Faxing


  • Impossible Mission Players - A

    You can do that?
    I've been dinking around with Windows Server 2008 (Because x86, deal with it) to get Faxes working somewhat painlessly.

    Can Asterisk send faxes too?


    Filed under: I might just have found a new toy to screw with.


  • :belt_onion:

    @Tsaukpaetra said:

    Can Asterisk send faxes too?

    In general? Yes. Is it worth the pain? Depends... What kind of phone lines are we talking? POTS, ISDN, SIP? I'm guessing POTS if you're sending stuff from Windows...


  • Impossible Mission Players - A

    @Onyx said:

    What kind of phone lines are we talking
    That's a kind of tricky question. It's Kinda POTS from Cox, run from a dedicated NID (on the side of the house), but it's not old-school straight-copper-from-the-pole POTS.

    I've been trying to get the "Fax Server" to play nice with the answering machine (that nobody listens to the messages on) for almost a year now. At present, I only turn on the fax server when I need to make a fax (or am expecting a fax).

    If I could consolidate it to a single device, that would blow minds....


  • :belt_onion:

    Eh, should be doable, but my brain is currently shutting down and proper analysis will have to wait until morning :stuck_out_tongue:


  • Impossible Mission Players - A

    @Onyx said:

    have to wait until morning
    Eh, no worries. It's been several years in coming.
    I was seriously wrestling with it for a long time trying to get a modem to pass through to my primary Windows Server 2012 VM, but the character devices kept initializing weirdly...
    Then I had the idea of using an old laptop with a built-in conexant modem, and things started looking up, until I realized I couldn't take faxes and voicemail at the same time...



  • Allegedly, Digium Fax For Asterisk can send TIFF files as outbound faxes. I've never attempted it. Like all things fax, support will be best with honest-to-God copper lines (PSTN) and a good quality gateway. I'd be happy to try to help you munge things around, but again, my experience is limited.


  • :belt_onion:

    @izzion said:

    Allegedly, Digium Fax For Asterisk can send TIFF files as outbound faxes

    Confirmed. Works fairly well, tested on Asterisk 11 and 13, nothing extra installed (builtin fax module can handle it just fine). I even send it over SIP (T.30 even, no one has T.38 support around here) and it works something like 95% of the time.

    The biggest problem I had was, as I said, TIFF to PDF conversion - for sending faxes out both ghostscript and imagemagick can handle PDF (or any popular image format) to TIFF (once you get the parameters right), but for TIFF to PDF all I found is tiff2pdf and its stupid bug. Guess you could chain imagemagick into it and convert it to a "colour" image and then convert to PDF, because the bug is only triggered on monochrome files.


  • Discourse touched me in a no-no place

    @Onyx said:

    Guess you could chain imagemagick into it and convert it to a "colour" image and then convert to PDF, because the bug is only triggered on monochrome files.

    But since Imagemagick is open source, you could fix the bug yourself!



  • @Tsaukpaetra said:

    VM

    Euh yeah, faxes on VMs can be painful. There is no general pass through for modem or fax hardware (those are rather similar on the hardware level). And SIP (and others) are a pain because of timing issues but unless your VM is under heavy use or you want to send a lot of faxes, or the VM is not used, or the moon is in the wrong phase.

    @Tsaukpaetra said:

    I couldn't take faxes and voicemail at the same time...

    That works only if you have either two dedicated lines or a voicemail system that does fax tone detection e.g. the voicemail thing starts answering the call but detects half-way through the welcome message or even after the beep that there is a fax on the other side.
    That is an issue with the fax protocol is so old that it allows for very long delays, e.g. it was thought out in a world where people dialed a number and then pressing start on the fax machine and hung up.



  • I've successfully sent and received faxes with asterisk using HylaFAX

    There is also a web interface to send faxes (upload a PDF) and view received faxes (as PDF).
    I think it was this one : http://sourceforge.net/projects/faxy/

    Edit : you also need IAXModem. Old instructions but a good starting point


  • sockdevs

    We use E-FAX for this

    EFAX Free Trial

    it's not the best, but it does get the job done and lets us FAX our invoices out just by sending emails.


  • :belt_onion:

    @TimeBandit said:

    I've successfully sent and received faxes with asterisk using HylaFAX

    Never played with Hyla because you're stuck with POTS lines and a modem for that so...

    @TimeBandit said:

    There is also a web interface to send faxes (upload a PDF) and view received faxes (as PDF).I think it was this one : http://sourceforge.net/projects/faxy/

    Ah, should look at that, maybe it's better than Avant which is the only other decent one I know of. Gotta keep an eye on competition you see :stuck_out_tongue:

    @TimeBandit said:

    Edit : you also need IAXModem. Old instructions but a good starting point

    Add efax-gtk and you have everything you need... well, on Linux anyway :stuck_out_tongue:


  • :belt_onion:

    Also, yay for separate thread.

    Well, now we're out of status thread, I guess @Tsaukpaetra could explain the current setup and what resources he can use (machines, VMs...) in order to give him a proper suggestion instead of speculating.



  • @Onyx said:

    Never played with Hyla because you're stuck with POTS lines and a modem for that so...

    No, you just use IAXModem for that. And I've used it with a SIP trunk with about 95% success rate.
    You can have HylaFAX on the same server as Asterisk.
    The nice thing about this setup is, you can detect a FAX on any incoming trunk, then send it to IAXModem and have it forwarded to HylaFAX.

    No more FAX dedicated line.


  • :belt_onion:

    Seems like an overkill to add HylaFAX to the pipeline then:

    And then just call an AGI script that sends an email.

    Well, I guess it's easier to hook up a web UI to it, but if that's not a concern...



  • That's looks like the simplest solution.

    The advantage of using HylaFAX is probably for sending, you can install a FAX driver on your Desktop


  • Impossible Mission Players - A

    Oh sweet, I got the blessing of a Jeffing Nice! Anyways...

    @Onyx said:

    the current setup

    Apologies for the crude-ness, we don't have many drawing programs in my company.

    @Onyx said:

    what resources he can use (machines, VMs...)

    Up for grabs is a Dell Inspiron headless (but not armless) laptop, x86 non-PAE 1.6 GHz with 512 Mb ram. It's the "dedicated" fax server at the moment, currently set up with Windows Server 2008 R2 and joined to the home domain to provide the Fax printer (not entirely sure if being joined to the domain was necessary, documentation is really spotty about that). It's also supposed to monitor the main server's UPS, but that's... not quite working due to NUT misconfiguration (I think).

    I do have space on my primary server for another VM (I should really consider another RAM upgrade, 24 Gb isn't enough anymore :P ), but due to lack of hardware pass-through I would have to rely on some kind of network relay to communicate to the modem.

    What I'd like to do is centralize the POTS services into one and provide the Fax sending/receiving and voicemail services from one endpoint, probably using a web interface but just as likely using a file-share to drop PDFs or whatever.


  • :belt_onion:

    @TimeBandit said:

    The advantage of using HylaFAX is probably for sending, you can install a FAX driver on your Desktop

    That is convenient indeed. I got printing to fax working once, used tee4cups and intercepted the job but it's a bit... fiddly.

    Mind you, the hardest part of the procedure of emulating that on Asterisk is making some kind of application that can upload the file to the server and maybe start a script or two there.

    Do note that Hyla was made at the time any faxing for Asterisk was a commercial solution, that's where Hyla got its wings. These days it's a bit... obsolete.


  • Discourse touched me in a no-no place

    Port your number to these guys, use their fax and voice mail capabilities, and be done:


  • :belt_onion:

    Damned POTS making things harder... I'm kinda shaky on that front, but you'd need an FXO + FXS card or device of some kind to get the POTS line connected to the computer. At that point you should be able to use the VM just fine as well, since PCI/PCIe or a network interface can be forwarded no problem. You can then set up Asterisk to detect faxes and receive them, or just send call through to the phone/voicemail (you can just use built-in voicemail as well and get rid of the machine if you want). The fax machine can also stay or go, whatever is your preference.

    If you're fine with getting rid of the machinery an FXO card is enough, you can always use some kind of UI or a softphone to call into voicemail as needed ;)

    Otherwise it's a fairly simple setup I think. cc @izzion to check on my terminology, I skipped POTS/ISDN and went straight to SIP when I started this job, so my terminology / reasoning might be shaky :stuck_out_tongue:


  • Impossible Mission Players - A

    @lolwhat said:

    be done:


    Maybe.
    Not sure if the "owner" would go for that though. We're already paying too much for something we essentially don't use (I tried to lecture him on how, if the Internet is down, the phones will be down as well, and in case of emergency, it doesn't help you anyway. He didn't go for it).


    Filed under: I'm on the Highway to Hell.mp3



  • If you have POTS lines, you will need an analog card with FXO modules on it.

    I have two cards like that, each with 2xFXO + 2xFXS (Digium TDM2400). Those are PCI.

    If you want them, let me know and I will make you a really friendly price :smile:

    Edit : 2 FXO can receive 2 phone lines. 2 FXS you can connect 2 analog phones.



  • You should rewire so that the Cox input goes directly to the "in" on the security system, and then the "passthrough/out" of the security system goes to the distribution point to be split wherever. The security system is set up to depend on being able to cut off any other active call on the line if it needs to dial out, and sharing the line could cause your system to fail to dial out if you have an emergency.

    The biggest cost with pulling an analog line into Asterisk is the hardware to convert the PSTN line into SIP. I've had good success & reliability from the Cisco SPA8800. Unfortunately, it's not exactly an enthusiast priced product, and Cisco doesn't make an alternative with fewer input lines. It's probably still cheaper than a dedicated PC and a hardware interface card with 1 FXO (connect to phone company) plus 1 FXS (connect to phone(s) inside the house) port. Just make sure it has reliable power :D

    You can utilize the Free Fax for Asterisk license of Digium's driver to interface with the ATA, and then everything in terms of call routing (for both faxes and voice, including fax detection) would be handled by Asterisk.

    I would strongly NOT recommend porting the analog line into a SIP/VOIP provider until and unless you have converted your security system to use Ethernet/IP and/or Cellular (Wireless) telephone service. Using a SIP line and an adapter to provide "analog telephone" service to a security panel will give extremely Discoursean results. That said, you should probably start the process of investigating IP or Cellular service for the alarm panel, because eventually the financial incentives to keep physical lines in place will go away, and your carrier will very likely move you to SIP (with an ATA) at some point after that.


  • :belt_onion:

    @izzion said:

    Cisco SPA8800

    Ooooh, expensive stuff.

    We only need FXS working here and usually stick to Grandstream devices. Worked fine so far. Mind, they were never under any kind of significant load, but they wouldn't be here, either.



  • Yeah, FXO is pants-on-head retardedly expensive. And a pain in the ass, especially when you figure out that the original installer of the phone line wasn't too worried about minor concerns like grounding, so the phone line and electrical system have different grounds.

    Filed under: Replacement cost of units lost during storm season is not covered by my recommendations



  • Also, IIRC, Grandstream at one point had gateways that included FXO port(s) as well. I've heard decent things about reliability and configurability/support for Grandstream devices, but I have no personal experience with them, hence my recommendation for the devil I know.


  • Impossible Mission Players - A

    @Onyx said:

    FXO card

    @TimeBandit said:

    analog card with FXO modules on it.

    I'm assuming a standard modem (as found in a 2005-era laptop) doesn't fit this spec?

    @TimeBandit said:

    If you want them, let me know

    I'm game, already spent enough on interface hardware (two fax modems, cables, power supplies, usb adapter, IP-to-SIO card) that didn't work correctly enough.

    @izzion said:

    rewire so that the Cox input goes directly to the "in" on the security system
    Agreed. We haven't activated the security system anyways. It's on the to-do list for this upcoming summer.

    @Onyx said:

    Ooooh, expensive stuff.
    Yes, I'm expecting to service one line with maybe one user accessing it per month.

    @izzion said:

    investigating IP or Cellular service for the alarm panel,
    The system was a proof-of-concept (which is why it's not activated). I would have preferred that as well and just get rid of the POTS line, except keep the "owner"'s "emergency phone" hooked up.

    @izzion said:

    carrier will very likely move you to SIP (with an ATA)
    I'm pretty sure that the Cox NID is already there, it's VERY picky on what's on the lines.



  • @Tsaukpaetra said:

    I'm assuming a standard modem (as found in a 2005-era laptop) doesn't fit this spec?

    Asterisk, at least, won't work with a standard modem (out of the box -- I won't speak to whether or not you could manage to go full Open Source on it and hack something together), as its driver support won't know how to talk to the modem.

    Precision of timing is hugely important for hardware cards. I don't believe that Digium (parent company for Asterisk) even supports PCI Passthrough within a VM for their hardware cards. Hence the existence of gateway devices to allow you to convert PSTN to IP (or the reverse, if you have a user that simply has to keep their Wal-Mart phone instead of migrating to a SIP phone).

    Also, if you do go with an SPA8800 or @TimeBandit's hardware card, you should probably purchase a phone specific surge suppressor and properly install it to protect the SPA8800 from spikes coming in via the phone line. Your phone service will still die when the spike comes in and the surge suppressor clamps, but replacing a $25 surge suppressor is generally better than replacing the 8800 / hardware card & phone server.



  • @Tsaukpaetra said:

    I'm assuming a standard modem (as found in a 2005-era laptop) doesn't fit this spec?

    Only a specific chipset could be used in the past as an FXO, and it was a crappy solution (Intel V.92 537 or MD3200 soft modem chipset).

    What I have is this : http://www.ebay.com/itm/TDM410P-TDM400P-IPPBX-for-Asterisk-Trixbox-Elastix-w-3-FXS-1-FXO-module-VOIP-/151689838997



  • Also, I've used the Digium card that @TimeBandit has, and it works very well. Digium also has a PCI-e (x1) version of the card as well, if you don't have access to a PCI slot. The two caveats you need to be aware of are:

    1. As I referenced above, even if PCI Passthrough is supported by your hypervisor, you're going to be best off if you can use that card with a dedicated-hardware (bare metal) phone server.
    2. The driver for the hardware card has to be rebuilt from source (and requires the kernel-devel package) every time you update the kernel of your server. Which means you will have down time for the phone system after you reboot the server for the new kernel version until you rebuild the driver and restart the Asterisk service and underlying driver module.*

    *It's been a while since I've worked with Asterisk systems using a hardware card, there may be better ways now to ensure you get the driver module recompiled prior to the reboot for the new kernel, so that everything comes up all at once.



  • @izzion said:

    The driver for the hardware card has to be rebuilt from source (and requires the kernel-devel package) every time you update the kernel of your server. Which means you will have down time for the phone system after you reboot the server for the new kernel version until you rebuild the driver and restart the Asterisk service and underlying driver module.*

    A good solution (if your Asterisk is not exposed to the internet) is to tell yum/apt to ignore updates of the kernel.



  • Given that your Asterisk server is exposed to your network (for phone calls) which has computers that are exposed to the Internet (and that secretary that clicks on All The Links), I would argue your Asterisk server is never not exposed to the Internet.

    *Unless you use a separate, firewalled VLAN, and guarantee by pain of severe electrical shocks and death that your users will never ever ever plug a computer into the phone VLAN.


  • :belt_onion:

    @izzion said:

    I've heard decent things about reliability and configurability/support for Grandstream devices

    I can attest to the configurability. Web UI they use is ugly as sin, but it has every damned option you might want.

    Actually...

    EDIT: Wow, Discourse ate half of my post.

    Pretty sure that's the one I have connected to my testing machine. Not 100% sure though since this one claims to only have 4 FXO ports and no FXS so...


  • Impossible Mission Players - A

    @izzion said:

    dedicated-hardware (bare metal) phone server

    This is planned. I'm burned out on slicing it into a VM after my horrible experiences trying to pass through a frickin' serial port in. I mean, seriously, a SERIAL port running at 9600 baud routinely failed to maintain sync inside the VM.

    @izzion said:

    rebuilt from source (and requires the kernel-devel package) every time you update the kernel of your server.
    I don't plan on having too many kernel updates TBH, the system is not likely to be accessible outside of the house, and if I was going to export any functionality to the net, it would be through proxy anyways.

    @izzion said:

    server is never not exposed to the Internet.
    Well, no, it's never not exposed to the internet (thank ${deity} we haven't enabled IPv6 yet at least), but the utility gained by hacking into is is negligible at best. I mean, sure, they can get access to the voicemails, but who really needs to know that someone called in about "an important business matter, please call us at your earliest convenience"?

    @izzion said:

    separate, firewalled VLAN

    That test went... poorly. I just don't have the hardware/infrastructure to support it without everyone getting on my case about it.
    They're already whiney about how they can't connect to WiFi (after pressing the WiFi button that turns it off). They're going to be even worse when I tell them they can't use the pretty orange port for when "the wifi isn't working".


  • Discourse touched me in a no-no place

    @Tsaukpaetra said:

    He didn't go for it

    Easier to beg forgiveness than ask permission? :wink:

    BTW, please tell me one of those MP3's is Never Gonna Give You Up. :grin:



  • @Tsaukpaetra said:

    the utility gained by hacking into is is negligible at best.

    The utility gained by hacking into someone's phone server is thousands of dollars of toll fraud. So, unless you have already told Cox to disable all calls to international and premium (e.g. 1-900-) numbers on your line, you need to be very aware of best practices for securing your phone system.

    And besides, even if you do have those expensive toll fraud destinations blocked by Cox, you still don't want to be the guy whose phone system is used as a relay in a SWATing attack.


  • Impossible Mission Players - A

    Point.
    Authentication for calls then? IP calls aren't allowed? It sounds like I should go for security by obscurity.


    Filed under: Just because it's a maze, doesn't mean they won't just barrel through the walls



  • @izzion said:

    Precision of timing

    Analoge is all about timing andere it is almost never the same. I used to work with Dialogic cards back in the day when they where part of Intel. Those where expensive. I remeber those D4 cards with a 486 on it ... in 2005 or something. And you had to pay extra for the shitty driver.



  • There is a section of the Asterisk wiki that deals with recommended practices for securing the server: https://wiki.asterisk.org/wiki/display/AST/Important+Security+Considerations

    There are also a number of other write-ups that exist of dos and don'ts for phone servers, but the basics boil down to:

    1. Follow best practices for firewall and logging access to the server. Especially in external-access scenarios (remote workers, being an ITSP), use something like fail2ban for dynamic blocking of brute force attacks
    2. Keep your dialplan segments separated. BE EXTREMELY CAREFUL when using include statements to move calls around. You almost certainly don't want to use an include statement to let calls coming in from the outside dial-by-extension to get to a specific phone inside your office -- includes will cascade, so if [incoming-outside-calls] includes [users] which includes [place-outbound-longdistance-calls], then congratulations, you set up an open relay for phone service.
    3. Keep your underlying operating system up-to-date, especially to patch escalation of privilege and other bugs which might give an attacker access to read or modify configuration files.
    4. Don't run Asterisk as root. It's worth the extra setup time to make sure that the Asterisk process is a limited user that has read-only access to configuration files. Of note, though -- the Asterisk process still MUST have read access to your configuration files (duh), so you MUST keep Asterisk up to date whenever any remote code execution bugs are found -- if someone can read your sip.conf file, they could potentially impersonate a valid user on your system and then you're back to getting a "fun" phone bill.

    So, yeah, the basic security paradigm - be paranoid, log things (and have a process to review those logs), and keep security patches up to date. Even on a system that "isn't exposed to the Internet".

    /soapbox


  • Discourse touched me in a no-no place

    Yep. @Tsaukpaetra, put all that info in front of your boss. Then, let him decide whether it's worth dealing with this shit in-house, or just go with Anveo, which supposedly could take care of those details behind the scenes, and apparently you already know how to configure it (although it's very oriented toward power users).


  • Impossible Mission Players - A

    I hope to mitigate most of these by disallowing actual access to outbound dialing. I don't yet have any IP phones at all (it would be fairly pointless, nobody would use them), and the only thing that would be allowed dialing would be the fax-sending mechanism, which (I believe) I can lock down to only dialing 800 numbers and local numbers.

    Essentially, I'm not providing phone services to the house, I'm just making a digital voicemail/fax machine combo that can shove incoming messages onto a file share and deliver faxes once in a while.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.