Faximum TechNote #189

Faximum TechNote #189


TITLE:    #189 - Using the Special CSI Verification Feature

KEYWORDS: security csi verification wrong number

RELEASE: by special arrangement


PROBLEM:  Customer wishes to provide an additional level of security by
	  having the software compare the Called Station Identifier
	  (CSI) against the expected value stored previously in a file.

	  This will prevent faxes being sent to unauthorised numbers
	  and/or being sent to fax machines that do not return the
	  expected CSI value.

	  Note that support for CSI Verification is a special option
	  available at additional cost.  Please contact Faximum Software
	  for details.


SOLUTION: This TechNote explains how to configure and use the CSI
	  Verification feature.

	  1. - Define the Valid Phone Numbers and CSI Values

	  The first step is to define a list of fax numbers that may
	  be dialled along with the CSI value that is expected from
	  the machine. The general format of the CSI verification
	  file is:

		fax machine phone number:"expected CSI string"
	  for example,

		9268182:"1 604 926 8182"
	  The left hand side (LHS) must match exactly the number dialled
	  by the software. In particular, it must have any access codes
	  that may be inserted by the server prior to dialling (for
	  example, "9," etc.). Any punctuation other than the characters
	  !@$, are ignored, as are spaces.

	  The right hand side (RHS) may be in one of three forms:

		"CSI String"
			If you wish to match a particular CSI string
			then put the string to match within quotation
			marks. Wildcards are not permitted.
			If you wish to match any CSI string, or none at
			all, then use a single asterisk.
			If you wish to match machines that do not send a
			CSI string, then put nothing after the comma.

	  Note that blank lines are permitted anywhere in this file.
	  Any line that starts with the slash character '/' will be
	  considered a comment and ignored.

	  2. - Enable CSI Verification

	  The next step is to enable CSI verification. You may enable
	  CSI verification on a line-by-line basis (for multi-line
	  systems that have assigned different lines to different
	  applications or groups of users) or on a system-wide basis.

	  To enable CSI verification on a line-by-line basis, edit
	  the fax line configuration file (see below for the appropriate
	  directory) for the line(s) of interest and add a line of
	  the form:

		csi-verification-file = /opt/FAXserver/validcsi
	  where /opt/FAXserver/validcsi is replaced by the full pathname
	  of the file of valid CSIs that you created in step 1 above.

	  The fax line configuration files are typically named fax-line-1,
	  fax-line-2, etc. and may be found in the following directories:

		System					Pathname
		--------------------			------------------
		Faximum PLUS 2.2			/opt/faximum/dev
		Faximum Client/Server on HP-UX 10.x	/etc/opt/faximum/dev
		Faximum Client/Server (all others)	/opt/FAXserver/dev

	  To enable CSI verification system-wide, add the same line to
	  the /etc/faximum.conf file.

	  3. - Obtaining CSIs Values

	  One of the problems with setting up CSI verification is obtaining
	  (accurately) the CSI values for the fax machine you wish to
	  communicate with.

	  One method is to enable CSI logging but not to enable CSI
	  verification.  All faxes that are sent will have the CSI of
	  the receiving fax machine logged.  You can then scan the log
	  file and pull out those CSIs that you wish to use.  Once CSI
	  verification is enabled, any CSIs that are missing or that
	  fail will be logged so that you may see why the verification
	  failed and obtain the correct CSI if you wish to add it to
	  the file.

	  To enable CSI logging add the following line to your
	  /etc/faximum.conf file:
		log-level = 2

	  When this is enable you will see lines similar to the
	  following in your fax system log:

    07/07/98 21:58:55: mfax[19149,0]: CSI = <1 604 926 8182>("1 604 926 8182")

	  Use the form of the CSI that appears within parenthesis at the
	  end of the line.

	  The other method is to use mfax to send a test fax to the
	  desired machine to obtain its CSI.  This can be done simply
	  by, for example, running the following commands:

	      cd /tmp
	      echo "This is a test fax.  Please ignore." > junk
	      /opt/faximum/bin/asciitiff junk
	      /opt/faximum/lib/mfax tx -f fax-line-1 -p 9268182 -v junk.tif
	  You ought to see output similar to the following:

	     mfax: called station id: 1 604 926 8182

	  Note that on Faximum Client/Server systems you will need to
	  replace /opt/faximum with /opt/FAXserver in the above commands.

	  Obviously you will also need to replace 9268182 with the fax
	  number of the machine you wish to interrogate.

	  Please contact Faximum Technical Support should you experience
	  any difficulty configuring or using the CSI Verification

Tech Note: 189 - Copyright 1998 Faximum Software Inc., All Rights Reserved.
Last Updated: Mon Jul 13 22:57:08 PDT 1998
The complete set of Faximum TechNotes are available on the Internet at

Copyright 2001 Faximum Software Inc. All Rights Reserved.