
      - backend
...
networks:
  backend:
  web:
    external: true
jycemea commented 3 years ago

Hi LeorGreenberger. Thanks for the answer. I tried but I still have the same error message. I'm not using gmail, so I do not need all this XOAUTH2 options around I got OVH pro email ssl0.ovh.net.

I also had an error message with the boky/postfix container. Can't reach 127.0.0.1. as it is is not seen on the network. I'm using a contabo virtual VPS with a public IP... Could it be the problem?

Could you please post a copy of your complete docker_compose.yml (without log and passwd of course). I would like to make a test on it.

Thanks!!

leorg99 commented 3 years ago

Here you go. Note that I am using traefik as my reverse proxy. I'll create a repo in a few days with all my config files in case you want to see that too.

version: '3.8'

services:
  app:
    image: "tiredofit/freepbx:latest"
    restart: always
    depends_on:
      - db
      - gmail-relay
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"
      - "traefik.http.routers.freepbx-http.rule=Host(`<redacted>`)"
      - "traefik.http.routers.freepbx-http.entryPoints=http"
      - "traefik.http.routers.freepbx-http.service=freepbx-http"
      - "traefik.http.services.freepbx-http.loadbalancer.server.port=80"
      - "traefik.http.routers.freepbx-https.rule=Host(`<redacted>`)"
      - "traefik.http.routers.freepbx-https.service=freepbx-https"
      - "traefik.http.routers.freepbx-https.entryPoints=https"

      # This tells traefik which port to send the packets to for the backend service.
      - "traefik.http.services.freepbx-https.loadbalancer.server.port=80"

      # Traefik will secure the connection between browser and then decrypt the packets and send it to the backend service.
      - "traefik.http.routers.freepbx-https.tls=true"
      - "traefik.http.routers.freepbx-https.tls.certresolver=default"
    ports:
     #### If you aren't using a reverse proxy
     #- 80:80
     #### If you want SSL Support and not using a reverse proxy
     #- 443:443
      - 5061:5061
      - 5060:5060/udp
      - 18000-18100:18000-18100/udp
     #### Flash Operator Panel
      # - 4445:4445
    networks:
      - web
      - backend
    volumes:
      - ./data/etc/asterisk/keys:/etc/asterisk/keys
      - ./data:/data
      - /var/log/freepbx:/var/log
      - ./data/www:/var/www/html
      - /usr/share/zoneinfo/America/New_York:/etc/localtime:ro
      - ./install/etc/cont-init.d/06-fix-ssl:/etc/cont-init.d/06-fix-ssl
      - ./install/usr/sbin/watson-transcription:/usr/sbin/watson-transcription
     ### Only Enable this option below if you set DB_EMBEDDED=TRUE
     #- ./db:/var/lib/mysql
     ### You can drop custom files overtop of the image if you have made modifications to modules/css/whatever - Use with care
     #- ./assets/custom:/assets/custom

    environment:
      - "TIMEZONE=America/New_York"
      - "DEBUG_MODE=TRUE" # Adds additional debugging
      - "CONTAINER_LOG_LEVEL=DEBUG"
      - "ENABLE_LOGROTATE=TRUE"
      - "ENABLE_CRON=TRUE"
      - "ENABLE_FAIL2BAN=FALSE"

      - "ENABLE_SMTP=TRUE"
      - "SMTP_FROM=voice@<redacted>"
      - "SMTP_HOST=gmail-relay"
      - "SMTP_PORT=587"

      - "ENABLE_VM_TRANSCRIBE=TRUE"
      - "VM_TRANSCRIBE_APIKEY=<redacted>"
      - "VM_TRANSCRIBE_INSTANCEID=<redacted>"
      - "VM_TRANSCRIBE_MODEL=en-US_NarrowbandModel"
    # - VIRTUAL_HOST=hostname.example.com
    # - VIRTUAL_NETWORK=nginx-proxy
     ### If you want to connect to the SSL Enabled Container
     #- VIRTUAL_PORT=443
     #- VIRTUAL_PROTO=https
    # - VIRTUAL_PORT=80
    # - LETSENCRYPT_HOST=hostname.example.com
    # - LETSENCRYPT_EMAIL=email@example.com

      - ZABBIX_HOSTNAME=freepbx-app

      - RTP_START=18000
      - RTP_FINISH=18100

     ## Use for External MySQL Server
      - DB_EMBEDDED=FALSE

     ### These are only necessary if DB_EMBEDDED=FALSE
      - DB_HOST=db
      - DB_PORT=3306
      - DB_NAME=asterisk
      - DB_USER=asterisk
      - DB_PASS=asteriskpass

     ### If you are using TLS Support for Apache to listen on 443 in the container drop them in /certs and set these:
     #- TLS_CERT=cert.pem
     #- TLS_KEY=key.pem

    ### These final lines are for Fail2ban. If you don't want, comment and also add ENABLE_FAIL2BAN=FALSE to your environment
    cap_add:
      - NET_ADMIN
    privileged: true

  db:
    image: tiredofit/mariadb
    restart: always
    networks:
      - backend
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_DATABASE=asterisk
      - MYSQL_USER=asterisk
      - MYSQL_PASSWORD=asteriskpass
      - "TIMEZONE=America/New_York"

  db-backup:
    image: tiredofit/db-backup
    restart: always
    depends_on:
     - db
    networks:
      - backend
    volumes:
      - ./dbbackup:/backup
    environment:
      - ZABBIX_HOSTNAME=freepbx-db-backup
      - DB_HOST=db
      - DB_TYPE=mariadb
      - DB_NAME=asterisk
      - DB_USER=asterisk
      - DB_PASS=asteriskpass
      - DB_DUMP_FREQ=1440
      - DB_DUMP_BEGIN=0000
      - DB_CLEANUP_TIME=8640
      - COMPRESSION=BZ
      - MD5=TRUE
      - "TIMEZONE=America/New_York"

  inotify:
    image: coppit/inotify-command
    restart: unless-stopped
    volumes:
      - "/etc/localtime:/etc/localtime"
      - "./inotify/config:/config:rw"
      - "../traefik/letsencrypt/certs/<redacted>/:/certs"

  gmail-relay:
    image: boky/postfix:latest
    restart: always
    environment:
      - "TZ=America/New_York"
      - "INBOUND_DEBUGGING=1"
      - XOAUTH2_SYSLOG_ON_FAILURE=yes
      # - XOAUTH2_FULL_TRACE=yes
      - MASQUERADED_DOMAINS=<redacted>
      - "POSTFIX_mynetworks=127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16"
      # - POSTFIX_smtpd_client_restrictions=permit_mynetworks
      # - POSTFIX_smtp_sasl_security_options=noanonymous
      - "RELAYHOST=[smtp.gmail.com]:587"
      - "RELAYHOST_USERNAME=<redacted>"
      # - "RELAYHOST_TLS_LEVEL=encrypt"
      - "XOAUTH2_CLIENT_ID=<redacted>"
      - "XOAUTH2_SECRET=<redacted>"
      - "ALLOW_EMPTY_SENDER_DOMAINS=true"
      # - "ALLOWED_SENDER_DOMAINS="
      - "XOAUTH2_INITIAL_ACCESS_TOKEN=<redacted>"
      - "XOAUTH2_INITIAL_REFRESH_TOKEN=<redacted>"
    networks:
      - backend

  fail2ban:
    image: crazymax/fail2ban:latest
    restart: always
    environment:
      - TZ=America/New_York
      - F2B_DB_PURGE_AGE=30d
      # - F2B_LOG_TARGET=/data/fail2ban.log
      # - F2B_LOG_LEVEL=DEBUG
    volumes:
      - ./fail2ban:/data
      - /var/log/freepbx:/var/log/freepbx:ro
    network_mode: "host"
    privileged: true
    cap_add:
      - NET_ADMIN
      - NET_RAW

networks:
  backend:
  web:
    external: true
jycemea commented 3 years ago

Nice! I'm not using traefik cause I want freepbx app interface behind a vpn (using wireguard). I will modify your file as I need and test it! Thanks really