docker-freepbx
docker-freepbx copied to clipboard
Published
20 hours ago •
tiredofit
tiredofit
msmtp bug / Error code 220 "with message"
Hi, I unfortunately had to remove this container. The freebpx-app is not relaying any voicemail or email notification at all. It is actually impossible to get the right working config. The dashboard notification is : Error code 220 "with message".
Not running with my email on port 25. Most of providers are blocking this port. Is there a solution to use port 587 / 565?.
Thanks
I am using a container for relaying mail and it works:
services:
app:
image: "tiredofit/freepbx:latest"
restart: always
depends_on:
- db
- gmail-relay
....
networks:
- web
- backend
....
environment:
- "TIMEZONE=America/New_York"
- "DEBUG_MODE=TRUE" # Adds additional debugging
- "CONTAINER_LOG_LEVEL=DEBUG"
- "ENABLE_LOGROTATE=TRUE"
- "ENABLE_CRON=TRUE"
- "ENABLE_FAIL2BAN=FALSE"
- "ENABLE_SMTP=TRUE"
- "SMTP_FROM=<fromAddress>"
- "SMTP_HOST=gmail-relay"
- "SMTP_PORT=587"
....
gmail-relay:
image: boky/postfix:latest
restart: always
environment:
- "TZ=America/New_York"
- "INBOUND_DEBUGGING=1"
- XOAUTH2_SYSLOG_ON_FAILURE=yes
# - XOAUTH2_FULL_TRACE=yes
- MASQUERADED_DOMAINS=voice.mydomain.com
- "POSTFIX_mynetworks=127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16"
# - POSTFIX_smtpd_client_restrictions=permit_mynetworks
# - POSTFIX_smtp_sasl_security_options=noanonymous
- "RELAYHOST=[smtp.gmail.com]:587"
- "[email protected]"
# - "RELAYHOST_TLS_LEVEL=encrypt"
- "XOAUTH2_CLIENT_ID=<clientId>"
- "XOAUTH2_SECRET=<secret>"
- "ALLOW_EMPTY_SENDER_DOMAINS=true"
- "XOAUTH2_INITIAL_ACCESS_TOKEN=<init_token>"
- "XOAUTH2_INITIAL_REFRESH_TOKEN=<refresh_token>"
networks:
- backend
...
networks:
backend:
web:
external: true
Hi LeorGreenberger. Thanks for the answer. I tried but I still have the same error message. I'm not using gmail, so I do not need all this XOAUTH2 options around I got OVH pro email ssl0.ovh.net.
I also had an error message with the boky/postfix container. Can't reach 127.0.0.1. as it is is not seen on the network. I'm using a contabo virtual VPS with a public IP... Could it be the problem?
Could you please post a copy of your complete docker_compose.yml (without log and passwd of course). I would like to make a test on it.
Thanks!!
Here you go. Note that I am using traefik as my reverse proxy. I'll create a repo in a few days with all my config files in case you want to see that too.
version: '3.8'
services:
app:
image: "tiredofit/freepbx:latest"
restart: always
depends_on:
- db
- gmail-relay
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.routers.freepbx-http.rule=Host(`<redacted>`)"
- "traefik.http.routers.freepbx-http.entryPoints=http"
- "traefik.http.routers.freepbx-http.service=freepbx-http"
- "traefik.http.services.freepbx-http.loadbalancer.server.port=80"
- "traefik.http.routers.freepbx-https.rule=Host(`<redacted>`)"
- "traefik.http.routers.freepbx-https.service=freepbx-https"
- "traefik.http.routers.freepbx-https.entryPoints=https"
# This tells traefik which port to send the packets to for the backend service.
- "traefik.http.services.freepbx-https.loadbalancer.server.port=80"
# Traefik will secure the connection between browser and then decrypt the packets and send it to the backend service.
- "traefik.http.routers.freepbx-https.tls=true"
- "traefik.http.routers.freepbx-https.tls.certresolver=default"
ports:
#### If you aren't using a reverse proxy
#- 80:80
#### If you want SSL Support and not using a reverse proxy
#- 443:443
- 5061:5061
- 5060:5060/udp
- 18000-18100:18000-18100/udp
#### Flash Operator Panel
# - 4445:4445
networks:
- web
- backend
volumes:
- ./data/etc/asterisk/keys:/etc/asterisk/keys
- ./data:/data
- /var/log/freepbx:/var/log
- ./data/www:/var/www/html
- /usr/share/zoneinfo/America/New_York:/etc/localtime:ro
- ./install/etc/cont-init.d/06-fix-ssl:/etc/cont-init.d/06-fix-ssl
- ./install/usr/sbin/watson-transcription:/usr/sbin/watson-transcription
### Only Enable this option below if you set DB_EMBEDDED=TRUE
#- ./db:/var/lib/mysql
### You can drop custom files overtop of the image if you have made modifications to modules/css/whatever - Use with care
#- ./assets/custom:/assets/custom
environment:
- "TIMEZONE=America/New_York"
- "DEBUG_MODE=TRUE" # Adds additional debugging
- "CONTAINER_LOG_LEVEL=DEBUG"
- "ENABLE_LOGROTATE=TRUE"
- "ENABLE_CRON=TRUE"
- "ENABLE_FAIL2BAN=FALSE"
- "ENABLE_SMTP=TRUE"
- "SMTP_FROM=voice@<redacted>"
- "SMTP_HOST=gmail-relay"
- "SMTP_PORT=587"
- "ENABLE_VM_TRANSCRIBE=TRUE"
- "VM_TRANSCRIBE_APIKEY=<redacted>"
- "VM_TRANSCRIBE_INSTANCEID=<redacted>"
- "VM_TRANSCRIBE_MODEL=en-US_NarrowbandModel"
# - VIRTUAL_HOST=hostname.example.com
# - VIRTUAL_NETWORK=nginx-proxy
### If you want to connect to the SSL Enabled Container
#- VIRTUAL_PORT=443
#- VIRTUAL_PROTO=https
# - VIRTUAL_PORT=80
# - LETSENCRYPT_HOST=hostname.example.com
# - [email protected]
- ZABBIX_HOSTNAME=freepbx-app
- RTP_START=18000
- RTP_FINISH=18100
## Use for External MySQL Server
- DB_EMBEDDED=FALSE
### These are only necessary if DB_EMBEDDED=FALSE
- DB_HOST=db
- DB_PORT=3306
- DB_NAME=asterisk
- DB_USER=asterisk
- DB_PASS=asteriskpass
### If you are using TLS Support for Apache to listen on 443 in the container drop them in /certs and set these:
#- TLS_CERT=cert.pem
#- TLS_KEY=key.pem
### These final lines are for Fail2ban. If you don't want, comment and also add ENABLE_FAIL2BAN=FALSE to your environment
cap_add:
- NET_ADMIN
privileged: true
db:
image: tiredofit/mariadb
restart: always
networks:
- backend
volumes:
- ./db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_DATABASE=asterisk
- MYSQL_USER=asterisk
- MYSQL_PASSWORD=asteriskpass
- "TIMEZONE=America/New_York"
db-backup:
image: tiredofit/db-backup
restart: always
depends_on:
- db
networks:
- backend
volumes:
- ./dbbackup:/backup
environment:
- ZABBIX_HOSTNAME=freepbx-db-backup
- DB_HOST=db
- DB_TYPE=mariadb
- DB_NAME=asterisk
- DB_USER=asterisk
- DB_PASS=asteriskpass
- DB_DUMP_FREQ=1440
- DB_DUMP_BEGIN=0000
- DB_CLEANUP_TIME=8640
- COMPRESSION=BZ
- MD5=TRUE
- "TIMEZONE=America/New_York"
inotify:
image: coppit/inotify-command
restart: unless-stopped
volumes:
- "/etc/localtime:/etc/localtime"
- "./inotify/config:/config:rw"
- "../traefik/letsencrypt/certs/<redacted>/:/certs"
gmail-relay:
image: boky/postfix:latest
restart: always
environment:
- "TZ=America/New_York"
- "INBOUND_DEBUGGING=1"
- XOAUTH2_SYSLOG_ON_FAILURE=yes
# - XOAUTH2_FULL_TRACE=yes
- MASQUERADED_DOMAINS=<redacted>
- "POSTFIX_mynetworks=127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16"
# - POSTFIX_smtpd_client_restrictions=permit_mynetworks
# - POSTFIX_smtp_sasl_security_options=noanonymous
- "RELAYHOST=[smtp.gmail.com]:587"
- "RELAYHOST_USERNAME=<redacted>"
# - "RELAYHOST_TLS_LEVEL=encrypt"
- "XOAUTH2_CLIENT_ID=<redacted>"
- "XOAUTH2_SECRET=<redacted>"
- "ALLOW_EMPTY_SENDER_DOMAINS=true"
# - "ALLOWED_SENDER_DOMAINS="
- "XOAUTH2_INITIAL_ACCESS_TOKEN=<redacted>"
- "XOAUTH2_INITIAL_REFRESH_TOKEN=<redacted>"
networks:
- backend
fail2ban:
image: crazymax/fail2ban:latest
restart: always
environment:
- TZ=America/New_York
- F2B_DB_PURGE_AGE=30d
# - F2B_LOG_TARGET=/data/fail2ban.log
# - F2B_LOG_LEVEL=DEBUG
volumes:
- ./fail2ban:/data
- /var/log/freepbx:/var/log/freepbx:ro
network_mode: "host"
privileged: true
cap_add:
- NET_ADMIN
- NET_RAW
networks:
backend:
web:
external: true
Nice! I'm not using traefik cause I want freepbx app interface behind a vpn (using wireguard). I will modify your file as I need and test it! Thanks really