tel42verifier is an Asterisk AGI program designed to prevent Caller ID spoofing by verifying SIP calls against DNS ENUM records.
- custom domains
- per prefix settings
- NAPTR U/S/A flags
- DNSSEC
- ISN (ITAD Subscriber Number)
- Caller ID Name in TXT
- order: NAPTR -> SRV -> A/AAAA
- chained NAPTR redirection
Run the build target via Make:
make buildThis produces the statically linked executable binary tel42verifier.
You can call the executable out of an Asterisk dialplan via AGI:
tel42verifier [OPTIONS] <CALLER_ID> <REAL_IP>-config: Path to the configuration YAML file (default:/etc/tel42verifier/enum_config.yaml).-domain: Override default ENUM domain suffix.-dns: Override DNS servers (comma separated).-dnssec: Enable or disable DNSSEC validation.-version: Print version and exit.
The script exports the outcome under the Asterisk channel variable ENUM_VERIFY_RESULT. It will be set to one of the following states:
PASS: The source IP properly matched resolved NAPTR records.SPOOFED: The matched IP explicitly contradicted the expected ENUM records.NO_ENUM_RECORD: An ENUM resolution failure occurred (or no record was found).ERROR_INVALID_IP: Malformed IP address provided via CLI argument.ERROR_INVALID_NUMBER: Malformed Caller ID.ERROR_MISSING_ARGS: Insufficient parameters provided to start the AGI script.ERROR_CONFIG: Parsing failure detected during configuration loading.
Additionally, if a Caller ID Name is found via a DNS TXT record for the matching ENUM domain, it will be exported under the Asterisk channel variable ENUM_CID_NAME.
...
same => n,Set(CALLERID_NUM=${CALLERID(num)})
same => n,Set(REAL_SRC=${CHANNEL(pjsip,remote_addr)})
same => n,AGI(tel42verifier,${CALLERID_NUM},${REAL_SRC})
same => n,GotoIf($["${ENUM_VERIFY_RESULT}"="PASS"]?trusted)
same => n,GotoIf($["${ENUM_VERIFY_RESULT}"="NO_ENUM_RECORD"]?no_record)
same => n,GotoIf($["${ENUM_VERIFY_RESULT}"="SPOOFED"]?spoofed)
...
MIT