from:"Tim S"

Re: [asterisk-users] Iridium integration / gateway

2018-04-04 Thread Tim S

Hi, I use an Iridium 9555 handset and a "POTSdock".

   This takes a standard 9555 handset, gives it a fixed antenna
mount, and a telco service jack.  Interfacing to the POTSdock, is a
matter of providing an analog POTS interface as if you were attaching
to a standard POTS phone provider.  The dock generated standard
dial-tone and DTMF control.  Iridium provides a test phone number you
can make calls from, and there are serial commands you can issue to
the handset to get service status, and account information, or Iridium
voicemail status.  Be aware that rates are and order or two or three
of magnitude higher than most POTS providers.  Minutes can be in the
multiple USD each range.

I generally do my VoIP as a cost routing:
1st, Cable modem (unlimited data, business internet)
2nd, Cellular Data (data unlimited to 25GB/month, then rate reduced to
5GB/month rate)
3rd, Cellular Voice (unlimited minutes, lower voice quality due to CODEC change)
4th, Iridium Voice (expensive minutes, lowest voice quality due to
CODEC change, very high voice lag 1-3 seconds, more likely to work
while everything else is down locally)

If you want to roll your own embedded VoIP system, the Iridium 9523
modem engine is available as a module at retail, and takes the same
basic serial commands to establish voice or data calls.  The
development manuals are available with a Google search.  Be aware that
FCC or ITU certification is required if you embed an RF module in an
end product - which is why I went the POTSdock route.

I also use the SBD modem modules (both 9603 and 9602) to do basic
telemetry and status reporting when conventional network access is
limited.  The rates for sending a partial packet of data are very
reasonable, and you can message from modem directly to another modem
without traversing the commercial internet or phone infrastructure.
Very useful for rebooting a remote router that has crashed and is
blocking phone or internet access. ;-)

If you've been following the news, SpaceX has been lofting the
IridiumNEXT constellation to replace the legacy constellation from the
1990's (STILL running a good 20 years past design life) - and they are
expecting to modernize their subscriber equipment and rate plans.
They have three more launches to get the complete replacement
constellation in orbit, and they will be fixing the periodic dead
spots in their network as a result.

I can try to answer questions on my use case.

Best,

-Tim

On Tue, Apr 3, 2018 at 10:01 PM, Jean-Denis Girard  wrote:
> Hi list,
>
> I have a request to integrate Iridium in a Asterisk system. A quick
> search didn't return much: I expected to find products similar to GSM
> gateways, but this does not seem to exist. so I'd be very interested
> about possible solutions. Has it be done already, how?
>
>
> Thanks,
> --
> Jean-Denis Girard
>
> SysNux   Systèmes   Linux   en   Polynésie  française
> https://www.sysnux.pf/   Tél: +689 40.50.10.40 / GSM: +689 87.797.527
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Can anyone help with a quick app_record.c module improvement and can explain over-riding modules?

2018-01-20 Thread Tim S

Also, be aware that by creating an audio file, you may need to insert
a pause in your code before the file is:

1) written
2) flushed from cache to disk
3) registered as available to be opened by the OS

I have seen this take over 2 seconds before on a sluggish machine.
You can speed this up a bit by putting the recordings in a RAMDISK
partition on the host - but be careful that you only use short
recordings and clean them up after they are not needed any more.

If that's still not fast enough, there's the Google Speech streaming
API, but I'm not up to snuff on that - essentially you'd need the
functionality of the monitor split to only stream the remote user's
voice, then you'd need to pipe that to a Google Speech API tunnel.
That's probably not something you can hack away at with simple
Asterisk dialplan applications.

Cheers,

-Tim

On Sat, Jan 20, 2018 at 9:53 AM, Antony Stone
<antony.st...@asterisk.open.source.it> wrote:
> On Saturday 20 January 2018 at 18:45:49, Jonathan H wrote:
>
>> Oh, what a good idea! That's exactly the kind of lateral thinking I
>> was hoping someone would come up with.
>>
>> I thought it was called MixMonitor, and tried to wrap my head around
>> it but couldn't.
>
> MixMonitor is related, but different (and as the name suggests, automatically
> mixes the two channels, so I think Tim's suggestion to use Monitor is much
> better.
>
> Note that you may well need to use the 'b' option with Monitor, to make sure
> you can record when there's no bridge between two channels.
>
>> I'll give this a go tomorrow and let you know what I come up with!
>
> Please do report back - this is a useful feature.
>
>
> Antony.
>
>> On 20 January 2018 at 17:03, Tim S wrote:
>> > Just a quick and dirty thought, try the MONITOR application.
>> >
>> >
>> > Pseudo-code:
>> >
>> > Anchor-point
>> > PLAYBACK ("press or say")
>> > MONITOR (use the split audio files mode, not the mixed - this way you can
>> > roughly separate which side did the "talking")
>> > READ (audio file "1 to 5", try to grab one digit)
>> > STOPMONITOR
>> > IF (READ variable timed-out, send the incoming half of the monitor file
>> > to Google Speech)
>> >
>> >  Playback (some sound effect to indicate "thinking" on the Asterisk
>> >  side
>> >
>> > - user feedback is good)
>> >
>> >  Check Google Speech result against a white-list
>> >  IF filtered result was not a valid option
>> >
>> >  PLAYBACK "I didn't understand that"
>> >  GOTO to Anchor-point
>> >
>> >  ELSE
>> >
>> >  Goto next step using valid decoded speech data
>> >
>> > ELSE
>> >
>> >  Check DTMF result against a white-list
>> >  IF filtered DTMFresult was not a valid option
>> >
>> >  PLAYBACK "I didn't understand that"
>> >  GOTO to Anchor-point
>> >
>> >  ELSE
>> >
>> >  Goto next step using valid decoded DTMF data
>> >
>> > Catch-all, should never get here.
>> >
>> > /Pseudo-code
>> >
>> >
>> > Don't forget to filter your user sourced data against your white-list,
>> > always assume users are hostile, this is part of the total picture of
>> > defence-in-depth.
>> >
>> > -Tim
>> >
>> > On Sat, Jan 20, 2018 at 12:42 AM, Jonathan H wrote:
>> >> Hello,
>> >>
>> >> I want to start recording with a prompt of "press or say 1 to 5". If
>> >> no DMTF is pressed, I want to send the recording to Google Speech to
>> >> get the number back (got that part working already).
>> >>
>> >> If any dtmf key is pressed while Application_Record  is running with
>> >> option y, then the recording terminates and sends
>> >> RECORD_STATUS of "DTMF" (A terminating DTMF was received).
>> >>
>> >> But I need to know **what** number that DTMF was, and I can't see a
>> >> way of grabbing it after the fact.
>> >>
>> >> I can see in the code where the right variables are..
>> >>
>> >> https://github.com/asterisk/asterisk/blob/master/apps/app_record.c#L140
>> >> dtmf_response
>> >>
>> >> https://github.com/asterisk/asterisk/blob/master/apps/app_record.c#L166
>> >> * \param dtmf_integer the integer value of the DTMF key received
>> >>

Re: [asterisk-users] Can anyone help with a quick app_record.c module improvement and can explain over-riding modules?

2018-01-20 Thread Tim S

Just a quick and dirty thought, try the MONITOR application.

Pseudo-code:

Anchor-point
PLAYBACK ("press or say")
MONITOR (use the split audio files mode, not the mixed - this way you can
roughly separate which side did the "talking")
READ (audio file "1 to 5", try to grab one digit)
STOPMONITOR
IF (READ variable timed-out, send the incoming half of the monitor file to
Google Speech)
 Playback (some sound effect to indicate "thinking" on the Asterisk
side - user feedback is good)
 Check Google Speech result against a white-list
 IF filtered result was not a valid option
 PLAYBACK "I didn't understand that"
 GOTO to Anchor-point
 ELSE
 Goto next step using valid decoded speech data
ELSE
 Check DTMF result against a white-list
 IF filtered DTMFresult was not a valid option
 PLAYBACK "I didn't understand that"
 GOTO to Anchor-point
 ELSE
 Goto next step using valid decoded DTMF data
Catch-all, should never get here.

/Pseudo-code

Don't forget to filter your user sourced data against your white-list,
always assume users are hostile, this is part of the total picture of
defence-in-depth.

-Tim

On Sat, Jan 20, 2018 at 12:42 AM, Jonathan H  wrote:

> Hello,
>
> I want to start recording with a prompt of "press or say 1 to 5". If
> no DMTF is pressed, I want to send the recording to Google Speech to
> get the number back (got that part working already).
>
> If any dtmf key is pressed while Application_Record  is running with
> option y, then the recording terminates and sends
> RECORD_STATUS of "DTMF" (A terminating DTMF was received).
>
> But I need to know **what** number that DTMF was, and I can't see a
> way of grabbing it after the fact.
>
> I can see in the code where the right variables are..
>
> https://github.com/asterisk/asterisk/blob/master/apps/app_record.c#L140
> dtmf_response
>
> https://github.com/asterisk/asterisk/blob/master/apps/app_record.c#L166
> * \param dtmf_integer the integer value of the DTMF key received
>
> So,3 questions I guess:
>
> 1: Am I going about this the right way? (unimrcp is not an option here)
> 2: Can someone explain in layman's terms how a simpleton like me could
> copy, hack about with and make a new module, like, for example,
> app_record_alt.c, that would stick around each time I updated Asterisk
> from source?
> 3: Or, is anyone willing to make the simple code change to the file to
> improve it to send back the DTMF to the dialplan? For free to improve
> core code? If not, and I posted on the commercial list, how much would
> I be looking at to modify about 6 lines of code and return an extra
> variable?
>
> So, ultimately, I'm hoping for something like:
>
> Currently:
> option "y" returns a RECORD_STATUS of "DTMF" if a key was press
>
> Hopefully:
> option "z" returns a RECORD_STATUS of  showing which key
> was pressed.
> Or possibly even DTMF_VALUE (if an app can return two variables to the
> dialplan?)
>
> I'm sure this would benefit a lot of people.
>
> I posted this a few days ago in the forum at
> https://community.asterisk.org/t/can-anyone-help-with-a-
> quick-app-record-c-module-improvement-and-can-explain-
> over-riding-modules/73221
> but no-one bit, so, I'm hoping this list can help.
>
> Many thanks!
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] SIP invite timeouts : how is someone sending invites from our server ??

2018-01-03 Thread Tim S

IMHO, manual IP-tables is probably better for those who have a single
provider - whitelist only your SIP trunk provider's IP adress (or address
pool).  But... that leads onto a train of thought that might help.

First, realize you don't have to manually read your security logs, you can
script that - and scripts can do things based on the data you are seeing.
But let's start with a topology based on the "Divide and Conquer" principal
for a clean ideal SIP internet connection:


   - If you have an SIP trunking provider and you want to lock down access
   between it and Asterisk - get a separate IP address, and whitelist the
   access to it.
   - Put your public SIP entry-point on a separate IP address, and pop out
   a DNS entry for *sip.**domain.root* and get cracking with the rules that
   limit privileges for that public "anyone" class of user.  Limit the SIP
   public portal IP to only handle VoIP (SIP), this is where fail2ban can be
   helpful.
  - Look for ANY attempts to sniff the SIP only IP address for any
  other ports/protocols - and block them for 2 days (limited time as some
  addresses are DHCP and will move around).
  - Asterisk does decent logging, so use that to your benefit.  As user
  account credential failures come out, you're going to be
generating logs to
  that effect.  Sniff those logs and when you start seeing
failures, trigger
  a script to limit your rate at the firewall from that port.  After a few
  failures you can block that IP for 5 minutes, and send and email to your
  admin for them to take a look.  For script kiddies that should
be enough to
  send the message, but not enough to kill off actual customers.  You don't
  want to even try to permanently block IPs, especially if you're
a business.
  - Now think about your dialplan - you give someone a number to dial
  into right? (i.e. incoming*@sip.domain.root*)  So... take a look at
  the incoming requested extension.  An incoming call from the public user
  should go to a controlled context, if the incoming caller asked for the
  right target, well then you pipe them to your incoming context - if any
  other extension was dialed, log it... use that log data, trigger
a filter,
  send your admin an email, start working it...
   - Outgoing calls NOT going to a SIP trunking provider?  Either:
  1. Run it through your incoming sip.domain.root IP address (separate
  from your trunk provider IP), or...
  2. (Better) run it through a separate IP address that only does
  outgoing SIP calls (so, three IPs for VoIP: 1) SIP-trunk, 2)
SIP-incoming,
  and 3) SIP-outgoing).
   - Now use fail2ban and IP-tables to start punishing kiddies for trying
  to set up a session on your outgoing-only IP address.  Logic
behind it: if
  they were calling your incoming address and not mucking with packets or
  just sniffing, they wouldn't be here...
  - Unless, that is, they called back a number that called them.  So
  you put a simple dial plan in place that plays a message about
what number
  to actually call back for regular service (maybe take a
message?), log it,
  notify the admin - yadda, yadda, yadda...  Don't reward people
for dialing
  your outgoing number, control your lines of communication on
your terms. ;-)

Any other stuff you see in logs outside normal call flow (any rule
violation in Asterisk that generates a security log entry), log it, trigger
a fail2ban block with a script, but do this for a week or more.  The
security logging in Asterisk is very useful, but it'll be up to you to
figure out how you want to integrate the log entries generated into
actionable information, and what actions you want to perform.  Personally I
like to consolidate all my logs using a tool like Rsyslog or Graylog
(pub-subs are good for this type of logic and archiving), so that I can get
a bigger picture look at what's happening on my network.  The firewall and
your Asterisk have to kind of work together to create an environment that
is conducive to good business, while keeping the bad guys out.

An analogy: think of it like the firewall is the police, and Asterisk or
really anything behind the firewall are the citizens.  If none of the
citizens calls the police to tell them they don't like something, the
police never do anything to fix it.  Fail2ban and the scripted rules based
on logging data are the city ordinances to be enforced with slaps on the
wrist and fines, and the firewall rules are the basic "ten commandments"
laws (if you will) the firewall can enforce if it sees someone breaking
them, by sending them to jail or deporting them.

Keep your logs, rotate them, back them up.  If someone from DoD or more
likely the FBI gets in touch with you or your ISP asking why you're probing
a government phone system, that's probably when you're going to want to
have your logs available, and be able to demonstrate you've taken steps to

Re: [asterisk-users] OT: Explain where mailing list bouncing comes from ?

2017-06-16 Thread Tim S

I'd hazard to say it probably is Digium's "fault", this was a recent and
now consistent problem, which started within the last month or so.  I'm on
7 other Linux-related mailing lists which all use similar mailer daemons,
and none have this issue.  I have been subscribed to Asterisk
Users/Developers for over two years without issue.

Since the mailing-list system is seeing "bounces" on outbound, and I am not
when transmitting INTO the mailing list - this tells me that outbound
emails from the mailing-list system to Gmail are getting returned because
of some characteristic (either content, TX security functionality, or
mailer system configuration).  Mail being sent by Digium (even as a conduit
for user communications) can only be diagnosed by Digium.  I'd imagine that
if the mail admin looked at how many bounce emails have since been sent
over time, there will be a spike that can be correlated to:
* sender email addresses
* email subject/body content,
* a change they made in their system,
* a change they were supposed to make to their system but failed to.

And to the person who suggested using a non-free email, I do have those
accounts on my own mail system - but I don't use them for newsletters,
re-occurring bulletins, or public Linux mailing lists where "everyone" is
the receiver.  Not good web hygiene IMHO - like a white picket fence around
a yard, the general public can walk up and talk (to my Gmail), but I prefer
to only let family and friends through the gate and in the front door
(private email account).  This also makes filtering and spam detection much
easier while not sucking up my server time and storage space ;-).

My other issue is the quarterly password email reminder where the password
is sent in plain text... (facepalm).  Probably why spam has been a problem
on this board.

-Tim

On Fri, Jun 16, 2017 at 5:51 AM, John Novack  wrote:

>
> Jonathan H wrote:
>
> On 16 June 2017 at 08:38, J Montoya or A J 
> Stiles  wrote:
>
>
> It's hardly Digium's fault, if Google have decided that playing nicely with
> syntactically-valid messages doesn't fit their business model
>
> Not really Gmail's fault, either.  Someone above said they had the
> same problem with Comcast.net.
>
> Gmail complies with the relevant RFCs just fine. It's most likely
> simply because most people who use email, use Gmail.
>
> In addition, gmail properly implement SPF and DMARC checking.
>
> There's over 1 billion gmail account as of 2016, so that's why most
> people who are bouncing would be gmail.
>
>
> Correct Had another one yesterday
> Am on several other mailing lists that have no such issue.
> Something related to the mailer Digium uses or their ISP
>
>
> John Novack
>
> --
>
> Dog is my Co-pilot
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] OT: Explain where mailing list bouncing comes from ?

2017-06-15 Thread Tim S

Another "me too" (also Gmail).

 I just received my 4th "account suspended, too many bounces" email,
after having several days of lost mailing list content over a short
vacation break the last time.  When I notified the admin email account of
the failure, it seemed the responder missed the point about the emails,
saying the link had expired (it had been more than three days since I had
checked Gmail) - not seeming to notice that there was a problem with users
having errant email bounce account suspensions.

Whatever has been done, if anything, isn't working effectively.  At this
point I'd like to see some response from the mailing list admin about any
root-cause efforts, AFAIC this is starting to smear the Digium/Asterisk
brand's ability to handle IT related issues...  No response = no confidence
vote.

-Tim


On Tue, Jun 13, 2017 at 7:04 AM, Patrick L Archibald (PLA) ☮  <
patrick.archib...@gmail.com> wrote:

> Me too. Also gmail.
> R☮ck on, PLA
>
> Patrick L Archibald
> http://PatrickArchibald.com
>
>
> On Mon, Jun 12, 2017 at 4:26 AM, Jonathan H 
> wrote:
> > Me too, also gmail. I emailed the list owner a couple of days ago, but
> no reply.
> >
> > Is everyone else affected also forwarding to another email address
> > (gmail or not)?
> >
> > Could be wrong, but I'm guessing there may be an incorrect DMARC
> > policy somewhere - although this is the only fail I could find in the
> > headers.
> >
> > boun...@lists.digium.com;
> >dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
> >
> >
> >
> > On 12 June 2017 at 09:12, Steve Davies  wrote:
> >> I am also getting this, three or four times in the last month after
> years of
> >> no problems.
> >>
> >> I agree that Gmail is the likely common factor, but I would love to have
> >> access to these bounce messages to know whether it is actually an
> >> overly-paranoid list server!
> >>
> >> Steve
> >>
> >> On Mon, 12 Jun 2017 at 09:09 Andrew Furey 
> wrote:
> >>>
> >>> Ditto; a Gmail issue?
> >>>
> >>> Andrew
> >>>
> >>> On 12 June 2017 at 16:00, Marcelo Terres  wrote:
> 
>  It is happening the same with me.
> 
>  Regards,
>  Marcelo H. Terres 
>  IM: mhter...@jabber.mundoopensource.com.br
>  https://www.mundoopensource.com.br
>  https://twitter.com/mhterres
>  https://linkedin.com/in/marceloterres
> 
> 
>  On 12 June 2017 at 08:07, Olivier  wrote:
>  > Hello,
>  >
>  > I'm a faithful reader of this mailing list, for several years now.
>  >
>  > Lately, I'm receiving emails asking me to re-enable my list
>  > subscription due
>  > to "excessive bouncing".
>  >
>  > What does this exactly mean and why am I receiving this ?
>  > Beside re-enabling my subscription, what can I do to improve things
> ?
>  >
>  > Regards
>  >
>  > --
>  > 
> _
>  > -- Bandwidth and Colocation Provided by http://www.api-digital.com
> --
>  >
>  > Check out the new Asterisk community forum at:
>  > https://community.asterisk.org/
>  >
>  > New to Asterisk? Start here:
>  >   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>  >
>  > asterisk-users mailing list
>  > To UNSUBSCRIBE or update options visit:
>  >http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>  --
>  _
>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
>  Check out the new Asterisk community forum at:
>  https://community.asterisk.org/
> 
>  New to Asterisk? Start here:
>    https://wiki.asterisk.org/wiki/display/AST/Getting+Started
> 
>  asterisk-users mailing list
>  To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Linux supports the notion of a command line or a shell for the same
> >>> reason that only children read books with only pictures in them.
> >>> Language, be it English or something else, is the only tool flexible
> >>> enough to accomplish a sufficiently broad range of tasks.
> >>>   -- Bill Garrett
> >>> --
> >>> _
> >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >>>
> >>> Check out the new Asterisk community forum at:
> >>> https://community.asterisk.org/
> >>>
> >>> New to Asterisk? Start here:
> >>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
> >>>
> >>> asterisk-users mailing list
> >>> To UNSUBSCRIBE or update options visit:
> >>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >> --
> >>

Re: [asterisk-users] How to detect fake CallerID? (8xx?)

2017-05-10 Thread Tim S

Rather than that, if you're looking for a phone solution - as part of the
customer contract, install an IP phone that registers with your system (use
a VPN tunnel to your phone system).  Think of it like a "red-phone"
hotline.  You own the phone, and you physically install it and it only
talks to your system via a SIP registration.  That way you can confirm the
physical source of the call origination, and you can control what the phone
will be able to call (make a to speed dial a base-64 address - something
that can't be dialed with a conventional phone line, block all other
outgoing numbers).  A nice side effect of this is that you give your
employees/contractors a fixed and predictable way of getting in touch with
management if there is a problem (just another speed-dial number).

Keep in mind that without a "Something you are" factor of authentication,
people have the escape route of telling their coworker "hey log me in...".
Fingerprint, hand scan, or retina reading are the most common ways to
verify the presence of a live person at a fixed point.

It's unfortunate that you have this problem, I've seen it before though.
To paraphrase Jeff Goldbloom's Dr. Malcom in Jurasic Park: "Life finds a
way...".  I have been shocked and amazed at the ingenuity of people to be
lazy and cheat or game a system.  What you are running into is the same
problem we have with websites - if you don't 100% control the end to end
communication and the devices, you can't trust any data coming into your
system!!!

A common way for security patrol auditing is to install iButtons with a
unique 64-bit number and a secure transaction function.  A patrol or
janitor would have to physically touch the read to the iButton at specified
way-points for a read to occur and be logged, and the patrol or janitor
turns in the reader after every shift for download and auditing.

-Tim

On Wed, May 10, 2017 at 8:11 AM, Steve Edwards 
wrote:

> I have a 'time and attendance' application. Think janitorial or security
> kind of thing where an employee goes from location to location.
>
> They're supposed to 'clock in' when they get to a site using a phone at
> that site to prove they're there.
>
> Some employees have discovered 'fake caller ID' services can be used to
> say they're on site when they are not.
>
> How can I detect a fake CallerID? The INVITE looks the same to me.
>
> If I have the employees call an 8xx number, can I ask my SIP provider to
> include more headers to show the real ANI? What would that service be
> called?
>
> --
> Thanks in advance,
> -
> Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
> https://www.linkedin.com/in/steve-edwards-4244281
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>  https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Call does not go to voicemail

2017-05-08 Thread Tim S

So, good, we're on the same page so far I think.

As I last stated, the original code suggestion would be what you want to do
for the serial phone ring-down (hunt), now you just need to figure out why
your Line_2 phone is answering and then hanging up immediately (or why
Asterisk thinks it is).

I'd recommend sniffing the network traffic with Wire Shark and turning on
some of the debug options in Asterisk to hunt down if it's the phone or an
Asterisk quirk that is tripping up the system.  We'll need more debug and
error text to go any further with the Line_2 problem, unless someone much
better than me can chime in with an idea...  I presume you've already done
the simple stuff like make sure your network is solid and that the phone
firmware is up to date and stable.

I'll also take a moment as an aside to suggest that you move away from
numerical device and user names for SIP and move to text based names which
have local meaning.  The numerical names are easy to be hacked, as bad-guys
scripts easily walk the possibilities sequentially.  I find it also helps
to use extension names in the dial plan that have meaning so that I can
keep track of them.  When a user calls an extension, the number they enter
can feature a "Goto" with a text entry in the dial plan.  This makes it
harder for those at a phone to go places in your phone system they
shouldn't.

-Tim

On Mon, May 8, 2017 at 4:51 PM, <the...@sys-concept.com> wrote:

> On 05/08/2017 04:37 PM, Tim S wrote:
> > The "error" I was talking about was in your log:
> >
> > "...== Spawn extension (extensions, 4, 3) exited non-zero on
> > 'IAX2/home_server-6364'..."
> >
> > The call terminated here in a error which prevented the dialplan from
> > continuing.  Something there is broken, my recommendation is to check
> > you registrations first inside asterisk:
> >
> >> sip show peers
>
> "sip show peers" is showing FD_L2 (SIP/54 is registered)
> Name/username HostDyn
> Forcerport ComediaACL Port Status  Description
> 12(Unspecified)D  No
>No 0Unmonitored
> 4/4   10.10.0.8D  No
>No 5060 Unmonitored
> 54/54 10.10.0.15   D  No
>No 5060 Unmonitored
>
> > Something wasn't "happy" about SIP/54 in your system when Asterisk tried
> > talking to it.
> >
> > So you tried this:
> >
> > "...
> > Even when I put:
> > exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2)
> > exten => 4,n(line2),Dial(${FD_L2},20,trw)
> > exten => 4,n(line2),Voicemail(4)
> > ..."
> >
> > What that will do is go to the first instance of "4,n(line2)", which is
> > the line that seems to be triggering the channel failure.  If you have
> > the Asterisk console open, I'll bet you see it spew some errors when you
> > try that extension routine.
> >
> > Asterisk dial plans are a serial processes, the first line that Asterisk
> > comes across that meets the matching for a given extension and label is
> > what it will run first.  What you have is two lines that will match both
> > extension and label - that's not really good form.
> >
> > My dial plan suggestion from last night would result in the
> functionality:
> >
> > Ring extension 4/Line_1, timeout 25 seconds --> if not busy then
> > voicemail, else ring extension 4/Line_2, timeout 20 seconds -->
> voicemail.
> >
> >
> > Again, I think you have two problems, and the bigger one is causing the
> > annoying unexpected behavior in your dial plan
> >
> > Try doing the extension 4 without the Line_1 and see what happens:
> >
> > "...
> > exten => 4,1,Dial(${FD_L2},20,trw)
> > exten => 4,n(vmail),Voicemail(4)
> > exten => 4,n,Hangup()
> > ..."
>
> I have tired the above plan with small change 4,n,Voicemail(4) (as there
> is no gotoif statement)
> So:
> exten => 4,1,Dial(${FD_L2},20,trw)
> exten => 4,n,Voicemail(4)
> exten => 4,n,Hangup()
>
> Line 2 is ring OK, and if nobody pickup the phone it goes to
> "Voicemail(4)" so this part is working; there were no errors on the command
> line.
>
> [snip]
>
> But I've tired it again, this dialplan) as before and you are correct
> something is wrong but command line is not showing any errors:
>
> exten => 4,1,Dial(${FD_L1},25,trw)
> exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"

Re: [asterisk-users] Call does not go voicemail

2017-05-08 Thread Tim S

The "error" I was talking about was in your log:

"...== Spawn extension (extensions, 4, 3) exited non-zero on
'IAX2/home_server-6364'..."

The call terminated here in a error which prevented the dialplan from
continuing.  Something there is broken, my recommendation is to check you
registrations first inside asterisk:

> sip show peers

Something wasn't "happy" about SIP/54 in your system when Asterisk tried
talking to it.

So you tried this:

"...
Even when I put:
exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2)
exten => 4,n(line2),Dial(${FD_L2},20,trw)
exten => 4,n(line2),Voicemail(4)
..."

What that will do is go to the first instance of "4,n(line2)", which is the
line that seems to be triggering the channel failure.  If you have the
Asterisk console open, I'll bet you see it spew some errors when you try
that extension routine.

Asterisk dial plans are a serial processes, the first line that Asterisk
comes across that meets the matching for a given extension and label is
what it will run first.  What you have is two lines that will match both
extension and label - that's not really good form.

My dial plan suggestion from last night would result in the functionality:

Ring extension 4/Line_1, timeout 25 seconds --> if not busy then voicemail,
else ring extension 4/Line_2, timeout 20 seconds --> voicemail.


Again, I think you have two problems, and the bigger one is causing the
annoying unexpected behavior in your dial plan

Try doing the extension 4 without the Line_1 and see what happens:

"...
exten => 4,1,Dial(${FD_L2},20,trw)
exten => 4,n(vmail),Voicemail(4)
exten => 4,n,Hangup()
..."

I'll bet Line_2 never rings (which is indicative of the problem).

-Tim

On Mon, May 8, 2017 at 8:21 AM, <the...@sys-concept.com> wrote:

> Thank you for the input Tim.
> Yes, that worked.
>
> exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2:vmail)
> exten => 4,n(vmail),Voicemail(4)
>
> Though, I'm not sure why are you saying line 2 is FD_L2 needs to be fixed.
> Do I need to removde "t", the call can not be transferred?
>
> Even when I put:
> exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2)
> exten => 4,n(line2),Dial(${FD_L2},20,trw)
> exten => 4,n(line2),Voicemail(4)
>
> The call (line2) would dial "FD_L2" but would not jump to next line
> "Voicemail"
>
>
> --
> Thelma
>
> On 05/08/2017 12:19 AM, Tim S wrote:
> > The way you have the GotoIf is making it so that no matter what the busy
> > condition of the line, it will execute the next line in the dial plan.
> > What you'd need is an "if" or "then" which goes to a tagged line in the
> > dial plan.  How it reads now is: "If [busy] then line2, else execute
> > next line".  Also you are saying "extension 4 is not busy", but
> > extension 4 is a dialplan extension - while physical extensions "FD_L1"
> > and "FD_L2"  appear to be the devices which are not busy, you need to be
> > clear and keep it straight in your head and text to get the best help...
> >
> > According to your log, nobody picked up after the 25 second timeout on
> > FD_L1, so the dial status would have been NOANSWER, which would result
> > in your gotoif test having a FALSE.  Since you didn't specify what the
> > gotoif should do if the busy test failed, it just executes the next line
> > which is to call the second line (FD_L2), which it does.  Then it looks
> > like you have an error with the second line which causes the call to
> > terminate, at which case it terminates the channel and never gets to
> > voicemail.
> >
> >
> > So it looks like two problems, 1) your FD_L2 physical extension is
> > buggy, and 2) you need to label the voicemail entry point and jump to it
> > if the FD_L1 was any other state but BUSY.
> >
> >
> > "...
> > exten => 4,1,Dial(${FD_L1},25,trw)
> > exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2:vmail)
> > exten => 4,n(line2),Dial(${FD_L2},20,trw); <--- fix me!!
> > exten => 4,n(vmail),Voicemail(4)
> > exten => 4,n,Hangup()
> > ..."
> >
> >
> > -Tim
> >
> >
> > On Sun, May 7, 2017 at 9:21 PM, <the...@sys-concept.com
> > <mailto:the...@sys-concept.com>> wrote:
> >
> > Call is not forwarded to voicemail in below dial plan, why?
> >
> > exten => 4,1,Dial(${FD_L1},25,trw)
> > exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2)
> > exten => 4,n(line2),Dial(${FD_L2},20,trw)
> >

Re: [asterisk-users] Call does not go voicemail

2017-05-08 Thread Tim S

The way you have the GotoIf is making it so that no matter what the busy
condition of the line, it will execute the next line in the dial plan.
What you'd need is an "if" or "then" which goes to a tagged line in the
dial plan.  How it reads now is: "If [busy] then line2, else execute next
line".  Also you are saying "extension 4 is not busy", but extension 4 is a
dialplan extension - while physical extensions "FD_L1" and "FD_L2"  appear
to be the devices which are not busy, you need to be clear and keep it
straight in your head and text to get the best help...

According to your log, nobody picked up after the 25 second timeout on
FD_L1, so the dial status would have been NOANSWER, which would result in
your gotoif test having a FALSE.  Since you didn't specify what the gotoif
should do if the busy test failed, it just executes the next line which is
to call the second line (FD_L2), which it does.  Then it looks like you
have an error with the second line which causes the call to terminate, at
which case it terminates the channel and never gets to voicemail.

So it looks like two problems, 1) your FD_L2 physical extension is buggy,
and 2) you need to label the voicemail entry point and jump to it if the
FD_L1 was any other state but BUSY.

"...
exten => 4,1,Dial(${FD_L1},25,trw)
exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2:vmail)
exten => 4,n(line2),Dial(${FD_L2},20,trw); <--- fix me!!
exten => 4,n(vmail),Voicemail(4)
exten => 4,n,Hangup()
..."

-Tim

On Sun, May 7, 2017 at 9:21 PM,  wrote:

> Call is not forwarded to voicemail in below dial plan, why?
>
> exten => 4,1,Dial(${FD_L1},25,trw)
> exten => 4,n,GotoIf($["${DIALSTATUS}"="BUSY"]?line2)
> exten => 4,n(line2),Dial(${FD_L2},20,trw)
> exten => 4,n,Voicemail(4)
> exten => 4,n,Hangup()
>
> -- Called SIP/4
> -- SIP/4-0288 is ringing
> -- Nobody picked up in 25000 ms
> -- Executing [4@extensions:2] GotoIf("IAX2/home_server-6364",
> "0?line2") in new stack
> -- Executing [4@extensions:3] Dial("IAX2/home_server-6364",
> "SIP/54,20,trw") in new stack
>   == Using SIP RTP CoS mark 5
> -- Called SIP/54
> -- SIP/54-0289 is ringing
>   == Spawn extension (extensions, 4, 3) exited non-zero on
> 'IAX2/home_server-6364'
> -- Hungup 'IAX2/home_server-6364'
>
> Extension 4 is not BUSY (just nobody pickup the call) so why isn't call
> going to "Voicemail" it shouldn't ring FD_L2 (SIP/54)
> Why isn't it going to "Voicemail"?
>
> --
> Thelma
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-22 Thread Tim S

Exactly.

If one's external access control is set correctly, you should basically
never see any outside attack traffic at your Asterisk box (you've see it in
the firewall logs instead).

Following the concept of "least privileges" is where you should start if
you have Asterisk attached to a SIP service you pay for.  If you have one
SIP provider, the only IP address (or IP pool/range) that should talk to
your Asterisk box from outside your firewall is exclusively the servers of
your SIP provider.  Everything else should be "dropped" (no response at
all).

Google "GRC Shields Up" and run that free port scanner to see what you have
open, closed or what they call "stealth" (dropped).  If a firewall is setup
correctly, port 5060 should appear "stealth" from any IP address other than
your service provider.

You can also Shodan yourself: "https://www.shodan.io/host{yourPublicIP}; -
but Shodan doesn't tell you whether the packets are dropped or rejected.
In general you want your public IP to only show services on Shodan that you
intend every random request to get access to - for example a public web
server on port 80 and 443.

It's a good idea to review these resources often (once a quarter, once a
month, once a week - your choice), especially after any software or
hardware changes on your network.  You may find something has been
misconfigured at installation, that you would need to address.

Best

-Tim

On Fri, Apr 21, 2017 at 9:53 AM, Victor Villarreal <mefhigos...@gmail.com>
wrote:

> Hi David, Tim,
>
> Try to use Bail2Ban at last resort. Fail2Ban is a ractive approach, that
> permit the traffinc AND ONLY BLOCK them after certain level triggered.
>
>
> Use iptables to block the unused services faced to public networks like
> Internet. And configure these services properly, so they listen only
> selected interfaces and IPs, and not from 0.0.0.0
>
> 2017-04-21 13:47 GMT-03:00 Tim S <tim.strom...@gmail.com>:
>
>> Is that IP in your network or outside (I can ping it so I'm guessing it's
>> outside your network)?  Do you have a firewall between your asterisk box
>> and the internet?  Is there a WHITELIST of IP addresses that only allow
>> your provider's limited IP pool to connect to your asterisk box from
>> outside?
>>
>> If you are getting TFTP requests hitting your Asterisk box, they are not
>> properly being filtered at your firewall - ftp and tftp are considered
>> insecure communication methods, that port (69 I think) should be closed on
>> your firewall unless you have a really good reason to have it opened (and
>> unless you run a public FTP site, THERE IS NO GOOD REASON).
>>
>> Fail2Ban is a BLACKLIST method, blacklists are most effective after good
>> network hygiene is implemented, as you drastically limit the pool of
>> potential bad actors with a whitelist.
>>
>> Best,
>>
>> -Tim
>>
>> On Fri, Apr 21, 2017 at 9:38 AM, Dovid Bender <do...@telecurve.com>
>> wrote:
>>
>>> This is old news. They use Shodan and then try to connect. Set up
>>> Fail2Ban that say after 10 404's to ban the IP.
>>>
>>>
>>> On Fri, Apr 21, 2017 at 12:27 PM, Jerry Geis <jerry.g...@gmail.com>
>>> wrote:
>>>
>>>> I "justed" happened to look at /var/log/messages...
>>>>
>>>> I saw:
>>>> Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
>>>> 0004f2034f6b.cfg
>>>> Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
>>>> 0004f2034f6b.cfg
>>>> Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename
>>>> 0004f2034f6c.cfg
>>>> Apr 21 12:18:40 in.tftpd[22720]: Client 69.64.57.18 File not found
>>>> 0004f2034f6c.cfg
>>>> Apr 21 12:18:40 in.tftpd[22721]: RRQ from 69.64.57.18 filename
>>>> 0004f2034f6d.cfg
>>>> Apr 21 12:18:40 in.tftpd[22721]: Client 69.64.57.18 File not found
>>>> 0004f2034f6d.cfg
>>>> Apr 21 12:18:40 in.tftpd[22722]: RRQ from 69.64.57.18 filename
>>>> 0004f2034f6e.cfg
>>>>
>>>> so basically an sequential read of polycom MAC address config files.
>>>> Some is trying to read to determine if I have any polycom files just
>>>> sequential read after read.
>>>> And if so - it would get any extension and password at that time.
>>>> Luckily I have none.
>>>>
>>>> However - how does one block attempts like this ?
>>>>
>>>> Thanks!
>>>>
>>>> Jerry
>>>>
>>>> --
>>>> _

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Tim S

Is that IP in your network or outside (I can ping it so I'm guessing it's
outside your network)?  Do you have a firewall between your asterisk box
and the internet?  Is there a WHITELIST of IP addresses that only allow
your provider's limited IP pool to connect to your asterisk box from
outside?

If you are getting TFTP requests hitting your Asterisk box, they are not
properly being filtered at your firewall - ftp and tftp are considered
insecure communication methods, that port (69 I think) should be closed on
your firewall unless you have a really good reason to have it opened (and
unless you run a public FTP site, THERE IS NO GOOD REASON).

Fail2Ban is a BLACKLIST method, blacklists are most effective after good
network hygiene is implemented, as you drastically limit the pool of
potential bad actors with a whitelist.

Best,

-Tim

On Fri, Apr 21, 2017 at 9:38 AM, Dovid Bender  wrote:

> This is old news. They use Shodan and then try to connect. Set up Fail2Ban
> that say after 10 404's to ban the IP.
>
>
> On Fri, Apr 21, 2017 at 12:27 PM, Jerry Geis  wrote:
>
>> I "justed" happened to look at /var/log/messages...
>>
>> I saw:
>> Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
>> 0004f2034f6b.cfg
>> Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
>> 0004f2034f6b.cfg
>> Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename
>> 0004f2034f6c.cfg
>> Apr 21 12:18:40 in.tftpd[22720]: Client 69.64.57.18 File not found
>> 0004f2034f6c.cfg
>> Apr 21 12:18:40 in.tftpd[22721]: RRQ from 69.64.57.18 filename
>> 0004f2034f6d.cfg
>> Apr 21 12:18:40 in.tftpd[22721]: Client 69.64.57.18 File not found
>> 0004f2034f6d.cfg
>> Apr 21 12:18:40 in.tftpd[22722]: RRQ from 69.64.57.18 filename
>> 0004f2034f6e.cfg
>>
>> so basically an sequential read of polycom MAC address config files.
>> Some is trying to read to determine if I have any polycom files just
>> sequential read after read.
>> And if so - it would get any extension and password at that time.
>> Luckily I have none.
>>
>> However - how does one block attempts like this ?
>>
>> Thanks!
>>
>> Jerry
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] RS485 Audio device

2016-11-02 Thread Tim S

Before walking down this path, take a moment to think critically: How far
away is the AoR from the attendant station?  Does there need to be local
rescue/fire service access to the communications?  How reliable does the
link need to be?  Will power always be available when the AoR pone is
required to function?

I did a 27mA powered intercom system at a chemical plant a bit over decade
ago, the old analog circuits are dead simple - just a battery (or a double
battery-backed power supply in my case), a current regulator and an audio
bypass cap to make a simple audio loop.

If that's too much hardware, there are still sound-powered phones produced
- very common in mining and maritime.  An SIP phone can be wired into a
sound powered phone circuit, where the preferred usage would be talking via
SIP phone, but if all powered failed the sound-powered devices on the line
would still make a complete audio circuit.

Just a thought...

-Tim

On Wed, Nov 2, 2016 at 1:30 PM, Sylvain Rochet 
wrote:

> Hi,
>
> On Wed, Nov 02, 2016 at 04:21:07PM -0400, Eric Wieling wrote:
> > If cable can be pulled , you have a couple of options.
> >
> > Long Reach Ethernet from Cisco is rated for 5,000 feet. Multi-mode fiber
> > with fiber/ethernet media converters on each end would work and
> electrically
> > isolate the two ends of the cable. Both are way overkill from a capacity
> > standpoint, but sometimes there's nothing wrong with overkill. Put an
> ATA on
> > the far side.
>
> We are using Westermo products for this case. Westermo DDW-120 is rated
> up to 15 km (@ 192 kbit/s), higher speed is indeed achieved for shorter
> lengths.
>
> It's not cheap, but it works well, even in harsh industrial
> environments.
>
> Sylvain
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] cloud solution?

2016-09-27 Thread Tim S

I run Asterisk on a virtual Ubuntu machine.  You can install Asterisk in
Docker as well and make it portable across basically any platform that can
run docker containers (it's  hard to find a cloud provider that DOESN'T
support docker now).

I imagine that soon even Snappy containers will be an option for Asterisk
directly from Digium, but for now you can do that yourself ;-)

-Tim

On Tue, Sep 27, 2016 at 11:58 AM, Jonathan H  wrote:

> Something like this?
> https://github.com/lardconcepts/asterisk-digitalocean-voipfone-config/
> blob/master/Asterisk-13-on-Ubuntu.md
>
> On 27 September 2016 at 19:31, Ryan, Travis  wrote:
> > So if someone has their own hardware and infrastructure but wants a
> software
> > (not FreePBX but perhaps similar) what options do we have? Would like to
> > virtualize it and not stuck with any one virtualization technology.
> >
> > Discuss… :)
> >
> > Travis
> >
> > --
> > _
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >
> > Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
> >   http://www.asterisk.org/community/astricon-user-conference
> >
> > New to Asterisk? Start here:
> >   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
>   http://www.asterisk.org/community/astricon-user-conference
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

2016-09-21 Thread Tim S

Sounds like a firewall setting to me.  If you can ping, then Internet
Control Message Protocol (ICMP) packets are allowed, but if SIP traffic is
returning the ICMP Type 3 (code 13) response, then your SIP ports are
blocked (at least the firewall admin was nice enough to leave the reason
code messaging enabled).

Get in touch with your firewall admin and have them forward TCP/UDP 5060,
4569, 5036, and UPD 1:2 and 2727 to your Asterisk box IP address.
Make sure they white-list the traffic they pass, so get the IP adress(es)
of your ITSP and only have the firewall accept traffic on those ports from
that(those) address(es).  That's your first line of defence on toll fraud.

If the firewall has a VoIP helper function that opens up UDP ports as
needed during a session start, that should reduce your attack surface too.

-Tim

On Wed, Sep 21, 2016 at 3:15 AM, Olivier  wrote:

> Hello,
>
> I've got a remote system that is plagued with a strange issue.
>
> It happens from time to time.
> Yet, I've not found any condition that trigger this phenomenon.
>
> Here is my setup:
>
> -   PSTN  <---> ITSP <--SIP trunk--> Router <> Switch <> Asterisk
> box
>
> |
>
> |
>
> SIP Phones
>
> - Asterisk box is a Raspi/Rasbian with Asterisk 1.8.13
> - Switch is DLink DGS-1210-10P
> - Router is Zyxel box (I don't manage it)
>
>
> I see (with Asterisk console) that Asterisk is sending OPTIONS/REGISTER
> requests.
>
> With tcpdump and wireshark, I see that :
> 1. those OPTIONS/REGISTER messages are sent to my ITSP gateway (IP src is
> Asterisk box, IP dst is ITSP gateway)
> 2. my router replies (within 30ms)  with something Wireshark presents as
> an ICMP message like this:
>  ICMP491Destination unreachable (Communication administratively
> filtered) ( (IP src is router box, IP dst is Asterisk box)
>
>
> While this happens, I can successively ping my ITSP gateway.
>
> Searching the web, I found [1] and [2].
>
> 1. Is it common to get an ICMP reply to a SIP message ?
> 2. Any advice or suggestion ?
>
>
> [1] https://ask.wireshark.org/questions/26667/have-packet-
> capture-somethings-wrong
> [2] http://www.tahi.org/sip-ipv6/ua6/doc-1.0/sip-ipv6-tm/icmp/
> UA-15-2-1.html
>
>
> Best regards
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
>   http://www.asterisk.org/community/astricon-user-conference
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Blacklist callers from file

2016-08-30 Thread Tim S

Hi Kevin,

Looks like your gmail did the same thing mine did, took the conversation
off-list (unless you meant to do that).

If as you mention you're running a mix of POTS and SIP, I'd recommend
sticking with the transfer call method (set the hook/trigger in the
features.conf file).  That way if anyone picks up ANY phone in your house
they have a consistent procedure for dealing with those calls.  It will add
to the confidence of your users and will score points with wife not having
to learn and remember several procedures - a label with the hint would go a
long way here.

That's what I'll be doing for my aging parents, who feel helpless to the
effect of the bothersome calls, and don't want a complicated solution to
the issue.

-Tim
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Blacklist callers from file

2016-08-29 Thread Tim S

l me more about your phones to know what you are doing
with called user prompts.  You can enter the numbers into the DBs manually
from the console using the DB commands: https://wiki.
asterisk.org/wiki/display/AST/Asterisk+Internal+Database

I hope this makes sense...

Second part:

One more thing, I didn't mention when I cut down the code, which is good
food for thought - I also have a "whitelist" for friends and family.  This
is the better way for a public facing phone number, people you know who
will call you, you can skip most of the boring stuff if you "trust" the
source phone number.

I do call screening on all incoming calls, unless they are on the
whitelist.  How that works is similar, I screen once if it's a new number,
and the file-name of the name they said during the screening recording is
saved to the the whitelist DB as:

CODE:

same=>n,Set(DB(whitelist\${CALLERID(num)}=${FILENAMEASVALUE}))

/CODE

That way when I get connected the next time they call, I get a phone call
from the home phone system, and instead of playing the screening prompt, I
get: "Connecting you to {recorded name}"

For a custom find-me-follow-me function, I wrote a menu that uses the 5
options:
1 = Connect me
2 = Connect me, add to whitelist
5 = Send to my Voicemail
7 = Add to Telemarketer list
9 = Add to Blacklist

That's done in a Macro and you could do that with basically any phone.  So
my basic process (with several omissions) is:

* New Incoming call
* Set up and filter variables
* Start a recording
* If it's a toll-free, do a "captcha" human-test
* Check if they are on the whitelist, if they are skip to the IVR
* Get rid of the new "easy" telemarketers
* Check if they are on the blacklist, get rid of them if they are
* Check if they are a known Telemarketer, get rid of them if they are
* Ask for the extension/user
* On user answer, If on the whitelist connect, if not screen
* If no answer, take a message.
-T

END OF REPOST...

Thread should be caught back up now (again, very sorry!!!).

I hadn't gotten to the Macro, as John hasn't responded yet anyway.

Kevin what phones are you using?  Depending on how your phones work, there
are various way to get this to happen.

If your phones don't have hot keys, a quick and dirty way to "kiss-off"
unwanted callers is to create an extension that an internal-called-user can
transfer the caller to.  You can even use a "dumb" touch-tone phone that
way.

Best,

-Tim

On Mon, Aug 29, 2016 at 2:31 PM, <kc6...@gmail.com> wrote:

> Tim, I would like to see the code for this. I also am a home user and I
> have been thinking of how I would do this same type of thing. Right now I
> have a black list db and it is manual. When the unwanted caller calls they
> go to a no one is here go away message and splash they are gone.  Your
> method and hot keys sounds very cool.
>
>
>
> -Kevin
>
>
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
> *From: *Tim S <tim.strom...@gmail.com>
> *Sent: *Monday, August 29, 2016 12:40 PM
> *To: *Asterisk Users Mailing List - Non-Commercial Discussion
> <asterisk-users@lists.digium.com>
> *Subject: *[asterisk-users] Blacklist callers from file
>
>
>
> I'm a home user (not business), but I implemented a blacklist function too
> after a harassing call to my wife.
>
>
>
> Using the Asterisk DB functions, I have a caller ID look-up function
> before my IVR-tree starts, a simple if then.  Lookup caller ID in
> blocked-caller DB, if found then I kick them to a short dialplan the plays
> a message telling them they've been blocked, then lets them record an
> "appeal" message.  If a user put someone in the Blocked DB, by accident,
> I'd want to have a way for someone to report it to me via phone.
>
>
>
> To add a number to the Blocked DB, the caller internal user is allowed a
> hot-key on the phone to block the caller in-call, or with screening they
> are given an option in the prompt.  When a new number is added to the
> Blocked DB, the call recording for the session is retained to be able to
> remember why it was blocked.  The Blocked DB will automatically unblock an
> entry after a year, to account for number changes, but the entry can be
> extended before it expires via an email response.
>
>
>
> I did a similar thing for Telemarketers, the phone numbers also
> automatically unblock, but only after a month, as most of the worst
> offenders I've come across don't stay with a phone number longer than a few
> weeks to avoid enforcement by the FTC.  For that I also have a hot key on
> the phones for "Telemarketer Goodbye", which adds to the DB while playing a
> "Remove me from your list and stop bothering me" message.  This gives my
> u

[asterisk-users] Blacklist callers from file

2016-08-29 Thread Tim S

I'm a home user (not business), but I implemented a blacklist function too
after a harassing call to my wife.

Using the Asterisk DB functions, I have a caller ID look-up function before
my IVR-tree starts, a simple if then.  Lookup caller ID in blocked-caller
DB, if found then I kick them to a short dialplan the plays a message
telling them they've been blocked, then lets them record an "appeal"
message.  If a user put someone in the Blocked DB, by accident, I'd want to
have a way for someone to report it to me via phone.

To add a number to the Blocked DB, the caller internal user is allowed a
hot-key on the phone to block the caller in-call, or with screening they
are given an option in the prompt.  When a new number is added to the
Blocked DB, the call recording for the session is retained to be able to
remember why it was blocked.  The Blocked DB will automatically unblock an
entry after a year, to account for number changes, but the entry can be
extended before it expires via an email response.

I did a similar thing for Telemarketers, the phone numbers also
automatically unblock, but only after a month, as most of the worst
offenders I've come across don't stay with a phone number longer than a few
weeks to avoid enforcement by the FTC.  For that I also have a hot key on
the phones for "Telemarketer Goodbye", which adds to the DB while playing a
"Remove me from your list and stop bothering me" message.  This gives my
users a bit of power as they don't have to be polite, or think of an
evasion to the sales person, they just need to push a button and hang up
the phone when they realize is a sales call.

I didn't want to publish code for this since it's a bit long winded, but it
should give you some ideas of things you want to consider.

Best,

-Tim

On Mon, Aug 29, 2016 at 9:20 AM, John Kiniston 
wrote:

> Here is a quick and dirty bash script to do it that I wrote you.
>
> #!/bin/bash
> if ( asterisk -rx "database deltree blacklist")
> then
> echo "Blacklist Cleared"
> else
> err "ERROR Failed to clear Blacklist, Exiting."
> exit 1;
> fi
>
> while IFS=, read TN REASON
> do
> if ( asterisk -rx "database put blacklist \"${TN}\" \"${REASON}\"")
>then
>echo "Inserted $TN $REASON to Blacklist"
>else
>  err "ERROR Insert Failed on $TN."
>  exit 1;
> fi
>
> done < blacklist.csv
> unset IFS
>
>
> It reads from the file blacklist.csv in the same directory with the format
> of NUMBER,"DESCRIPTION/REASON"
>
>
> On Sat, Aug 27, 2016 at 8:59 AM, tux john  wrote:
>
>> Hi. I would like to blacklist a few callers and I have been using the
>> *CLI> database put blacklist 1234 "annoying callers". Instead of putting
>> the same command for every user is there any way to have a file? Ideally a
>> file in /opt that I would update the blacklisted numbers (add,remove). Is
>> there anything like that, please?
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
>>   http://www.asterisk.org/community/astricon-user-conference
>>
>> New to Asterisk? Start here:
>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> A human being should be able to change a diaper, plan an invasion, butcher
> a hog, conn a ship, design a building, write a sonnet, balance accounts,
> build a wall, set a bone, comfort the dying, take orders, give orders,
> cooperate, act alone, solve equations, analyze a new problem, pitch manure,
> program a computer, cook a tasty meal, fight efficiently, die gallantly.
> Specialization is for insects.
> ---Heinlein
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
>   http://www.asterisk.org/community/astricon-user-conference
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:

Re: [asterisk-users] Toll free pattern matching

2016-08-05 Thread Tim S

Don't forget to handle the other special extension cases
 in
a [context].  What I find is a good practice is to write a root "catch-all"
(template), then I tag that onto any new [context](template).

[Special-Extensions]
exten -> a,1,NoOp(Where a call jumps when the caller requests the assistant)
exten -> e,1,NoOp(Catchall where a call jumps with an exception on the call)
exten -> h,1,NoOp(Where a call jump with a hang up)
exten -> i,1,NoOp(Where a call jumps if an invalid extension is entered)
exten -> o,1,NoOp(Where a call jumps when a caller requests an operator)
exten -> s,1,NoOp(Where a call jumps to when a new call starts in a context
if no extension is specified)
exten -> t,1,NoOp(Where a call jumps if the user did not enter a response
to Background or WaitExten)
exten -> T,1,NoOp(Where a call jumps when it exceeds the absolute TIMEOUT
value for a call).

[your-new-context](Special-Extensions)
...

-T

On Fri, Aug 5, 2016 at 7:53 AM, D'Arcy J.M. Cain  wrote:

> On Fri, 5 Aug 2016 09:26:03 -0500
> Richard Mudgett  wrote:
> > Dialplan will stay on the current series of extensions until it runs
> > out. If there isn't an explicit hangup
>
> So glad I asked.  I see now that it only worked because of the accident
> that the specific 800 extension and the generic one just happened to
> have the same number of priorities.  I have added explicit hangups.
>
> Thanks.
>
> --
> D'Arcy J.M. Cain
> System Administrator, Vex.Net
> http://www.Vex.Net/ IM:da...@vex.net
> VoIP: sip:da...@vex.net
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] VoiceMail and SMS

2016-07-16 Thread Tim S

How many users are you thinking of supporting?  For a large-scale setup you
might want to take a look at Kamailio as a front-end - if you even think
you're going to get a high user volume you may want to start out with a
Kamailio front-end so that you don't have to start over from scratch when
it outgrows an Asterisk only setup.

I prefer Debian/Ubuntu over RedHat/CentOS - but if you're thinking of using
this in a company environment, I'd recommend engaging with your IT people
to find out what THEIR preference is.

Planning capacity with the information you've provided is difficult - is
the network card 10Base-T, Gigabit, 100-gigabit?  Do you only have 56kbps
dial-up service to the server, or a full 10Gbps internet connection at a
carrier-neutral colocation datacenter on a fiber backbone?  Are the CPU
cores 15-year-old Pentium or a current Broadwell-E?  Are the CPU cores real
or on a massively over-provisioned VM host?  Do you have to do a bunch of
transcoding inbound and outbound?  Is the machine doing anything other than
voicemail?  In general, the maximum capacity is the point just before when
the quality begins to drop (about 90-95% total system load).  Not very
scientific I know, but the answer is extremely
hardware/infrastructure/setup dependent.

I haven't personally played with any of Asterisk's internal SMS
functionality, but I have been meaning to.  Since the earlier days I've
relied on the email functions to handle interfacing notifications.
Asterisk can send emails as a notification, so I configured the default
email to a notification handler, which would do a speech recognition on the
voicemail file, send an SMS using an SMSC (Nexmo in my case), and then send
an email to the user with a text transcript of the voicemail as well as the
audio file as an attachment.  I'm sure there's a better way now, I coded
this up a while ago.  My way is probably not the "right way", but like many
things with computers there is the way that works today, the way that works
better tomorrow, and eventually the best practice way that emerges after a
few years.  Gotta keep maintaining your work.

-Tim

On Fri, Jul 15, 2016 at 8:29 AM, Joaquin Alzola 
wrote:

> Hi Guys
>
> I am asking too many questions because we would like to use Asterisk first
> as a proof of Concept and check from there were it goes.
>
> - Does the Voicemail have the option of SMS notification on new drop
> messages (we have an SMSC so we will use that one).
> - What is the best Linux OS to install Asterisk in?
> - What throughput does it stand 1 machine with about 8GB Ram and 4 CPUs?
> We plan to add  couple but just checking for a single one.
> - Does it have a max capacity?
>
> Thanks for your time.
>
> BR
>
> Joaquin
> This email is confidential and may be subject to privilege. If you are not
> the intended recipient, please do not copy or disclose its content but
> contact the sender immediately upon receipt.
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Iridium integration / gateway

Re: [asterisk-users] Can anyone help with a quick app_record.c module improvement and can explain over-riding modules?

Re: [asterisk-users] Can anyone help with a quick app_record.c module improvement and can explain over-riding modules?

Re: [asterisk-users] SIP invite timeouts : how is someone sending invites from our server ??

Re: [asterisk-users] OT: Explain where mailing list bouncing comes from ?

Re: [asterisk-users] OT: Explain where mailing list bouncing comes from ?

Re: [asterisk-users] How to detect fake CallerID? (8xx?)

Re: [asterisk-users] Call does not go to voicemail

Re: [asterisk-users] Call does not go voicemail

Re: [asterisk-users] Call does not go voicemail

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

Re: [asterisk-users] RS485 Audio device

Re: [asterisk-users] cloud solution?

Re: [asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

Re: [asterisk-users] Blacklist callers from file

Re: [asterisk-users] Blacklist callers from file

[asterisk-users] Blacklist callers from file

Re: [asterisk-users] Toll free pattern matching

Re: [asterisk-users] VoiceMail and SMS

20 matches

Site Navigation

Mail list logo

Footer information