Hostifi users - how are you doing notifications?

[HCHTech]

As in the title. Because our list was so small, we have been using the "Sites Overview" screen to see all clients and drilling down as necessary if anything turns red.

This isn't a scalable solution of course, so I've been trying to setup email notifications, and as always, using Office365 is a struggle. Does anyone have this working and willing to share their settings? Hostifi support offered the helpful "We haven't been able to get this working with Office365".

 

[YeOldeStonecat]

I haven't tried 365, way back when we just set it up with our own SMTP linux servers...we had 2x of them.
Now that you remind me, since we're retiring those, we're just redoing to SMTP2GO which we love.

Else, assuming you have freebie licenses with your MS program, just create an online mailbox for unifi@hchtech.orgy ...password..and there ya go, authenticated for Unifi.

 

[YeOldeStonecat]

Those guys at Hostifi are great, love their service.

So nice to not have to manage your own servers anymore, dealing with backups, Unifi version upgrades, host OS upgrades, security of it all, etc. They vet out the upgrades before rolling them out. Safwan answers any support question pretty darn quick.

 

[HCHTech]

Those guys at Hostifi are great, love their service.

So nice to not have to manage your own servers anymore, dealing with backups, Unifi version upgrades, host OS upgrades, security of it all, etc. They vet out the upgrades before rolling them out. Safwan answers any support question pretty darn quick.

On this issue, Safwan was a failure - he ultimately responded with "We haven't been able to make it work with Office 365". Somehow I doubt that resolution, so I opened a ticket directly with Ubiquiti. Of course, their first response was "where are you hosting", which is undoubtedly going to be met with a suggestion to contact hostifi's support.

We'll see.

I have an O365 address: notifications@mydomain.com. This is where I want to send the notifications. It works - I'm using it for all of my synology installs and random other things as well.

So, I created a distribution group, ubiquiti@mydomain.com. I gave notifications@mydomain.com SendAs permissions in the Exchange Admin Center. I've put smtp.office365.com in for the hostname on the controller SMTP Server section. I've tried port 25 & 587 without SSL and port 465 with SSL. I have "Enable Authentication" checked in the controller, and I'm using the notifications@mydomain.com and it's password there. I have "Specify sender address" checked, and I'm using the distribution group address there: ubiquiti@mydomain.com

When I attempt to send a test email, it doesn't work, and the error message is "There was an error sending the test email to address@domain.com. Failed to send email for unknown reasons."

The error in the controller log is "[2021-06-23T21:42:57,692] <webapi-4150> WARN event - fail to send email: api.err.SmtpSendFailed"

There is nothing in either error message to give me direction, hence reaching out to support of both hostify and ubiquiti. I've already struck out with hostifi, and I'm expecting finger-pointing from Ubiquiti, but hoping to be pleasantly surprised. We'll see.

 

[Sky-Knight]

That looks an awful lot like an SMTP blacklist.

Which is one of the many reasons why all my Unifi stacks have local controllers. Hostifi is good people, but I'm incompatible with their entire business model.

 

[YeOldeStonecat]

Try the IP range of Hostifi added to your SPF record?

Before the 365 days, and SMTP2GOs independence, we used to add as shortened name of our name to clients SPF records.

 

[marley1]

We use smtp2go on our Unifi and forward alerts to places.

We also have a script that polls API health from the controller directly into our RMM.

We self host due to number of devices. Minimal investment.

 

[YeOldeStonecat]

Which is one of the many reasons why all my Unifi stacks have local controllers. Hostifi is good people, but I'm incompatible with their entire business model.

We split it up.....clients that are "one time setup", and/or on "pay as you go"....they get a Cloud Key. Rough guess...we have just under a hundred sites in our unifi.ui account portal.
But clients on one of our 3x MSP plans....no way I want to spend time managing individual CKs or locally spun up controllers, firmware updates on the CKs, Unifi updates on the CKs, ensuring backups within the CKs, so they go on Hostifi. I'd have to hire a whole new kid just to sit on those. Think we're nearing 175 sites in Hostifi.

 

[HCHTech]

firmware updates on the CKs, Unifi updates on the CKs, ensuring backups within the CKs, so they go on Hostifi. I'd have to hire a whole new kid just to sit on those. Think we're nearing 175 sites in Hostifi.

A tangent - I'm new this year with Hostifi, so I could be wrong, but they don't do firmware updates on the devices, right? How often do you do those and what's the safe waiting period after a new release based on your experience? I'm still ironing out our maintenance steps, trying hard to NOT settle for "whenever we get around to it" - haha.

Try the IP range of Hostifi added to your SPF record?

Ah - this is a good thought, I'll take care of that. ...although, I haven't had to do this for the 25 or so synology boxes we have using that notification email

That looks an awful lot like an SMTP blacklist.

I would be having bigger problems if that would be the case, I'd think. Just checked - I'm clean.

 

[YeOldeStonecat]

A tangent - I'm new this year with Hostifi, so I could be wrong, but they don't do firmware updates on the devices, right? How often do you do those and what's the safe waiting period after a new release based on your experience? I'm still ironing out our maintenance steps, trying hard to NOT settle for "whenever we get around to it" - haha.

Correct, Hostifi doesn't do that for you...they'd have an army of pitchforks chasing them.
As much as I love Ubiquiti...yes I'll admit their updates are often too rushed and not fully cooked in the oven, so I don't rush out and do firmware updates soon as they're out. Hostifi vets the Unifi controller versions carefully before they'll upgrade their servers.

I do have a couple of larger sites close to me, set for automatic firmware updates (there's a checkbox in the controller for that under each site). And I only do that with larger sites close to me...so if a bum firmware update comes out, it's not a long drive to go reset stuff. Also just a couple of sites...so that if there WAS a bad firmware update, I won't have 175 or so client sites call calling me out of the blue one morning.

But for the most part, firmware updates for APs at a site are easy, can do the "rolling upgrade" which is just one action by you, and it rolls down the list of all the APs one at a time. For switches, I prefer to do those manually anyways like I always did even before the Ubiquiti days...I don't want to have a stack of switches at an important client go tango uniform on me and have an unexpected 911 call in the morning.

I don't have a need to keep up with every update. Firmware at each site once per year, maybe twice or a little more. But not every month for every update.

 

[Sky-Knight]

@HCHTech And? That's all billable time!

This concept of offloading mission critical infrastructure to some other random party is what I'm hostile to. You do you of course, but core functionality for all of my customers is my problem, it's what I'm paid to do, and I'll be darned if I'm pawning that off on someone else!

Also, the black listing would be against Hostifi's IPs going into M365. If you cannot get unauthenticated SMTP to work against TCP 25 of your M365 MX record... it's being blocked by something fundamental. Sure, mail going there might get caught as spam, but if it's just flat not working? That's a black list, the hostify container has no ability to actually deal with SMTP, SOMETHING fundamental.

I do controller / firmware updates at most quarterly, most of the time semi-annually. Automatic updates are off.

 

[HCHTech]

@HCHTech And? That's all billable time!

I'm not sure what you are replying to here, so I'm going to skip this one - The goal is always to bill for my time, so I'm hyper-aware of that, thanks.

This concept of offloading mission critical infrastructure to some other random party is what I'm hostile to. You do you of course, but core functionality for all of my customers is my problem, it's what I'm paid to do, and I'll be darned if I'm pawning that off on someone else!

Yes - you seem hostile. First of all, it is not "some random party", it's an ongoing business setup for just this purpose. If they can do this job and it costs me less than it would cost in time to do it myself, then that's a win. Current problems notwithstanding, my experience with Hostifi has been very good and the cost/benefit ratio is favorable.

Also, the black listing would be against Hostifi's IPs going into M365. If you cannot get unauthenticated SMTP to work against TCP 25 of your M365 MX record... it's being blocked by something fundamental. Sure, mail going there might get caught as spam, but if it's just flat not working? That's a black list, the hostify container has no ability to actually deal with SMTP, SOMETHING fundamental.

As I understand it, the traffic comes from my controller, which is a single IP. I have confirmed that IP is not on a blacklist. I've been in the field most of the day today so no time to further troubleshoot this, but I'm sure I can see what's happening at my tenant once I find the correct log to look at.

 

[YeOldeStonecat]

I'd chalk it up to Unifi's SMTP service not getting along well with smtp.office365.com. Not a Hostifi issue, it's a Unifi quirk...and Unifi isn't alone in that party.
We've seen this for the longest time with MFPs and other peripheral devices, or...SMTP engines built into websites to shoot contact emails out from the website. I've battled those til I had less than 3 hairs left in my head. One of the reasons we spun up linux servers to handle our clients SMTP needs back then, and...we jumped to SMTP2GO to replace that (because I don't want to maintain security of more servers myself anymore).

 

[Sky-Knight]

When you're on Hostifi do your controllers have a consistent IP address?

If so, you can simply add that address to your SPF record, and hit the MX record on TCP 25. The mail-protection-outlook.bla bla one. That's what I use for stubborn things, and it's never let me down. But there's no authentication, so there's no relaying either UNLESS I have mail going to a shared mailbox with a forward on it.

 

[YeOldeStonecat]

When you're on Hostifi do your controllers have a consistent IP address?

Yes, cuz we made an a-record for ours (just like I used to do with my prior ones I whipped up at Rackspace or Linode)_...."unifi.yeoldestonecat.orgy"

 

[Sky-Knight]

Yes, cuz we made an a-record for ours (just like I used to do with my prior ones I whipped up at Rackspace or Linode)_...."unifi.yeoldestonecat.orgy"

Oh then... why muck with authentication? It's an ip4:whatever record in your SPF and you can unauthenicated transmit straight at TCP 25 on the MX record for your tenant. Sure it can't notify random domains that way, but these are yours... so all email to one place and done?