Setting up Whitelist-AGI
Contents
- You need access to the FreePBX server
- Preinstall 1. Ensure you have the required FreePBX modules
- Preinstall 2. Set up needed destinations
- Preinstall 3. Build a list of numbers to add to the whitelist
- 1. Update the Asterisk dialplan
- 2. Create the AGI script file
- 3. Set up the “Whitelist-AGI” destination
- 4. Set up the “Whitelist-AGI Success” destination
- 5. Set up the “Whitelist-AGI Softfail” destination
- 6. Set up the “Whitelist-AGI Hardfail” destination
- 7. Set up the “Whitelist-AGI Add” destination
- 8. Set up the “Whitelist-AGI Add” application
- 9. Set up the Contact Manager group
- 10. Set up the Whitelist-AGI group as a CID Lookup Source
- 11. Add initial numbers to the whitelist
- 12. Update Inbound Routes
Caution: These notes may be out of date. As of February 2020 I plan to build a proper FreePBX module for Whitelist-AGI, which should render these instructions obsolete.
This section provides a step-by-step guide to setting up whitelist-AGI on FreePBX.
You need access to the FreePBX server
While practically all of the configuration can be done from the FreePBX admin
web pages, it’s unfortunately not possible to do everything from there. You need
to be able to log in as the asterisk user on your FreePBX server to do one
thing, which is getting the whitelist.agi
script into /var/lib/asterisk/agi-bin
and making it executable.
Documenting how log in to your FreePBX as the asterisk user is outside the scope of this documentation. If you need assistance doing this, you’ll need to contact someone knowlegeable with Linux.
Preinstall 1. Ensure you have the required FreePBX modules
You need the following FreePBX modules for installation, configuration, and maintenance of Whitelist-AGI:
- CallerID Lookup
- Contact Manager
- Misc Applications
The following are useful but not required:
- Bulk Handler
- CID Superfecta
- Config Edit
You can use the following command to install the needed modules from the command line (must be root):
fwconsole ma downloadinstall bulkhandler cidlookup contactmanager miscapps superfecta
Preinstall 2. Set up needed destinations
There are three possible results from the whitelist check:
- Success: the CID Lookup Source check was successful (the call is whitelisted)
- Soft failure: the CID Lookup Source check failed but the caller ID contains a legitimate looking value. Note that this can be tripped up by one of the CID Superfecta data sources that sets the caller’s name to a city.
- Hard failure: the CID Lookup Source check failed and the caller name is suspicious: blank, “Anonymous”, “Blocked”, “Spam”, “Unknown”, “Withheld”, only digits, or the value set in the “Artificial CNAM” field of the CID Superfecta “Abandon Lookup” data source. Note that “Private” is not on the list. Many people have a legitimate desire or need to have an unlisted number and should not be treated as a telemarketer or scammer.
As the system administrator it is up to you to determine how you want to handle the results. Suggestions are:
- Success: typically this is the destination you would have used on the inbound route if you hadn’t diverted it to whitelisting, such as an attendant, a time group, or your green/red BLF call flow.
- Soft failure: one possible destination is an IVR that requests the caller to press “1,” or say their name, or enter a phone number, then sends the call to your normal handling.
- Hard failure: Possible destinations are Zapateller, a simple hangup, or Lenny. As of January 2020 the web site Crosstalk Solutions has the Lenny sound files and pointers on how to set them up in Asterisk.
Before proceeding with the installation, set up any needed destinations and test them to ensure they work.
- You probably already have the destination for the success result: unless you’re planning on doing something unusual it’s the destination you’re currently using for your inbound route(s).
- If you want to use an IVR for the softfail destination (example, “If this is a sales call, please press 5 to hear 15 seconds of monkeys screaming, else press 1,”) this is the time to set up that IVR and test it.
- If you want to use Zapateller for your hardfail, it’s already set up in FreePBX.
Don’t worry about how you’ll configure Whitelist-AGI to use the the destinations; at this point all that’s necessary is to ensure they’re available. Configuring Whitelist-AGI is done later in this setup.
Preinstall 3. Build a list of numbers to add to the whitelist
If you don’t pre-seed the whitelist, immediately upon implementation everyone calling into your system is treated as either a softfail or a hardfail. If you would like to have long-time callers and customers on the whitelist before they ever call in you’ll need to add them.
Probably the best way to do this is building a CSV (comma-separated values) file and using the Bulk Importer to add its contents to the whitelist. Details of how the bulk importer work are in step 13.
Due to a limitation in how the bulk importer parses CSV files, if you have a mix of callers with only one number and callers with two (e.g. landline and cell, or line 1 and line 2), you’ll need two CSV files: one for callers with only one number and the other for callers with two numbers.
Here’s a sample CSV file for callers with one number (the area code 232 is not in use as of January 2020):
"groupname","grouptype","displayname","phone_1_number","phone_1_type" "Whitelist-AGI","External","Frodo Baggins","2325550156","home" "Whitelist-AGI","External","Planet Express","2325550167","work" ... (other entries as needed) "Whitelist-AGI","External","Princess Leia","2325550176","cell"
And a sample CSV file for callers with two numbers:
"groupname","grouptype","displayname","phone_1_number","phone_1_type","phone_2_number","phone_2_type" "Whitelist-AGI","External","Lord Eddard Stark","2325550142","work","2324447781","home" "Whitelist-AGI","External","Sherlock Holmes","2325550134","home","2325550128","cell" ... (other entries as needed) "Whitelist-AGI","External","Will Robinson","2325550110","work","2325550177","home"
1. Update the Asterisk dialplan
Since all of the heavy lifting is done by the AGI script, the dialplan code for whitelisting is relatively straightforward:
[whitelist] exten => s,1,AGI(whitelist.agi) same => n,AGI(notify-send.agi) same => n,Set(DP_GOTO=customdests,${WHITELIST_GOTO},1) same => n,GotoIf($[${DIALPLAN_EXISTS(${DP_GOTO})}]?${DP_GOTO}:badresult) same => n(success),Return() same => n(softfail),Return() same => n(hardfail),Return() ; Failsafe in case whitelist.agi did not return success/softfail/hardfail same => n(badresult),Noop(Bad result '${WHITELIST_RESULT}' from whitelist.agi) same => n,Playback(were-sorry&cannot-complete-temp-error&please-try-call-later) same => n,Macro(hangupcall) ; Add the last inbound caller (or an arbitrary number) to the whitelist exten => add,1,Noop(Add a number to the whitelist) same => n,AGI(whitelist.agi,a) same => n,Hangup
The recommended file for this code is /etc/asterisk/extensions_custom.conf
.
Do the following to update it:
- Log in to FreePBX as an administrator
- Go to Admin > Config Edit
- Expand the Asterisk Custom Configuration Files folder
- Select
extensions_custom.conf
- Add the above lines to the file
- Click Save, then click Apply Config.
2. Create the AGI script file
If you’re comfortable using Linux and scp/wget/curl or even ftp to copy
files from a from an outside source to your filesysten, use that to get a copy
of the whitelist.agi
script. Put the file into /var/lib/asterisk/agi-bin
and use chmod +x /var/lib/asterisk/agi-bin/whitelist.agi
to make it
executable.
Link to source file: whitelist.agi
If you’re unfamiliar with doing this, one workaround is to use Config Edit to
create the AGI script file, then use the Linux command line to move it out of
/etc/asterisk
. Here are the steps:
- In Admin > Config Edit, click on + Add New File
- When prompted, enter
whitelist.agi
as the file name - View the whitelist.agi file in your web browser
- Press Ctrl-A to select all the text
- Press Ctrl-C to copy the selected text to the clipboard
- On the Config Edit page, paste the text into the input box under the text Working on whitelist.agi
- Click Save, then click Apply Config.
- Log into the PBX server as the asterisk user and issue the following
commands:
cd /var/lib/asterisk/agi-bin
mv /etc/asterisk/whitelist.agi . && chmod +x whitelist.agi
- Log out
3. Set up the “Whitelist-AGI” destination
In FreePBX, go to Admin > Custom Destinations > Add Destination and set up the fields as follows:
- Target
whitelist,s,1
- Description
- Whitelist-AGI
- Notes
- Whitelists inbound calls based on the CallerID Lookup Source the CallerdID
name as presented by the trunk, and returns a result of “success,” “softfail,”
or “hardfail.” Requires a custom destination to be set up for each of these
results so you can specify how they are handled. For full information consult
the Whitelist-AGI documentation.
To use, set “Return” below to “No.” Then in “Inbound Routes > (route) > General > Set Destination” use “Custom Destinations” > “Call Whitelisting.” For best results, set up a CallerID Lookup Source of type “contactmanager” and group “Whitelist-AGI,” and use that source in Inbound Routes > Other > CID Lookup Source. - Return
- No
Click Submit and proceed to the next step
4. Set up the “Whitelist-AGI Success” destination
Set up a new destination with the fields set as follows:
- Target
whitelist,s,success
- Description
- Whitelist-AGI Success: CallerID number found in CID Lookup Source
- Notes
- Sends a call to the specified destination if the caller ID is found in the
CID Lookup Source named in “Inbound Routes > (route) > Other > CID Lookup
Source.”
To use, set “Return” below to “Yes” and select the destination. This is the destination you would have used on the inbound route if you hadn’t diverted it to whitelisting, such as an attendant, a time group, or your green/red BLF call flow. - Return
- Yes
- Destination
- (Select your desired destination)
Click Submit and proceed to the next step
5. Set up the “Whitelist-AGI Softfail” destination
Set up a new destination with the fields set as follows:
- Target
whitelist,s,softfail
- Description
- Whitelist-AGI Softfail: CallerID number not found in CID Lookup Source but the name looks good
- Notes
- Sends a call to the specified destination if the CallerID number is not found
in the CID Lookup Source named in “Inbound Routes > (route) > Other > CID
Lookup Source” but the caller ID name looks good (see “Whitelist-AGI HardFail”
for a list of “bad” caller ID names.)
To use, set “Return” below to “Yes” and select the destination. One possible destination is an IVR that requests the caller to press “1,” or say their name, or enter a phone number, then sends the call to your normal handling. - Return
- Yes
- Destination
- (Select your desired destination)
Click Submit and proceed to the next step
6. Set up the “Whitelist-AGI Hardfail” destination
Set up a new destination with the fields set as follows:
- Target
whitelist,s,hardfail
- Description
- Whitelist-AGI Hardfail: CallerID number not found in the CID Lookup Source and the name looks bad
- Notes
- Sends a call to the specified destination if the CallerID number is not found
in the CID Lookup Source named in “Inbound Routes > (route) > Other > CID
Lookup Source” and the caller ID name is blank, digits only, or one of
“anonymous,” “blocked,” “SPAM,” “unknown,” “withheld” or the text you set in
“Admin > CallerID Superfecta > Abandon Lookup > (wrench icon) > Artificial
CNAM.” Note that “Private” is not on the list; calls from unknown private
numbers are treated as a soft fail.
To use, set “Return” below to “Yes” and select the destination. One possible destination is Zapateller. Or look up “It’s Lenny” and implement that. - Return
- Yes
- Destination
- (Select the desired destination)
Click Submit and proceed to the next step
7. Set up the “Whitelist-AGI Add” destination
Whitelist-AGI has a limited ability to add numbers to the whitelist by calling
*33
from your extension. This step and the one following set up this feature.
Set up a new destination with the fields set as follows:
- Target
whitelist,add,1
- Description
- Whitelist-AGI: Add number to whitelist
- Notes
- Allows the caller to add the last inbound number or an arbitrary number to the whitelist. Suggested feature code is *33.
- Return
- No
Click Submit and proceed to the next step
8. Set up the “Whitelist-AGI Add” application
In FreePBX, go to Applications > Misc Applications. Click + Add Misc Application and set the fields as follows:
- Description
- Whitelist-AGI: Add number to whitelist
- Feature Code
*33
- Destination
-
Custom Destinations
Whitelist-AGI: Add number to whitelist
- Click Submit
- Click Apply Config
9. Set up the Contact Manager group
In FreePBX, go to Admin > Contact Manager. Click + Add New Group and set the fields as follows.
Note: the Contact Manager Group name is not configurable. The group must have
the name Whitelist-AGI
for whitelisting to work.
- Name
Whitelist-AGI
- Type
External
Click Submit and proceed to the next step
10. Set up the Whitelist-AGI group as a CID Lookup Source
In FreePBX, go to Admin > CID Lookup Sources. Click + Add CIDLookup Source and set the fields as follows:
- Source Description
ContactManagerWhitelist
- Source type
Contact Manager
- Cache Results
- No
- Contact Manager Group(s)
- Select
Whitelist-AGI
from the drop-down list - Caller ID Format
- Select
Display Name
Now:
- Click Submit
- Click Apply Config
11. Add initial numbers to the whitelist
If you compiled one or two CSV files containing an initial list of numbers to add to the whitelist, the is the point where you add them.
In FreePBX > Admin > Bulk Handler:
- Click Import
- Click Browse
- Locate the CSV file on the filesystem and click “Open”
- Click Submit
- The bulk importer displays a list of entries found in the file. Review the list for errors and completeness
- When you are done reviewing the list, navigate to the top of the page so you can see the progress bar
- Click Import (it should be visible in the lower right-hand corner)
- The importer runs. If you have a large list it may take a minute (or many minutes for a very large list) to import
- When Fnished appears beside the Import button, click it
- Repeat the above steps for any additional CSV files
12. Update Inbound Routes
You’re now at the point where you can start whitelisting callers. Do the following:
In FreePBX Connectivity > Inbound Routes > (route) set the following items:
- Set Destination
-
Custom Destinations
>Call Whitelist-AGI
- Other > CID Lookup Source
- Unless you have an unusual setup, set this to
ContactManagerWhitelist
- Other > Enable Superfecta Lookup
- Enable or disable as desired. The Whitelist AGI script is capable of handling names returned from the Superfecta lookup.
Set up other inbound routes as needed.
Finally:
- Click Submit
- Click Apply Config