(http://www.faximum.com/technotes/189)
TITLE: #189 - Using the Special CSI Verification Feature
KEYWORDS: security csi verification wrong number
RELEASE: by special arrangement
CLASSIFICATION: All
PROBLEM: Customer wishes to provide an additional level of security by
having the software compare the Called Station Identifier
(CSI) against the expected value stored previously in a file.
This will prevent faxes being sent to unauthorised numbers
and/or being sent to fax machines that do not return the
expected CSI value.
Note that support for CSI Verification is a special option
available at additional cost. Please contact Faximum Software
for details.
CAUSE: N/A
SOLUTION: This TechNote explains how to configure and use the CSI
Verification feature.
1. - Define the Valid Phone Numbers and CSI Values
--------------------------------------------------
The first step is to define a list of fax numbers that may
be dialled along with the CSI value that is expected from
the machine. The general format of the CSI verification
file is:
fax machine phone number:"expected CSI string"
for example,
9268182:"1 604 926 8182"
The left hand side (LHS) must match exactly the number dialled
by the software. In particular, it must have any access codes
that may be inserted by the server prior to dialling (for
example, "9," etc.). Any punctuation other than the characters
!@$, are ignored, as are spaces.
The right hand side (RHS) may be in one of three forms:
"CSI String"
If you wish to match a particular CSI string
then put the string to match within quotation
marks. Wildcards are not permitted.
*
If you wish to match any CSI string, or none at
all, then use a single asterisk.
nothing
If you wish to match machines that do not send a
CSI string, then put nothing after the comma.
Note that blank lines are permitted anywhere in this file.
Any line that starts with the slash character '/' will be
considered a comment and ignored.
2. - Enable CSI Verification
----------------------------
The next step is to enable CSI verification. You may enable
CSI verification on a line-by-line basis (for multi-line
systems that have assigned different lines to different
applications or groups of users) or on a system-wide basis.
To enable CSI verification on a line-by-line basis, edit
the fax line configuration file (see below for the appropriate
directory) for the line(s) of interest and add a line of
the form:
csi-verification-file = /opt/FAXserver/validcsi
where /opt/FAXserver/validcsi is replaced by the full pathname
of the file of valid CSIs that you created in step 1 above.
The fax line configuration files are typically named fax-line-1,
fax-line-2, etc. and may be found in the following directories:
System Pathname
-------------------- ------------------
Faximum PLUS 2.2 /opt/faximum/dev
Faximum Client/Server on HP-UX 10.x /etc/opt/faximum/dev
Faximum Client/Server (all others) /opt/FAXserver/dev
To enable CSI verification system-wide, add the same line to
the /etc/faximum.conf file.
3. - Obtaining CSIs Values
--------------------------
One of the problems with setting up CSI verification is obtaining
(accurately) the CSI values for the fax machine you wish to
communicate with.
One method is to enable CSI logging but not to enable CSI
verification. All faxes that are sent will have the CSI of
the receiving fax machine logged. You can then scan the log
file and pull out those CSIs that you wish to use. Once CSI
verification is enabled, any CSIs that are missing or that
fail will be logged so that you may see why the verification
failed and obtain the correct CSI if you wish to add it to
the file.
To enable CSI logging add the following line to your
/etc/faximum.conf file:
log-level = 2
When this is enable you will see lines similar to the
following in your fax system log:
07/07/98 21:58:55: mfax[19149,0]: CSI = <1 604 926 8182>("1 604 926 8182")
Use the form of the CSI that appears within parenthesis at the
end of the line.
The other method is to use mfax to send a test fax to the
desired machine to obtain its CSI. This can be done simply
by, for example, running the following commands:
cd /tmp
echo "This is a test fax. Please ignore." > junk
/opt/faximum/bin/asciitiff junk
/opt/faximum/lib/mfax tx -f fax-line-1 -p 9268182 -v junk.tif
You ought to see output similar to the following:
mfax: called station id: 1 604 926 8182
Note that on Faximum Client/Server systems you will need to
replace /opt/faximum with /opt/FAXserver in the above commands.
Obviously you will also need to replace 9268182 with the fax
number of the machine you wish to interrogate.
Please contact Faximum Technical Support should you experience
any difficulty configuring or using the CSI Verification
feature.
Tech Note: 189 - Copyright 1998 Faximum Software Inc., All Rights Reserved.
Last Updated: Mon Jul 13 22:57:08 PDT 1998
The complete set of Faximum TechNotes are available on the Internet at
http://www.faximum.com/TechSupport
© Copyright 2001 Faximum Software Inc. All Rights Reserved.