Adsense 1

Monday, April 06, 2009

AsteriskNow 1.5 + installation and configuartion

AsteriskNow 1.5 was recently released. I already had a box with 1.0.2 version and thought of giving the new version a try. Downloaded the ISO from the site and burned it to a CD. The new version is built on CentOS 5.3. I installed the new version in the same system overwriting 1.0.2. Note that the installation did not detect the old version nor did it give me any option for upgrade. Since my server was not in production i went ahead removing all the partitions and reinstalled the new version. If you have a production box backup the configuration files or install the new version in a test system and then copy the existing setup/accounts. You have been warned.

I installed AsteriskNow with the default partitions schema ( it creates all partitions under a single LVM). Once installation is complete, remove the CD and click reboot. After the OS boots it asks to configure the following:

Authentication, Firewall, Network, System Services

Authentication - Configure any extra authentication such as ldap.
Firewall - You can enable firewall (remember to allow all required ports like sip, iax & zap) if needed.
Network - Configure you network interfaces. This config sets the IP address of all interfaces in the system. Note that eth0 alone is enabled by default. Other interfaces must be enabled manually(Edit /etc/sysconfig/network-interfaces/ifcfg-ethx and set ONBOOT=yes).
System Services - Disabled any unwanted services.

After the above is done exit the wizard to login to the box. You will also have to restart the network service to enable all interfaces after login to the system as root. Immediately after the first login i ran a update

# yum update.

This installed a new version of kernel(2.6.18-128.1.6.el5), asterisk and dahdi modules. So i rebooted the box.(Default kernel is 2.6.18-128.1.1.el5).

After the system reboots, open the web interface in your favourite browser: http://<your-asterisk-server-ip>. When you click the FreePBX Administration link it asks you to enter the password. Asterisk 1.5 by default has two administrator user accounts with default password as specified below.
Username admin, Password - admin
Username freepbx, Password - fpbx

We will now change the default password of both admin accounts and secure the system. First let us change the admin user's password. In the web interface select Administrators tab in the Basic section. Click the admin user (in the top right) and give the new password of your choice. We are done.

Note: I did the following changes from root login in the asterisk box. The web interface prompts you to reload the config after every change you do. You can reload the config after all the changes are done.

To change freepbx user's password you have to change the entries in two files (we will backup the original files) and also change the mysql password.
# cd /etc/
# cp amportal.conf amportal.conf.orig
# vi amportal.conf
AMPDBPASS=<new password>

# cd /etc/asterisk
# cp cdr_mysql.conf cdr_mysql.conf.orig
# vi cdr_mysql.conf
password=<new password>
Now we will change the password for mysql:
# mysql -p  (Just press enter in the password Prompt)
mysql > SET PASSWORD FOR freepbx@localhost=PASSWORD('new password');
The web interface reports the following errors at this point (Yes, these errors are there in the fresh installation itself).

Notice Memory Limit Changed - To fix this edit /etc/php.ini and change memory_limit=100M. (You have to restart httpd after this).

Default Asterisk Manager Password Used:

You have to change this in two files
# cd /etc/
# vi amportal.conf
AMPMGRPASS=<new password>

# cd /etc/asterisk
# cp manager.conf manager.conf.orig
# vi manager.conf
secret = <new password> (Must be same as what you gave for AMPMGRPASS in amportal.conf).

No email address for online update checks - Go to General Settings Tab under Basic and give an email address in the Update Email: text box. (I have given my email id here).

Could not reload FOP server - For this we will first install the newest FOP version and then setup httpd to run as asterisk user (By default httpd runs as apache user).
# cd /root
# wget http://www.asternic.org/files/op_panel-0.29.tar.gz
# cd /var/www/html/panel
# cp op_server.pl op_server.pl.orig
# cp operator_panel.swf operator_panel.swf.orig
# tar zxfv /root/op_panel-0.29.tar.gz
# cp op_panel-0.29/flash/operator_panel.swf .
# cp op_panel-0.29/op_server.pl .
# cd /var/lib/asterisk/bin/
# ./retrieve_conf

# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.orig
# vi httpd.conf
Find the line User apache and change it to User asterisk. Save the file and exit.
# service httpd restart

After this click on Apply Configuration Changes in the web interface. Then the webinterface reports about module upgrade. Goto Module admin tab and click Check for upgrade online. Click Upgrade all and then click Process. Press Confirm. All modules will upgrade automatically.

Now there won't be any errors or other warnings in the web interaface. You can create extensions, inbound/outbound settings as required.

I found fixes from the following links:
http://www.freepbx.org/forum/freepbx/users/freepbx-panel-flashing-red-and-green
http://www.asternic.org/
http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password

Wednesday, April 01, 2009

Selectively relay emails using postfix

Several machines in my internal network run automated jobs and send out emails. All emails were getting delivered without problems and one fine day my public IP got listed in RBLs and the mail servers, using those RBLs, stopped accepting mails from mine.

I have now set my main network router to restrict outgoing port 25 so that my public ip doesn't get black listed again. This means Internal machines cannot send mails to any of the domains outside my network. I needed a mechanism to route all my emails through my external mail server which has a proper mx record. My external email server, that is outside my network, allows users to relay emails only after successful auth on port 465 (SSL).  I configured postfix for this.

Note that since Postfix does not deliver mails via port 465 i used stunnel for smtps connection between my Postfix box, acting as smtps client here, and the external mail server.

Let us first start with installing postfix. We will also see how to route emails from sendmail through postfix.

Note: In the below config example.com is the local domain of postfix box and example1.com is the external domain.

# yum install postfix

We will first configure stunnel to forward all connections to the external mail server.
 # vi /etc/stunnel/stunnel.conf
client = yes
[rev-smtps]
accept = 127.0.0.1:2525
connect = <externalmailserver>:465
The above configuration makes stunnel to listen on localhost's port 2525 and forward everything from that port to mail server's 465. Certificates are accepted automatically.

Let us start stunnel.

# stunnel /etc/stunnel/stunnel.conf (You can put this line in /etc/rc.local so that the service starts automatically after the machine is reboots).

Now try connecting to the port '2525' with
# telnet localhost 2525

You will see the greeting from the remote SMTP server. Now we will configure postfix to authenticate with the remote email server and route all such connections through stunnel.
 # vi /etc/postfix/main.cf
smtp_sasl_auth_enable = yes  # Enables auth through ssl
smtp_sasl_security_options=
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # specifies the password file
transport_maps = hash:/etc/postfix/transport # this will tell postfix to selectively forward or relay emails.
relay_domains = $mydestination, example1.com # list of all domains the server will accept to deliver email for.
inet_interfaces = $myhostname, localhost # Interfaces in which postfix listens on
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, example.com # Local delivery domains
home_mailbox = Mailbox
Save the file.

We can configure different email servers for each domain with postfix's transport file.
# vi /etc/postfix/transport
example1.com smtp:127.0.0.1:2525
any-other-domain.com smtp:127.0.0.1:2525 # You can mention any other domains here if your external email allows relaying mails.
Above config will forward all mails destined to example1.com and any-other-domain.com through the stunnel server which will inturn connect us to the external email server.
# vi /etc/postfix/sasl_passwd
[127.0.0.1]:2525 username@example1.com:password
Note that you can give only one username:password combination for one email server (127.0.0.1:2525 in this case).

Save this file.

Create maps so that postfix reads the new configuration.
# postmap /etc/postfix/sasl_passwd
# postmap /etc/postfix/transport

In all my Internal servers i have sendmail. Now i have to tell sendmail to route emails through the postfix box. I did this:
# vi /etc/mail/mailtertable
example.com smtp:[x.x.x.x] # substitute the ip address of your postfix server instead of x.x.x.x
example1.com smtp:[x.x.x.x] # substitute the ip address of your postfix server instead of x.x.x.x
any-other-domain.com smtp:[x.x.x.x] # substitute the ip address of your postfix server instead of x.x.x.x
You will also have to add mx entries for example.com in your DNS.

With the above config, this is what would happen:
1. Any mail sent from internal servers (incl the postfix server itself) to user@example.com will be delivered to postfix's corresponding user mailbox.
2. Any mail sent from internal servers (incl the postfix server itself) to user@example1.com (or any-other-domain.com) will be forwarded to the external mail server's 465 port after authenticating as user@exampe1.com user.
3. Any mail from poxfix box to user@localhost or user@hostname-of-the-postfix-box will be delivered locally.

Note that any mail sent to other domains through this postfix server will be rejected.