Configuring email relay for voicemails

Table of contents

1. Introduction

When using Presence Suite with OpenGate, it is possible to configure voice mailbox extensions for the caller to leave voice messages. These messages can be emailed for an easier notification and further review. However, as security policies are becoming increasingly more strict, these messages may be either filtered out as spam or deleted by the server.

By default, emails are not sent using the authentication feature. Configuring a mail account with authentication through a user and password could be an option. However, this configuration type is becoming increasingly deprecated and most providers are currently forcing the use of OAuth 2.0. This authentication type requires an interaction with the user, who must agree to grant permissions to an application for sending emails on their behalf. This is not possible for many applications, such as voice mailboxes.

Commonly, the mail server that emails will be delivered to is selected based on the recipient's address. Configuring a relay server, emails will be delivered to this server.

Because of the existing differences amongst the many SMTP relay services, it is impossible to provide detailed information on all of them. This document covers exclusively the configuration details for Presence OpenGate Master and the configuration of voice mailboxes in Presence Suite. 

For an OpenGate environment with multiple nodes, you only have to configure Presence OpenGate Master because this is the sole module to manage voice mailboxes.

2. Setting up a SMTP relay server with no authentication

This is the most simple option concerning the configuration in OpenGate. Also, the different providers suggest this option for controlled environments such as apps, printers, scanners or devices located in the local network of your organization. However, this requires to have permissions not commonly available for personal accounts, advanced know-how, and the configuration under corporate environments only (with Google Workspace, Microsoft Office 365, or configuring your own relay server).

The setup details of each provider can be checked from their official documentation site:

Let's assume here that the provider is set up to take emails from the public, static IP of the environment, with no need for authentication or authorization because you can connect only controlled devices from this IP address. Depending on the configuration set in the provider side or the SMTP relay server, an additional configuration may be necessary. 

In Presence OpenGate Master, you must change the configuration of postfix (the integrated mail server in charge of sending emails) to specify the use of the server you have configured.

  1. Go to OpenGate Master.
  2. Set up the relay server using the command below: 

    postconf -e "relayhost = domain_or_ip:port" 
    1. Where domain_or_ip indicates the server, and port is the port.
    2. Commonly, when using a domain name, follow the format [domain]:port. The square brackets "[, ]" forces postfix to do no MX record lookups in the DNS.
    3. Check for the changes made in the /etc/postfix/main.cf file.
  3. Apply changes by executing the following command: 

    postfix reload
    1. Check to make sure that emails can be sent. Depending on the provider's configuration, restrictions may apply to the sender and recipient emails (e.g., to match the provider's domain or a real user).
    2. Send a test email via command line (edit the sender and recipient addresses): 

      echo "Test email" | mailx -r sender@domain.com -s Test recipient@domain.com
  4. Edit the template configuration to specify the sender.
    1. From Presence Unified Manager, access the Extensions | Voice mailboxes option with an administrator user.
    2. In the Templates tab, edit the items that are being used and make sure that one of them is used with a valid sender.
  5. Verify that voice mailboxes have valid emails configured, and then make a test call.


3. Setting up a SMTP relay server with authentication

In case that the server requires authentication, you must take some additional steps.

This method involves a more advanced configuration in OpenGate, while also imposing a restriction: Only the authenticated user can be used as sender email.

Below are some examples of servers that require authentication:

In Presence OpenGate Master, you must change the configuration of postfix (the integrated mail server in charge of sending emails) to specify the use of the server you have configured.

  1. Go to OpenGate Master.
  2. Set up the relay server using the command below: 

    postconf -e "relayhost = domain_or_ip:port" \
    "smtp_sasl_auth_enable = yes" \
    "smtp_sasl_security_options = noanonymous" \
    "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \
    "smtp_use_tls = yes" \
    "smtp_tls_security_level = encrypt" \
    "smtp_tls_note_starttls_offer = yes" \
    'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'
    1. Where domain_or_ip indicates the server, and port is the port.
    2. Commonly, when using a domain name, follow the format [domain]:port. The square brackets "[, ]" forces postfix to do no MX record lookups in the DNS.
    3. Check for the changes made in the /etc/postfix/main.cf file.
    4. Certain providers may require other configuration parameters (for example, those not using TLS). If in doubt, check with your provider.
    5. The official postfix documentation is available from this page: https://www.postfix.org/postfix-manuals.html.
  3. Add the user and password to the configuration file using the following command: 

    echo 'domain_or_ip:port SMTPUSERNAME:SMTPPASSWORD' > /etc/postfix/sasl_passwd
    1. It is very important that domain_or_ip:port matches the configuration set as "relayhost" (including the square brackets "[, ]", if applicable).
    2. Using the above command will cause the file content to be deleted, If you wish, you may edit the file manually.
    3. Next, execute the following command:

      postmap hash:/etc/postfix/sasl_passwd
    4. Finally, you may improve the security of the created files (access restricted to one administrator) using these commands: 

      chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
      chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
  4. Apply changes by executing the following command: 

    postfix reload
    1. Check to make sure that emails can be sent. Select the user you have just configured as sender.
    2. Send a test email via command line (edit the sender and recipient addresses): 

      echo "Test email" | mailx -r sender@domain.com -s Test recipient@domain.com
  5. Edit the template configuration to specify the sender.
    1. From Presence Unified Manager, access the Extensions | Voice mailboxes option with an administrator user.
    2. In the Templates tab, edit the items that are being used and make sure you are using the sender just configured.
  6. Verify that voice mailboxes have valid emails configured, and then make a test call.