FOOD FOR THOUGHT Suggested OS for new install, after HiF died have to rebuild

[Kimberly]

I will admit that I find configuring mail servers the biggest PITA I have come across but eventually you can get it all in place. I find the biggest headache is these self-righteous email spam groups that instead of black listing a single IP that is sending out spam they will blacklist the whole freaking range. There is no oversight to these sites like spamhaus; they block as they see fit. They even block the big players like 1and1.com. I have never sent out a single piece of spam in my life but I have to deal with these XXXXX way too often.

 

[chris_c_]

@Kimberly
Agreed, mail server config needs a better script to better handle more of the newest standard security defaults to get mail to be deliverable to the destination inbox 100%.
Webmin/Virtualmin are doing only most of the established ones automatically, BUT there's still a few bugs, AND they DON'T auto config the latest and greatest security stuff automatically... yet. It's coming but until it gets in there, you need to command line it, ugh. It's a pain but doable with a whole lotta patience.
Are you manually configuring mail server security options Spamassassin, ClamAV, SSL, TLS, RBL, SPF and DKIM?
Which other mail security methods are you using?
You getting 100% delivery into all inboxes on all free and paid email servers?

 

[dicko]

Let's deconstruct how email essentially works.

MX records at your DNS service define where and when emails to your domain.name are sent , You can host your own DNS server or you can use any of "a lot" of provider whose cost is between $0 and $lotsofdollars , Your mail server can equally be hosted by yourself or one of any-number of others that vary in cost between $0 and $lotsofdollars.

These are just "facts" , So two things will make your life easier,

A) use a trusted DNS provider ( That won't be your self hosted one ;-) )
B) use a functional MX destination (Only works for your self-built one after lots of BSandT ;-) )

So, If you want a mail server that has excellent spam filtering services, is cheap and is "trusted" by both you and the rest of the world, use your gmail account as a relay for your outbound emails.and have your DNS server forward your inbound mail to your gmail.account.

If you don't trust gmail, then "go with your particular force" but use the same paradigm.

(If you ever have hosted your own email server, and you are unaware of why https://en.wikipedia.org/wiki/Bayes'_theorem is important, you will know within a week why you made a BIG mistake! , BT,DT ;-) )

 

[mainenotarynet]

Chris and Dicko, it wasn't jusst Kimberly that had the email issue, I, the OP mentioned that the only way I can get email to work on my domain name is through Webmin/Virtualmin -- it worked great until I tried to use SSL for everything (as it should be anyways) and it does not let me send anymore, yet I do GET emails.

Google is NOT my friennd as I can not find just a Generic SSL enabled config file to start from that works. Otherwise I'd do the $15.00 a year servers for EACH one of my 13 websites.

Any business that says "you can email me at [email protected]" yes has a website they PAY for businessname.com or .net or .tech whatever is not a business to be trusted as the don't put the effort into using [email protected] and shows that they are lazy and rely on someone else to make sure their mail works.

Also isn't mail relay how spam is sent out (testing the SMS for TM4 has you go check for open relays, so why the heck would I use one, also I don't like how that relay sends the mail out '[email protected] ON BEHALF OF [email protected]' -- I do not want my gmail out there, that is why I have my own domain.

Anyways, how did this thread get shifted to email when I am looking for a New OS for me to rebuild my box -- this one is all messed up -- but that would take 3 more threads.

Where I wanted to go does not offer CentOs6 only CentOS7 -- so is 7 ready for production box or not and if not what should I use for Asterisk/freePBX and possibly Kamailio on a separate box as a controller if I decide to split one box into 3 but tie them all together?

 

[chris_c_]

@dicko @mainenotarynet
I'm going to take a stand which some might dispute, but software engineers reading this will recognize this is true:
To accurately answer your Question: is PIAF/IPBX running on freepbx version 13, 14, and 15, for each and every feature, are the most commonly used code paths within core and all modules, TOTALLY RELIABLE on different linux distro versions ie Centos 6 vs 7, ubuntu 14 vs 16 vs 18, or debian 8 vs 9 ??
Answer: First we would have to enable Travis CI testing on github repo for PIAF/IPBX, and then run all the automatic tests which come with freepbx, there's about 400, and they refer to PHPUnit and PHPUnit_Framework_TestCase. Travis can run the 400 tests on all 7 distro versions listed above... and if all tests pass for a given distro, then the software features tested by all 400 test cases, should work just fine on that distro version!

 

[chris_c_]

@chris_c_: Here's the problem. At the moment, the latest framework and core modules in the FreePBX GitHub repo don't play nice with the other Incredible PBX 13-13 modules which means you can't access basic components such as Trunks after upgrading these two modules.

When running the latest framework and core modules, what actually breaks? Is it the module code signing?

 

[wardmundy]

When running the latest framework and core modules, what actually breaks? Is it the module code signing?

No. I can deal with that. It's something in the underlying code that gets called when loading every module. Most of them die with errors. Try it on VirtualBox with our image from here. Framework update works fine. But loading the updated core module kills everything.

 

[chris_c_]

But loading the updated core module kills everything.

It should log fatal errors to the php log, or is the php logger broken and not logging?

 

[dicko]

Chris and Dicko, it wasn't jusst Kimberly that had the email issue, I, the OP mentioned that the only way I can get email to work on my domain name is through Webmin/Virtualmin -- it worked great until I tried to use SSL for everything (as it should be anyways) and it does not let me send anymore, yet I do GET emails.

Google is NOT my friennd as I can not find just a Generic SSL enabled config file to start from that works. Otherwise I'd do the $15.00 a year servers for EACH one of my 13 websites.

Any business that says "you can email me at [email protected]" yes has a website they PAY for businessname.com or .net or .tech whatever is not a business to be trusted as the don't put the effort into using [email protected] and shows that they are lazy and rely on someone else to make sure their mail works.

Also isn't mail relay how spam is sent out (testing the SMS for TM4 has you go check for open relays, so why the heck would I use one, also I don't like how that relay sends the mail out '[email protected] ON BEHALF OF [email protected]' -- I do not want my gmail out there, that is why I have my own domain.

Anyways, how did this thread get shifted to email when I am looking for a New OS for me to rebuild my box -- this one is all messed up -- but that would take 3 more threads.

Where I wanted to go does not offer CentOs6 only CentOS7 -- so is 7 ready for production box or not and if not what should I use for Asterisk/freePBX and possibly Kamailio on a separate box as a controller if I decide to split one box into 3 but tie them all together?

Moving forward with FreePBX you will need php5.6 and nodejs >=8 , php7 is as yet "too far" but debian allows both to be installed with a little RTFM, for Gmail relaying using SSL

https://www.linode.com/docs/email/p...ng-gmail-and-google-apps-on-debian-or-ubuntu/

(or any number of other recipes) also work . If you host your own mail server and don't have to fight spam and other BS on a daily basis , you are probably close to unique (BTDT) ;-)

No, relying email through a solid gateway is not how spam is sent out, spam is only successfully "sent out" by a badly configured email server in your domain.name that accepts them in the first place, and a solid relay would a) not accept them and B) shut you down PDQ.

 

[wardmundy]

It should log fatal errors to the php log, or is the php logger broken and not logging?

The bug is in /var/www/html/admin/libraries/utility.functions.php. Copying it over from FreePBX 'real' repo version of core gets things working with GitHub version.

 

[wardmundy]

We've opened a new thread with the 2019 module updates for Incredible PBX 13-13.

 

[Kimberly]

Are you manually configuring mail server security options Spamassassin, ClamAV, SSL, TLS, RBL, SPF and DKIM?

The big three is rDNS, SPF, and DKIM; that is what the major players will want to see as for making sure your email gets through to them. As I said before, it is easy to get on a blacklist because they often will blacklist an entire range of IPs. Recently with a gmx accocunt, Yahoo! was blocking all emails from gmx. Gmx is a free mail service own by IONOS (formerly 1and1.com). Some xxxx opened a GMX account, used it for spam, and thus Yahoo! blocked all email from them.

 

[krzykat]

Email Delivery No SPAM

There are places to help setup your DNS so that it is not considered SPAM email.

Use https://mxtoolbox.com/ to check if your DKIM and SPF records are set and established properly.

To test your email - use email-tester.com - a free service

 

[Kimberly]

Email Delivery No SPAM

There are places to help setup your DNS so that it is not considered SPAM email.

Use https://mxtoolbox.com/ to check if your DKIM and SPF records are set and established properly.

To test your email - use email-tester.com - a free service

There are also online tools to help generate the txt record for SPF; just search for SPF generator.

 

[Kimberly]

Speaking of open relays; Plesk will set up the mail server as an open relay. Be sure to check and close it. I contacted the Plesk people and they were like idiots, sending back replies that were clearly just autoresponders. I hate Plesk but some users want it. It is a resource hog as well. I would have never thought that Plesk, as long as it has been around, would be so careless as to have the default settings for the mail server set to an open relay.

 

[PBX Novice]

After the HiFormance fiasco, I switched to Amazon AWS and Google Cloud servers both free tiers (as I'm running a small operation)
It took a good bit of fiddling but they are both up and running. Google surprisingly has given me the bigger issue, although it was easier to configure, they overutilized the resources on the particular region and the server was down for a day but you can diversify to different regions and I suspect this isn't a frequent issue. I'm with these big box brands because I've got no interest in having to deal with a fly by night again. Also the free tiers are just that..free

Any way to make this easier for others with like an image for Google Cloud?! @wardmundy

@wardmundy I'm feeling semi-vindicated after todays post. Thanks for the Google tutorial (even if I already went through the pains solo

 

[wardmundy]

My testing shows the performance is roughly the same as the original Raspberry Pi. The $1/month VPS offerings are about 20 times that performance based upon my subjective observations. The only way we could get a SIP softphone to actually register without a time out was to use the NeoRouter VPN address instead of the cloud instance's public IP address. Incoming Skyetel calls (which have no registration) fail with a timeout. Incoming calls using a registered SIP trunk work fine. But YMMV. Let us know how it goes.