Home How To Allow Leilani To Manage Voicemail on an Asterisk Server

Allow Leilani To Manage Voicemail on an Asterisk Server

Last updated on Mar 05, 2026

Leilani Voicemail Integration Guide (Asterisk / Debian)

This guide explains how to configure a Debian or Ubuntu server running Asterisk so that Leilani can remotely manage voicemail on behalf of users.

Leilani connects using a restricted SFTP account. The account is jailed to a limited portion of the filesystem and only has read-only access to the Asterisk voicemail directories.

Requirements

Before beginning, ensure you have:

  • Root or sudo access to a Debian/Ubuntu server running Asterisk

  • OpenSSH (sshd) installed and running

  • A Leilani agent registered to an extension on the same Asterisk server

  • Network access allowing TCP port 22 (or your configured SSH port) from Leilani to your server

1. Create the SFTP User

Create a dedicated user that will only be used by Leilani.

sudo useradd -s /usr/sbin/nologin -M leilani

Explanation of the options:

  • -s /usr/sbin/nologin

    Prevents the user from logging in with a shell.

  • -M

    Prevents creation of a home directory.

  • leilani

    The username that will be used by Leilani when connecting over SFTP.

Set a password for the user:

sudo passwd leilani

Because this account is used programmatically by Leilani, it is recommended to use a random password of at least 32 characters.

2. Create the Chroot Jail

The SFTP user must be restricted to a controlled directory on the filesystem.

Create the directory:

sudo mkdir -p /sftp/leilani

Set the required permissions:

sudo chown root:root /sftp /sftp/leilani
sudo chmod 755 /sftp /sftp/leilani

Important:

  • The directory used for an SSH chroot must be owned by root

  • It must not be writable by other users

If these permissions are incorrect, SSH will refuse the connection.

3. Create Mount Points Inside the Jail

The jail needs directories that mirror where Asterisk stores voicemail data.

Create the required directories:

sudo mkdir -p /sftp/leilani/var/spool/asterisk/voicemail/default
sudo mkdir -p /sftp/leilani/etc/asterisk

Create a placeholder for the voicemail configuration file:

sudo touch /sftp/leilani/etc/asterisk/voicemail.conf

These directories will later be connected to the real system paths using bind mounts.

4. Configure Persistent Bind Mounts

Bind mounts expose specific system directories inside the SFTP jail.

This allows Leilani to read voicemail files while preventing access to the rest of the server.

Edit /etc/fstab:

sudo nano /etc/fstab

Add the following lines:

/var/spool/asterisk/voicemail/default  /sftp/leilani/var/spool/asterisk/voicemail/default  none  bind  0  0

/etc/asterisk/voicemail.conf           /sftp/leilani/etc/asterisk/voicemail.conf           none  bind  0  0

/sftp/leilani/var/spool/asterisk/voicemail/default  /sftp/leilani/var/spool/asterisk/voicemail/default  none  remount,bind,ro  0  0

/sftp/leilani/etc/asterisk/voicemail.conf           /sftp/leilani/etc/asterisk/voicemail.conf           none  remount,bind,ro  0  0

What these mounts do:

  • The first two lines expose the real Asterisk directories inside the SFTP jail.

  • The second two lines remount those directories as read-only.

  • This allows Leilani to read voicemail files but prevents modification or deletion.

Apply the mounts immediately:

sudo mount -a

Verify they were applied:

mount | grep /sftp/leilani

Because these entries are in /etc/fstab, the mounts will automatically be restored after every reboot.

5. Configure SSH to Restrict the User to SFTP

Edit the SSH daemon configuration:

sudo nano /etc/ssh/sshd_config

Ensure the SFTP subsystem is configured:

Subsystem sftp internal-sftp

Add the following block to the end of the file:

Match User leilani
  ChrootDirectory /sftp/leilani
  ForceCommand internal-sftp -R -d /
  PermitTTY no

Explanation of these settings:

  • Match User leilani

    Applies these restrictions only to the Leilani user.

  • ChrootDirectory /sftp/leilani

    Restricts filesystem access to the SFTP jail.

  • ForceCommand internal-sftp

    Prevents shell access and forces the SFTP subsystem.

  • -R

    Enables read-only mode.

  • -d /

    Sets the jail root as the starting directory.

  • PermitTTY no

    Disables terminal access.

Reload the SSH service:

sudo systemctl reload sshd || sudo systemctl reload ssh

6. Configure the Mailbox URL in Leilani

Within the Leilani Console:

  1. Navigate to Configuration

  2. Locate the Mailbox setting

  3. Enter the SFTP connection URL

Example:


sftp://leilani:[password]@[host:port]

Replace the following values:

  • leilani — the SFTP username

  • [password] — the password created earlier

  • [host] — your server hostname or IP address

  • [port] — optional if using the default SSH port (22)

Save the configuration.

Result

Leilani will now automatically discover voicemail mailboxes and allow users to retrieve messages through the voice interface.

Users can:

  • Say "voicemail"

  • Dial *86

They will be prompted for their mailbox PIN, after which Leilani will retrieve and play their voicemail messages.