I just installed Kamailio in one server and Asterisk in another. Asterisk loads it sipusers info from database which is in Kamailio server.
I don't know how to go further. How can I authenticate Asterisk users through Kamailio. I am trying to authenticate using a sipphone. But no luck.
I am missing alot here. I know we can add users using the following command
kamctl add username password
But I already have users in asterisk realtime db. Is there any difference? Awaiting your reply,
Thanks in advance,
It is very hard to answer this question correctly.
For anderstand answer you need read info about how sip works and how authentificate in openser/kamailio/opensips work.
Most valuable probably will be kamailio turtorials page
But also you have read sip RFC and general info about asterisk(for example ORelly's "Asterisk the Future of telephony book"
There are no way give you more correct answer, becuase you not specify what exactly you want to get.
For general load balancing setup you need authentificate user on kamailio(user have kamailio ip in UA's) after that forward call to asterisk.
For use kamailio as main point(trunk) for multiple asterisk you need create authorization for your asterisk box and put that info in both kamailio(usualy subscribers table) and asterisk.
Also make sure that your password is not too long , as there is some md5/ha1 challenge that doesn't like passwords to be extremely long.
kamailio_4.3.1 64bit form source
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
In Cuba, web access is extremely censored, so I created a tool that allows more than 50,000 people to browse the Internet through email. Cubans send me an email with an URL in the subject line, and I email them back with the response. Read more at https://apretaste.com.
It was working like a charm, till the communist government of Cuba started blocking my emails. My solution was rotation.
I started with Amazon SES, and I was changing the domain each time it was blocked, but Amazon adds a header to all emails, and once they blocked the header no email from SES was able to reach Cuba any more. The same happened with Mailgun and others, they all add headers.
Currently I am creating Gmail accounts and sending via SMTP, but Google blocks me for no reason and only allows to send 100 emails a day per account. Also I can only create few emails using the same IP address/phone, so I was forced to use anonymous proxies and fake Chinese phones. Now I am fighting a war on two fronts.
An email can be blocked by three parameters: IP address, domain, and email address.
It will be terrific if I can set up my own Postfix server at a VPS that auto-rotates the IP address. Even better if I can simulate "gmail.com", to avoid purchasing a new domain every day.
All the intents to create what I call "the ultimate sender" just either reach the spam folder or add unwanted headers making it too easy to block. I feel exhausted. I hit a knowledge barrier here.
I know I am crossing to the dark side, but this is for a very good cause. Thousands count on this service as their only source of unbiased news, social network and to feel part of the 21st century.
Can you please help me implementing "the ultimate sender", or pointing to another solution that I may be missing?
I have a few suggestions for you.
The first one relies on The Onion Router also known as Tor.
Since you are crossing to the dark side, why not also take a look into the darknet?
Take a look at this list of Tor email providers. If you have your own email server that can be accessed through Tor, it becomes much harder for anybody to stop people from using this service. After all, Tor was developed to offer people uncensored access to the web.
You can read about Tor in detail here, it uses Onion Routing and this is how you would set up your server to use Tor.
Here is an example how you could use it:
The steps that involve the setup, receiving an URL request and sending back the reply are as follows:
Set up an email server.
Configure your email server to use Tor.
Publish the public service name. (e.g. "duskgytldkxiuqc6.onion")
Deploy a client that takes the service name and a URL, and let it send an email with a request to your server.
The client now waits for a reply.
You send a reply and the client receives it.
You can change your service name on a regular basis, but you need to make it accessible to those who will use this service.
Having an own email server means being able to control the email header.
Here is one example how you could make use of it:
Configure your email server so that it receives and recognizes
emails which contain the requested URLs.
Before you send a reply modify the email header so that it shows a random IP address and a random sender email address including a random domain name.
Send your reply.
Sending an email that way means that you cannot be replied back to. But since your reply already contains the requested information there is no need to.
I hope this helps.
Crowd source it.
Find a way that volunteers can send some emails for you. This is the only long term approach that I can think of. A simple web interface with mail to links would be be enough to get started although there are other potential problems with this approach too.
Because you are talking about low numbers of users, you could also use crowdsourcing to create the single email address per person approach. They can create an account on a specific set of email providers and give you the credentials. This would allow the single email per user approach or could be used to rotate through a large set of email accounts to send emails.
The simplest solution is perhaps to set up a local SMTP server on your own computer. You don't even need a server per se.
https://sourceforge.net/projects/winsmtpserver/
There are many other such applications. They are usually used to test SMTP functions during local development, but there is nothing against actually sending spam through them.
I know this would be quite a large task, but how about pairing the users with one or just a few emails so they always receive an email from that email.
I'd assume people wouldn't have more than 100 queries per day, if so they could start receiving them from a backup email
I'd imagine it would look less suspicious for them to appear to be in constant contact with one unique email rather than 50,000 being in contact with one
I know this would be a huge undertaking, but I feel like it solves your issue.
Since the users are willing to receive emails form you then your shouldn't be blocked.
When you mentioned you are getting block does it mean your mail is going in spam or is getting lost in between sending and receiving or it is getting bounced back??
My suggestion would be to setup your own mail server and follow as below:
-Get approx 25 or more ip to rotate. (IP is the most imp part which is tracked and is accountable for the reputation of your mail server)
Don't start sending emails in bulk from the word go it is better to gradullay increase the email volume so that mail server reputation nicely built
keep changing the format of the email often
encourage user to add yourself to there contact list
your best part is user are willing to receive emails from you and you would reply to revived email is the USP of yours but still i will recommend you to register for FBL so that you would know which user is reporting you as spam and you can remove him from your list and never send him email again.
using best practice to send emails like dkim, SPF, dmarc are also vital.
Hope my answer was of some help to you. If you need step by step guide to step up mail server let me know.
My friend, do you remember what made Hillary Clinton lose the last elections to Trump?
It was the "mail" affair. And what was it? People discovered she shared confidential information through a non-official, non-governmental email account (i.e., she used some Gmail, Yahoo or another of a kind). Until here, nothing new with direct relation to your matters. But there is an small particularity on this history, and this can put, maybe not a solution, but maybe a light on a new path you could follow: Clinton actually never sent those emails; the email account she used had the password shared and the communication between people (Clinton-someone) occurred only using the drafts of the account.
How? One side logs in and accesses the drafts folder. There he/she reads the last message and edits it, cutting and writing new data - then save the draft message. On the next turn, the other side of the communication line logs in and do the same. And so forth, so never really sending those messages, but instead just updating the drafts (this "Hillary" method does schooled people... Dilma Rousseff, impeached ex-president of Brazil, actually did this method down there in Brazil too).
So, maybe if you could establish a pact with your user that he/she doesn't delete the account's password, you could pass those information by this method - without "really" exchanging emails. Maybe a "parent" email account (some that could reset a lost password) could be useful too.
Alternative: aren't you able to contract a regular HTTP webserver? You could rely on FTP to publish data to your user, he/she asks for it and you publish a page with that content.
Salvi, have you tried something with Telnet? OK, we are talking here about a text-only environment, but if nothing more would rest in the future, this could be better than nothing. Maybe you could implement a podcast-like, or push-like service based on it. Look what people do with it with references to your walk on the dark side...
If in Windows, open your command prompt.
Type telnet and press Enter.
Type "o" without quotes and press Enter.
Type "towel.blinkenlights.nl" without the quotes and press Enter.
I am using WPS, a diluted version of SAS, and I cannot send emails through the SMTP server using the normal (and fairly well documented) config flags.
I keep receiving the error message:
SSL exception: Could not initialise security context [80090322]
Having found some forum posts, the description for this issue is that the SMTP server is expecting authentication using a certificate. When I mentioned this to the IT team, nothing came from it. Having used SAS for a significant period, you would normally and quite simply apply some very basic information into the config file (see below).
I've been given the admin username and password, I've used an array of different ports, but still the same error message persists.
Does anyone have any ideas on how to make SAS/WPS connect to a secure SMTP? Config file is:
-emailsys SMTP
-emailhost 10.0.x.x
-emailport 23 (Port 23 was opened for my use, we are not able to use port 25).
The error message persists even if I force the credentials via -emailid and -emailpw.
Thanks in advance,
Dan
The fix for this is to utilise a fully qualified domain name, rather than an IP address or other method.
I know this is very old, but I had a really bad time trying to figure this same problem out and I'd like to post my solution here for people who might need it in the future.
Basically, this problem happens because SAS/WPS is trying to validate the certificate he has gotten from the smtp server when trying to interact with it (ie.: send an e-mail).
There are 2 solutions:
You can define the location were the trusted certificators are stored for the system to validate it.
You can define the server option TLS_HOSTVALIDATION to NONE by doing something like OPTIONS TLS_HOSTVALIDATION=NONE
I hope this helps.
I am using a free caller android app and they restrict me with limited credits. I would like to explore more about how this app works. So I started decompiling the APK file and intercepting networking requests using Fiddler.
I intercepted requests, but none of those are creating the actual call. So after decompiling the APK I understood they are using SIP server for calls. I couldn't intercept any SIP call with fiddler or wireshark.
They are using this SIP server : https://www.kamailio.org/
Kamailio is one of the powerful SIP Servers and they have good documentation and big mail-user list. You can check their wiki:
http://www.kamailio.org/wiki/
For understanding this case first you should learn "how voip works" subject. You already can not inrecept any SIP call with fiddler or wireshark. Generally, SIP server managers hide their topology for security reasons. Thats why you can not observe SIP traffic to the end of the tunnel.
Even Kamailio has its own module that provides hide your network topology with one click :)
https://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging#decoding_of_tls_connections_with_wireshark
If they can limit your credits, then, of course, they will authenticate your every call and reject it if you don't have enough funds (or out of quota).
So, if you learn a little bit about SIP technology - perhaps, you'll be able to send a call request even without a dialer, but I doubt that the call will be authenticated.
An analogy: if you know a full path to some restricted page - you can paste it into the browser's address field and go there, but if you are not logged in, then you will still get an error like "you're not allowed to read this page".
We are building a system that is, effectively, an email/calendar/contact client.
Users will provide us with their email address password (or other auth, eg oauth) and we will connect to their underlying email system.
"underlying systems" include:
Microsoft Exchange / Office365
GMail
Yahoo Mail
Apple email
Generic IMAP
Each of these systems have subtle (and not so subtle) differences in their APIs, especially to access calendar & contact data. Thus we need to know what provider the user is using.
But we would rather not ASK the user. We would like to figure it out (and at, least reduce the choices) automatically.
I've looked around for something that already implements this but have not found anything. I know it's mostly possible because Windows Phone does it pretty well (just enter username/pw and it does the right thing).
Before I dive in and start writing my own I want to ensure I'm not wasting my time if someone's already done it in an excellent way.
Know of anything like this? For this project prefer C#/.NET.
[EDIT: Adding potential algo]
Potential Algorithm:
Given email address & password
Extract domain name from email address
Try Exchange autodiscover. If successful done.
Use DNS MX records to find smtp host.
Do SMTP EHLO
Gmail responds with "250-mx.google.com at your service"
So if we see a "google.com" we are done.
Yahoo responds with 250-mta1257.mail.sk1.yahoo.com
So if we see a "yahoo.com" in the response we are done.
Apple responds with 250-xxxxxx-mac.com
So if we see a "mac.com" in the response we are done.
If none of the above
IMAP?
...
[EDIT: 5/18]
I built a prototype that uses methods that don't require auth (e.g. just MX/SMTP sluthing). Give it a try: http://bit.ly/KLZKxD
Algorithm seems reasonable. You will get best results running from unfiltered server (meaning it has direct SMTP outbound / doesn't run through a proxy). If running from client (mobile/tablet/desktop), then no guarantees as some ISP's pass SMTP through a proxy relay hence EHLO response is only for proxy.
You may want to do a port check for servers to verify expected protocol support (just a TCP connect may be sufficient but protocol handshake is preferable). Additionally, best to build up a database of verified SMTP and IMAP server mappings as there can be split names (e.g. smtp.domain.com and mail.domain.com) - discovering SMTP is easy, discovering outbound server(s) which usually also means calendar/contacts server, not so much (except for Exchange but only if autodiscovery is configured correctly).
If you can get your users to approve and assuming you have their username/password, you could try connecting to SMTP via MX record and sending an email back to your own address then checking through headers for useful info about the server (needs to be authenticated to relay). Users could alternatively reply to an email you generate in order to get the same server info.
Also ensure that you do your own DNS query and try each MX record or all primaries -- if the principal MX is down or DNS is poorly configured for equal weighting, you could end up hitting a smarthost / backup which may just be a dumb SMTP relay / store-and-forward and not give you the correct response.
TL;DR: No quick solution but a cascaded algorithm that trys and fails different solutions until one works / gives an expected result should work.
Most devices can auto detect the service by parsing the Whole e-mail address. Xyz#gmail.com would obviously be a gmail account. So for Apple, Gmail, Yahoo, Live, Hotmail etc you can easily program for.
For other domains, including custom, you can try this: http://www.exclamationsoft.com/exclamationsoft/netmailbot/help/website/HowToFindTheSMTPMailServerForAnEmailAddress.html
You can detect Google Apps For Your Domain accounts by examining the domain's MX records. If the primary MX record is ASPMX.L.GOOGLE.com, then it's GMail.
I created an implementation of this that has been used widely with some success: https://github.com/tig/Email2Calendar
This is used by both milelogr.com and freebusy.io.
Does anyone know of a free, anonymous smtp service? I want to give users of my app the ability to occasionally send me an anon email without having to configure a server of enter their email account. I guess I could setup a gmail account for this purpose and embed the credentials in the app but I hope it won't be necessary. In case it sways your answer, this is a thick client (.NET Console) app.
I think that what you're asking for is called an open relay.
If there were such a thing, wouldn't it immediately be swamped by spammers?
You might be better off setting up some kind of commenting tool on your website, that sends you an email with the contents of whatever form the user submits. Then if you go that far, it shouldn't be difficult to add a form to your app that automatically makes the full HTTP request (transparent to the user, in the background).
If you run your own mail server, you can simply configure the app to deliver mail directly to it. Many web hosting companies also provide mail hosting if you don't want to run it on your own hardware. Gmail via Google Apps for your domain might be an option. It's free. But their anti-spam measures might prevent delivery. Better to have a server you can control, I think. Bottom line, though, is you don't need an anonymous SMTP relay server to get the job done.