TITLE: #189 - Using the Special CSI Verification Feature KEYWORDS: security csi verification wrong number RELEASE: by special arrangement CLASSIFICATION: All PROBLEM: Customer wishes to provide an additional level of security by having the software compare the Called Station Identifier (CSI) against the expected value stored previously in a file. This will prevent faxes being sent to unauthorised numbers and/or being sent to fax machines that do not return the expected CSI value. Note that support for CSI Verification is a special option available at additional cost. Please contact Faximum Software for details. CAUSE: N/A SOLUTION: This TechNote explains how to configure and use the CSI Verification feature. 1. - Define the Valid Phone Numbers and CSI Values -------------------------------------------------- The first step is to define a list of fax numbers that may be dialled along with the CSI value that is expected from the machine. The general format of the CSI verification file is: fax machine phone number:"expected CSI string" for example, 9268182:"1 604 926 8182" The left hand side (LHS) must match exactly the number dialled by the software. In particular, it must have any access codes that may be inserted by the server prior to dialling (for example, "9," etc.). Any punctuation other than the characters !@$, are ignored, as are spaces. The right hand side (RHS) may be in one of three forms: "CSI String" If you wish to match a particular CSI string then put the string to match within quotation marks. Wildcards are not permitted. * If you wish to match any CSI string, or none at all, then use a single asterisk. nothing If you wish to match machines that do not send a CSI string, then put nothing after the comma. Note that blank lines are permitted anywhere in this file. Any line that starts with the slash character '/' will be considered a comment and ignored. 2. - Enable CSI Verification ---------------------------- The next step is to enable CSI verification. You may enable CSI verification on a line-by-line basis (for multi-line systems that have assigned different lines to different applications or groups of users) or on a system-wide basis. To enable CSI verification on a line-by-line basis, edit the fax line configuration file (see below for the appropriate directory) for the line(s) of interest and add a line of the form: csi-verification-file = /opt/FAXserver/validcsi where /opt/FAXserver/validcsi is replaced by the full pathname of the file of valid CSIs that you created in step 1 above. The fax line configuration files are typically named fax-line-1, fax-line-2, etc. and may be found in the following directories: System Pathname -------------------- ------------------ Faximum PLUS 2.2 /opt/faximum/dev Faximum Client/Server on HP-UX 10.x /etc/opt/faximum/dev Faximum Client/Server (all others) /opt/FAXserver/dev To enable CSI verification system-wide, add the same line to the /etc/faximum.conf file. 3. - Obtaining CSIs Values -------------------------- One of the problems with setting up CSI verification is obtaining (accurately) the CSI values for the fax machine you wish to communicate with. One method is to enable CSI logging but not to enable CSI verification. All faxes that are sent will have the CSI of the receiving fax machine logged. You can then scan the log file and pull out those CSIs that you wish to use. Once CSI verification is enabled, any CSIs that are missing or that fail will be logged so that you may see why the verification failed and obtain the correct CSI if you wish to add it to the file. To enable CSI logging add the following line to your /etc/faximum.conf file: log-level = 2 When this is enable you will see lines similar to the following in your fax system log: 07/07/98 21:58:55: mfax[19149,0]: CSI = <1 604 926 8182>("1 604 926 8182") Use the form of the CSI that appears within parenthesis at the end of the line. The other method is to use mfax to send a test fax to the desired machine to obtain its CSI. This can be done simply by, for example, running the following commands: cd /tmp echo "This is a test fax. Please ignore." > junk /opt/faximum/bin/asciitiff junk /opt/faximum/lib/mfax tx -f fax-line-1 -p 9268182 -v junk.tif You ought to see output similar to the following: mfax: called station id: 1 604 926 8182 Note that on Faximum Client/Server systems you will need to replace /opt/faximum with /opt/FAXserver in the above commands. Obviously you will also need to replace 9268182 with the fax number of the machine you wish to interrogate. Please contact Faximum Technical Support should you experience any difficulty configuring or using the CSI Verification feature. Tech Note: 189 - Copyright 1998 Faximum Software Inc., All Rights Reserved. Last Updated: Mon Jul 13 22:57:08 PDT 1998 The complete set of Faximum TechNotes are available on the Internet at http://www.faximum.com/TechSupport
© Copyright 2001 Faximum Software Inc. All Rights Reserved.