Page tree
Skip to end of metadata
Go to start of metadata

Introduction

Getting FreePBX to work with Office 365 can be tricky. Many of the Asterisk/FreePBX/Linux gurus out there don’t yet fully understand that Office 365 is more paranoid than most SMTP systems. Office 365 Exchange Servers require a few things before an email can be relayed to them. These instructions are a little easier than the old instructions.

Using the Commercial System Admin module makes this a bit easier. It would still be possible to do this without the Commercial System Admin module, but you will need to configure options manually through editing files through SSH

You must meet all of these requirements:

  1. You can reach your Office 365 Exchange Server through port 25. For example: yourdomain-com.mail.protection.outlook.com
  2. Your firewall is not blocking port 25
  3. Your ISP is not blocking port 25
  4. Office 365 is not blocking your IP
  5. You are using a fixed public IP address
  6. You don’t need IPv6 on your PBX (as Office 365 does not support it, yet) and are willing to disable it.
  7. Commercial System Admin module (It has the handy SMTP Email Setup)
  8. You have admin account to your Office 365
  9. You know what your Office 365 SMTP server is for your tenant account. To get this information, you can use https://mxtoolbox.com/SuperTool.aspx for your domain. It will tell you what it is.
  10. You have access to your DNS settings, so you can update your TXT SPF record.

Step-by-step guide

A. Edit your DNS records and setup a SPF text record for your domain. This informs Office 365 that you are a “known and trusted system”. Since Office 365 requires an SPF record already, you will not so much need to add it, but modify the existing one it so that it include the external IP of your PBX. So, with aaa.bbb.ccc.ddd representing your public pbx ip address, this is what your TEXT record should read as:

v=spf1 ip4: **aaa.bbb.ccc.ddd** include:spf.protection.outlook.com ~all <-- be sure to replace aaa.bbb.ccc.ddd with your public ip address

If you already have an ip4: in there with an IP, you can add another.

B. Add the following to the end of /etc/postfix/main.cf (You can’t do this from the admin module, SSH only)

inet_protocols = ipv4

The inet_protocols = ipv4 tells postfix to not use ipv6. ipv6 is bad mojo with most SMTP servers.

Reload postfix by running these command:

service postfix restart

OPTIONAL: I also took the liberty to disable IPv6 at the Centos OS level as well. I do not need IPv6, nor is it supported end to end everywhere, so I don’t want it to ever be an issue until I know IPv6 is supported everywhere. If you want to disable IPv6 at the OS level you can do so by going to /etc/sysctl.conf and adding the following line: net.ipv6.conf.all.disable_ipv6 = 1 save the file, then reload the system ip configuration by issuing this command: sysctl -p Keep in mind you will still need to disable IPv6 in main.cf to inform postfix that you are only using ipv4

C. Setup Office 365 Exchange Connector to allow your external IP to talk to it

  1. Login to Office 365 as admin.
  2. Go to Admin, select Exchange
  3. Go to the mail flow section, and click on connectors
  4. Click on the plus icon, and add a connector for your PBX external IP address. Use your external IP as the IP Address that is authorized to communicate with the Office 365 Exchange server.

D. Confirm you can connect using your external IP to Office 365 through port 25. From a telnet capable system that uses the same external gateway IP that your PBX will be using use telnet (yes, telnet!) to confim you can connect to Office 365 Exchange Server through port 25. Use the following telnet [Your domain]-com.mail.protection.outlook.com 25 . If you are able to connect, then you have nothing blocking port 25. If you cannot connect, you need to ensure your firewall is not blocking this, or your ISP is not blocking. If this step does not pass, then no point in going forward. STOP.

E. Setup Email settings in FreePBX using the Commercial System Admin module

  1. Go to Email Setup. Use these settings
  2. SMTP Server: Enable “Use External SMTP Server”
  3. My Hostname: [YourDomain].com ex: sipserver.yourcompany.com (use FQDN of your server)
  4. My Origin: [YourDomain].com ex: yourcompany.com (yourcompany.com is fine)
  5. My Domain: [YourDomain].com ex: yourcompany.com (yourcompany.com is fine)
  6. Provider: Other
  7. SMTP Server: [Your domain]-com.mail.protection.outlook.com:25 (This should be an mx record for your company already. Use https://mxtoolbox.com/SuperTool.aspx to find out what it is set to if you don’t remember)
  8. Use Auth: “No Authentication” – Your IP authorized through section C above.
  9. Use TLS: Use TLS
  10. SASL Security Options: Disable Security
  11. Click Submit
  12. Click on Debug
  13. Supply a valid email address to send to, click on submit.
  14. From the resultant debug output, ensure that you have a “status=sent” for the email
  15. Check the email address that you sent to ensure email was sent.
  16. If it did not work, your IP may be blocked by Office 365. You can use https://sender.office.com to unblock it. Microsoft says it will take about 30 minutes to unblock, mine took 45 minutes.
  17. Test again.

Testing / Debugging

  • While still in Email Setup, Click on Debug, and then use a real email address to sent it to. The output of the debug should show you want is right/wrong and should help if you still have issues with the setup.
  • If you need more details on your smtp communications, you can always get to /var/log/maillog to gather more information.
  • Use postconf -n to get a dump of all parameters which may of been altered from the default ones.

Notes

These wiki instructions replace the original forum thread " Steps to getting FreePBX to work with Office 365 email" dated 5/2017 with updated information, and a later thread Office 365 Exchange Email and FreePBX (Updated 9/23/2019)       

This wiki how-to was jump-started using helpful information from the Microsoft article here: How to set up a multifunction device or application to send email using Office 365

 



4 Comments

  1. Matthew good stuff but isnt direct send for this purpose ?


    all you do in its case is point the mail relay destination at their MX ... done 

    (occasionally you may see a mail log response telling you to go to a site and enter the public ip you appear as but thats been about 20% , the other 80 just worked initially with no intervention) 


    https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3

    basically we're an application 

    caveat ;  emails sent can only be to users in the office 365 domain ... ive never had it be show stopper 


  2. example of successful direct send config above 

  3. Chris,

     isnt direct send for this purpose 

    Of course, that is what the whole article explains by referencing the link at the end. 

    all you do in its case is point the mail relay destination at their MX ... done 

    Maybe done for you...but for others...no, not done. Many of the below will need to be done, depending on your ISP, etc:

    1. Modify your TXT (SPF) record to mention the sending IP/s. (Step A)
    2. If IPv6 is providing issues, you will need to disable (depending on your situation) and force only IPv4. (Step B)
    3. Confirm port 25 not blocked (Step D)
    4. Confirm IP address not banned (step E16)

    This article was written to serve as many different variables and conditions that I have seen out there for my customers. Not all use the same ISP, so a lot, if not all of these steps need to be done. 

    Thank you for your comments.

  4. duh ... thank you  


    i scanned for direct send and jumped forward – ty man .. nice article 


    we'll roll with it 


    i may delete this comment and your response