<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="Open WebMail 2.20 20031014" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
<font size="2">So... if I understand this correctly, you're having problems with diverted calls FROM the Asterisk IVR not being able to authenticate on SER?
<br />
<br />Could you just add the Asterisk server to the trust tables and skip the auth process for calls coming back or would that create problems?
<br />
<br />N.
<br /><b>
<br />On Tue, 5 Sep 2006 21:16:45 +0100, Roberto Lopes wrote</b>
<br />> Hi to all!
<br />> I've a big problem with SER & Asterisk
<br />> I've a network where i put them working together.
<br />> Asterisk is the media gateway with PSTN as well as being the server
which is making all the services available (IVR, voicemail, conference
calls, etc).
<br />>
SER just routes calls either to the softphones, VoIP phones or to Asterisk who will just forward the calls to PSTN (via Asterisk).
<br />>
Till now everything works well except the service IVR which is working on Asterisk.
<br />>
<br />> Details:
<br />> <a href="http://192.168.226.13"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.226.13" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.226.13</a> - IP SER
<br />> <a href="http://192.168.226.45"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.226.45" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.226.45</a> - IP Asterisk
<br />>
<br />> The problem is only after the user (<a href="mailto:roberto@192.168.226.13">roberto@192.168.226.13</a> - authenticated and authorized in RADIUS) calls IVR.
<br />> Till then the user calls, IVR gives some information to the user and everything goes well.
<br />> Problem is when he presses a number which will have to redirect the call to another user.
<br />> And why is there a problem.
<br />> Because the initially <a href="mailto:roberto@192.168.226.13">roberto@192.168.226.13</a> to be able to call IVR had to rewrite host & port
<a href="http://192.168.226.45"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.226.45" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.226.45</a> so that the call would reach Asterisk who would then call to the IVR.
<br />> That rewriting turned <a href="mailto:roberto@192.168.226.13">roberto@192.168.226.13</a> into <a href="mailto:roberto@192.168.226.45">
roberto@192.168.226.45</a>. That is, I can say, that it became a "new user".
<br />> While it's on the IVR there's no problem, but when call is diverted it has to give its credentials...
<br />> Credentials that don't exist in RADIUS cause it only accepts usernames that end in @
<a href="http://192.168.226.13"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.226.13" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.226.13</a> (IP of SER)
<br />>
<br />> Here is the following code, both of extensions file in Asterisk and configure file of SER
<br />> I hope somebody knows how to solve it or at least find a way how to.
<br />>
<br />> extensions.conf - Asterisk
<br />>
<br style="font-style: italic;" /><span style="font-style: italic;"><span style="font-style: italic;">
[</span>sip]</span>
<br style="font-style: italic;" /><span style="font-style: italic;"></span><span style="font-style: italic;">exten => 74001,1,Answer
</span>
<br style="font-style: italic;" />
<span style="font-style: italic;">exten => 74001,2,SetMusicOnHold(default)
</span>
<br style="font-style: italic;" /><span style="font-style: italic;">exten => 74001,3,Set(TIMEOUT(digit)=5)</span>
<br style="font-style: italic;" />
<span style="font-style: italic;">exten => 74001,4,Set(TIMEOUT(response)=10)
</span>
<br style="font-style: italic;" /><span style="font-style: italic;">exten => 74001,5,Background(menu)</span>
<br style="font-style: italic;" />
<span style="font-style: italic;"></span>
<br />> <span style="font-style: italic;">exten => 1,1,Dial(SIP/roberto@192.168.226.13:5060,,r)
</span>
<br style="font-style: italic;" /><span style="font-style: italic;">...</span><span style="font-style: italic;"></span>
<br style="font-style: italic;" /><span style="font-style: italic;">exten => 7,1,Goto(sip,74001,1)
</span>
<br style="font-style: italic;" /><span style="font-style: italic;">exten => 8,1,Hangup
</span>
<br style="font-style: italic;" />
<br />>
<br />> ser.cfg - SER
<br />>
<br />> ...
<br />> if ((uri=~"^sip:7[0-9]{4}@.*")) {
<br />> route(5);
<br />> break;
<br />> };
<br style="font-style: italic;" /><span style="font-style: italic;">
<span style="font-style: italic;">...
<br />> </span></span>route[5] { # Redirecting to Asterisk
<br />>
# MsgLog
<br />> xlog("L_ALERT","(WARNING) Sending to Asterisk request of %fu to %tu\n");
<br />> rewritehostport("<a href="http://192.168.226.45:5060"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.226.45:5060" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.226.45:5060</a>");
<br />> route(1);
<br />> }
<br />> <span style="font-style: italic;"><span style="font-style: italic;"><span style="font-style: italic;">
<br />>
<br />> </span></span></span>Thanks for your help,
<br />> Roberto Lopes
<br />
<br />
<br />
</font>
</BODY>
</HTML>