@bigbear said in DKIM records Office 365:

DMARC: Tells remote servers if your domain is using SPF and/or DKIM

DMARC tells remote servers what to do with inbound mail that fails a SPF or DKIM check.

It does not tell remote servers if you are using it.

DMARC cannot be implemented without SPF and/or DKIM already in place.

So this means, in order for DMARC to do jack shit, all of these conditions have to be true.

• you have to have SPF/DKIM setup.
• you have to have DMARC setup.
• the recipient has to have SPF/DKIM checking setup
• the recipient has to honor your SPF/DKIM
• the recipient has to have DMARC checking setup
• the recipient has to honor your DMARC instruction

https://blog.flowroute.com/2018/05/14/flowroute-adds-4-new-pops-points-of-presence-in-the-u-s/

Though their marketing person needs trained.

The default dark theme is getting annoying, so I am lookint at other themes and found this.

@ccwtech Remove the binding.

The point of this is to be able to tell a Yealink phone to check its provisioning file without having to go to the phone or have a user reboot their phone.

Rebooting would also work, but that can be disruptive to the user if their computer is connected to their phone.

This is a two part change.
First you need to add the sip notify command. You can call it whatever you want, but there is already an existing command to reboot. so we will just duplicate that and tweak.

Open /etc/asterisk/sip_notify_custom.conf and put this in it. The file will likely be empty. You can edit it from the CLI or the FreePBX web GUI

[reload-yealink]
Event=>check-sync\;reboot=false

I am not certain what level of restart is required for certian, but if the normal fwconsole reload doesn't cause this to work, just reboot.

Next you need to change the existing config file for your Yealink phones.
You need to add this line.

sip.notify_reboot_enable = 0

This is what that option does:

It configures the IP phone behavior when receiving a SIP NOTIFY message which contains the header “Event: check-sync”.

0-The IP phone will reboot only if the SIP NOTIFY message contains an additional string “reboot=true”.

1-The IP phone will be forced to reboot. (This is the default setting)

2-The IP phone will ignore the SIP NOTIFY message.

So technically the command in step one could simply be check-sync, but I like the clear false showing there.

Now reboot your phone so it pulls the new config file telling that it nno longer has to reboot.

Finally you are ready to test this.

Manually change something on your phone or change something in the config file on the server.

SSH into your PBX and issue the command to reload the config on your extension.

asterisk -rx 'pjsip send notify reload-yealink endpoint 103`

The setting you manually changed should revert, or the change from the config file should be applied. which ever method you did for testing.

ModEdit: corrected spelling.

@hobbit666 Scenario 1. It keeps your data in an easily portable vmdk/vhdx that you can reattach anywhere in case of VM guest failure.

@scottalanmiller said in Router / AP / Switch for business:

We've not seen any upgrade issues, doing it through UNMS hasn't created any issues for us (yet.)

This issue was generally resolved prior to any UNMS compatible firmware.

But you will see this on every single ER-X firmware update notice even today:

Re: Backup server - Software layout

@fuznutz04 said in Backup server - Software layout:

@jaredbusch said in Backup server - Software layout:

I use teams, even if there is only one NIC in the team most of the time, because I can add and remove NICs without impacting the higher layers.

Good idea. This server I just got has the onboard GB NICs, but also 2 dual port Intel GB NICs as well. I could create a BIG team if I wanted.

As stated, I always use a NIC team just to abstract things one more way and to not need to deal with failures.

In the SMB, there is little need for LACP to be setup most of the time. Hell, you are lucky if the switches even support it a lot of the time.

But by using a team in load balancing or Switch Independent mode, you will generally gain throughput without the hassle.

This is because, while no single connection can ever be faster than your link speed (typically 1Gbps currently), many applications are multi-threaded and will thus have more than a single connection going and will usually get balanced out multiple links.

On Hyper-V I always do it from powershell, immediately after installation, directly on the Hyper-V host prior to setting up anything else.
New-NetLbfoTeam - https://docs.microsoft.com/en-us/powershell/module/netlbfo/new-netlbfoteam

On VMWare, I have no idea how to get screenshots anymore as I have no access to any client using it right now, but it is very straightforward to setup. If someone with a VMWare rig could post screenshots, that would be nice.

On KVM, I usually use Cockpit to set it up as I do not do it often enough and always break shit when I try to do it any other way.

Re: Yealink Device Management Platform - Stores User Credentials in Plain-Text

@pete-s said in Yealink Device Management Platform - Stores User Credentials in Plain-Text:

@jaredbusch said in Yealink Device Management Platform - Stores User Credentials in Plain-Text:

Here is a Snom PA1 config file.

Off topic question to this thred, but do you have the Snom PA1 connected to an external amplifier? If that is the case, may I ask how you connected it?

Great question. Give me a few minutes.

Ok. They key thing to using a Snom PA1 is matching impedance. with your amplifiers.

If you look in the picture below I have a couple different impedance matching devices in use.

The Snom mounted on the wall is extension 5198 and it the default paging system.

I am using the 8Ω speaker output with the built in amplifier disabled.
It is going to an old ass University Sound TM-2 impedance adaptor.
The low level output is going direct to the Mic-In (which is a low-z input) of the office amplifier on the left.
The high level output is going direct to the Auc-In (which is a high-z input) of the shop amplifier on the right.

The Aux-In of the Office amplifier is connected directly to the headphone jack of a Chromebook for overhead music (MoodMusic subscription).

The Mic-In of the Shop amplifier is connect to the second Snom sitting there. That one is extension 5197 and is used for a bell system in the shop to tell people when to go on and off break, etc.
It is connected via a Pyle PDC22 impedance matching device.

https://mangolassi.it/topic/17915/verifying-ms-sql-server-2017-licensing/8

Obviously if your VLSC deal is better this will be slightly lower. But, nope $30k is right for 16 cores.

The question is why the fuck use 16 cores? Virtualize it, on this same hardware, assign all the resources, but only give it 8 procs and you halve your cost.

edit: @scottalanmiller need tags..

Use Nextcloud and map the drive with WebDAV

@fuznutz04 said in New workstation - Linux:

No, I tried dnf install freerdp* and dnf install remmina*

Don't do that, this is a really bad habit to get into. You will get things you don't want.

Use list.

sudo dnf list *remmina*

It will return like this. Obviously, with everything Available instead if Installed if not yet installed.

[jbusch@dt-jared ~]$ sudo dnf list *remmina*
Last metadata expiration check: 2:56:48 ago on Fri 21 Sep 2018 12:42:35 PM CDT.
Installed Packages
remmina.x86_64                                                      1.2.31.3-1.fc28                                       @updates
remmina-plugins-exec.x86_64                                         1.2.31.3-1.fc28                                       @updates
remmina-plugins-nx.x86_64                                           1.2.31.3-1.fc28                                       @updates
remmina-plugins-rdp.x86_64                                          1.2.31.3-1.fc28                                       @updates
remmina-plugins-secret.x86_64                                       1.2.31.3-1.fc28                                       @updates
remmina-plugins-vnc.x86_64                                          1.2.31.3-1.fc28                                       @updates
remmina-plugins-xdmcp.x86_64                                        1.2.31.3-1.fc28                                       @updates
Available Packages
remmina-devel.i686                                                  1.2.31.3-1.fc28                                       updates 
remmina-devel.x86_64                                                1.2.31.3-1.fc28                                       updates 
remmina-gnome-session.x86_64                                        1.2.31.3-1.fc28                                       updates 
remmina-plugins-spice.x86_64                                        1.2.31.3-1.fc28                                       updates 

Then you can install the base package you need only.

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

3. Jared's solution... point your router to your internal DNS first, then to public DNS. This handles failover and deals with any concerns of Windows DNS stack being flaky. When AD is up, internal DNS works, when it goes down, you transparently fail to public DNS.

Here is how I handle it in EdgeOS

set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service dns forwarding name-server 10.1.1.show 4
set service dns forwarding name-server 1.1.1.1
set service dns forwarding name-server 8.8.8.8
set service dns forwarding options server=/domain.local/10.1.1.4
set service dns forwarding options server=/domain/10.1.1.4
set system domain-name domain.local 
set system name-server 127.0.0.1

And the few absolute core items that I need to 100% resolve get a static host mapping in EdgeOS.

set system static-host-mapping host-name dc02 inet 10.1.1.4
set system static-host-mapping host-name dc02.domain.local inet 10.1.1.4
set system static-host-mapping host-name domain.local inet 10.1.1.4
set system static-host-mapping host-name pbx.domain.com inet 10.1.1.30

Vultr blocks port 25 at an account level. You have to put in a ticket asking to have it removed.

@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch This is from the Nginx website under pitfalls and common mistakes. I read that return's are much faster than rewrites due to not needing to evaluate RegEx(?) which is why you see return listed as a better option. I know you use rewrite and there's a lot you know that I don't so I was just wondering why that is your preference

I updated the OP to reflect this.

Using the return 301 https://$host$request_uri; style.

Problem appears resolved.

There were multiple things causing the problem.

First, Jitsi needs a lot of behind the scenes interconnectivity to all of its pieces. When the Jitsi Meet system is on a public IP with nothing in front of it, these are all localhost calls so it all just works.

But moving it behind NAT causes one issue, while moving it behind NginX on a separate server caused a second.

First NAT. If you run Jitsi-Meet behind NAT, you need to update /etc/jitsi/videobridge/sip-communicator.properties with the following two lines.

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=>>YOUR.LAN.IP.ADDRESS<<
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=>>YOUR.PUBLIC.IP.ADDRESS<<

For example, mine looks like this:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.254.0.104
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=207.244.223.13

Second is NginX. If you are running Jitsi-Meet behind an NginX Reverse Proxy that resides separate from Jitsi, then you need to first allow in TCP port 5280 to the Jitsi server's firewall.

ufw allow in 5280/tcp

Then you need to setup the following location blocks in your NginX config. Obviously changing the IP addresses to your internal IP.

    location / {
        ssi on;
        proxy_pass https://10.254.0.104/;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
    # BOSH
    location /http-bind {
        proxy_pass http://10.254.0.104:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location /xmpp-websocket {
        proxy_pass              http://10.254.0.104:5280/xmpp-websocket;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection "upgrade";
        proxy_set_header        Host $host;
        tcp_nodelay             on;
    }

If they are an AD environment, it is hard to beat just using Hyper-V Server + Veeam.

On a new install of FreePBX 14, one of the first things I do after it is up and installed is to remove all of the commercial modules that are not going to be used.

Why? Because if they are not going to be used, I don't want to be spammed about updates to them.

Here is an example from a client system.

fwconsole ma listonline | grep Commercial

Module Name	Version	Status	License
areminder		Not Installed (Available online: 14.0.4.2)	Commercial
broadcast		Not Installed (Available online: 14.0.1.10)	Commercial
callaccounting		Not Installed (Available online: 14.0.5)	Commercial+
callerid		Not Installed (Available online: 13.0.8.13)	Commercial
calllimit		Not Installed (Available online: 13.0.5.5)	Commercial
conferencespro		Not Installed (Available online: 14.0.2.5)	Commercial
cos		Not Installed (Available online: 13.0.12.2)	Commercial
endpoint	14.0.2.155	Enabled and up to date	Commercial
extensionroutes		Not Installed (Available online: 13.0.10.7)	Commercial
faxpro		Not Installed (Available online: 14.0.4)	Commercial
freepbx_ha		Not Installed (Available online: 13.0.11)	Commercial
pagingpro		Not Installed (Available online: 14.0.2.2)	Commercial
parkpro		Not Installed (Available online: 13.0.30.3)	Commercial
pinsetspro		Not Installed (Available online: 13.0.9.13)	Commercial
pms		Not Installed (Available online: 14.0.2.25)	Commercial
queuestats		Not Installed (Available online: 14.0.1.19)	Commercial
qxact_reports		Not Installed (Available online: 14.0.7.8)	Commercial
recording_report		Not Installed (Available online: 14.0.1.16)	Commercial
restapps	13.0.92.23	Enabled and up to date	Commercial
sangomacrm		Not Installed (Available online: 14.0.1.14)	Commercial
sipstation		Not Installed (Available online: 14.0.1.8)	Commercial
sms	14.0.4.6	Enabled and up to date	Commercial
sysadmin	14.0.22	Enabled and up to date	Commercial
vega		Not Installed (Available online: 14.0.3.10)	Commercial+
vmnotify		Not Installed (Available online: 14.0.1.1)	Commercial
voicemail_report		Not Installed (Available online: 13.0.13.3)	Commercial
vqplus		Not Installed (Available online: 14.0.1.18)	Commercial
webcallback		Not Installed (Available online: 13.0.11.2)	Commercial
zulu	14.0.4.6	Enabled and up to date	Commercial

This is how I remove everything.
I should really turn this into a script, but it is fast enough manually, and I don't do it like every day or anything.

1. Disable all the modules to be removed.

fwconsole ma disable areminder
...
fwconsole ma disable webcallback

2. Reload everything.

fwconsole reload

3. Uninstall and delete the modules

fwconsole ma uninstall areminder
...
fwconsole ma uninstall webcallback
fwconsole ma delete areminder
...
fwconsole ma delete webcallback

4. Reload everything.

fwconsole reload

I wrote this a while back but never made a dedicated topic.

https://github.com/sorvani/freepbx-helper-scripts/blob/master/ContactManager_to_Yealink_AddressBook/cm_to_yl_ab.php

To use this, you need to drop it on your FreePBX in the /var/www/html folder

cd /var/www/html
wget https://raw.githubusercontent.com/sorvani/freepbx-helper-scripts/master/ContactManager_to_Yealink_AddressBook/cm_to_yl_ab.php
chown asterisk:asterisk cm_to_yl_ab.php

Then edit it to reflect the appropriate group.

nano cm_to_yl_ab.php

Change this line to match what is in the Contact Manager. (in my shot below this would become Clients.

// Edit this varibale to match the name of hte group in Contact Manager
$contact_manager_group = "SomeName";

Contact manager is located under Admin

There are groupings. I always make these "external"

You can then navigate to your PBX like this: http://pbx.domain.com/cm_to_yl_ab.php

You put it in your Yealink phone config like this.
Note: Remote Phonebook 1 = XML Phonebook 0 in the DSS key

remote_phonebook.data.1.name = ContactManager
remote_phonebook.data.1.url = http://pbx.domain.com/cm_to_yl_ab.php
programablekey.1.type = 22
programablekey.1.label = Contacts
programablekey.1.xml_phonebook = 0

Or if you do it manually in the phone GUI.

I had a Debian 9.6 (was originally 9.1) that has not powered off or rebooted correctly for a while.

As it was just a once a month thing (my reboot schedule), I never really looked into it. I just hard killed the VM and and turned it back on.

The shutdown process was getting to "reached target shutdown" and just hanging.

A little poking at Google told me to try to rebuild the initramfs.
I did and now the system reboots properly again.

sudo update-initramfs -u