Skip to content

Configure Email and DNS (Sysadmin)

The System Admin module (sometimes called "Sysadmin Pro" — separate from the menu category "System Admin") manages host-level settings: SMTP relay (for VM-to-email and notifications), DNS resolvers, time zone, network interfaces, hostname, intrusion detection.

Before You Start

  • Decide which SMTP relay to use (Gmail with app password, Sangoma SMTP, an internal mail server, SendGrid, etc.).
  • For DNS: prefer 1.1.1.1 / 1.0.0.1 (Cloudflare) or 8.8.8.8 / 8.8.4.4 (Google) over carrier defaults.

Steps

Email setup

  1. Go to System Admin → SysadminEmail Setup tab.
  2. Pick SMTP Configuration:
    • No relay — Postfix delivers directly. Often blocked by recipient mail servers (no SPF/DKIM). Don't use for production.
    • SMTP Relay — recommended. Fill in:
      • Server — e.g. smtp.gmail.com:587, smtp.sendgrid.net:587.
      • Username — sending email address (e.g. notifications@example.com).
      • Password — app password / API key.
      • Use TLSYes for port 587.
  3. From Address — what From: header to set on outbound emails. Should match a sending address allowed by the relay.
  4. Click Submit.
  5. Test:
echo "test message" | mail -s "Test from UnifiedBX" you@example.com
tail -f /var/log/maillog

DNS setup

  1. SysadminNetwork Settings tab.
  2. DNS section:
    • DNS 11.1.1.1.
    • DNS 28.8.8.8.
  3. Click Submit. Tests resolution immediately.

Time zone & NTP

  1. SysadminTime Zone tab.
  2. Pick zone (America/New_York for ET).
  3. NTP server — pool.ntp.org is the default, fine for most.
  4. Submit. System time syncs.

Hostname

  1. SysadminHostname tab.
  2. Set the FQDN (e.g. pbx.client.com). Should match DNS records and any TLS certs.
  3. Submit. System will need a reload.

Intrusion Detection (Fail2ban)

  1. SysadminIntrusion Detection tab.
  2. Toggle on. Default rules block SIP/SSH/HTTP brute force.
  3. Whitelist — your management IPs (CRITICAL — don't lock yourself out).
  4. Ban duration1 hour is reasonable.
  5. Submit.

Verify

  • Email: send a test VM, confirm email arrives.
  • DNS: dig google.com from the host.
  • Time: date shows correct local time.
  • Hostname: hostname -f shows full FQDN.

Common Issues

  • Test email "permission denied." Postfix can't write spool. chown -R postfix:postfix /var/spool/postfix/ and restart Postfix.
  • Email shows in /var/log/maillog as "deferred." Relay rejecting auth. Check username/password; for Gmail, must be an "App Password," not the account password (and 2FA must be on).
  • DNS resolution intermittently fails. Both DNS servers down or slow. Add a third in /etc/resolv.conf manually (Sysadmin only stores 2).
  • Fail2ban blocks legit users. Add their IP to whitelist. Or check /var/log/fail2ban.log for what triggered.
  • Hostname change breaks Apache. Cert SAN no longer matches. Regenerate Let's Encrypt cert with new hostname.