Next Previous Contents

3. Access control details

As noted earlier, the email to fax gateway is universally available. The mail protocol has been designed to go through. Unless one pays attention, any mail to fax gateway is reachable from anywhere in the world.

To make matters worse, this is generally just what most people need. To cope with that, the linuxconf email to fax gateway supports various schemes to limit access to this facility. Here they are:

3.1 Local faxes

Whenever a mail message goes through a mail gateway, a new line is added in the envelope of the mail. This line tell us which gateway managed the message and when each received it.

By counting the number of "Received" lines in the envelope, the fax gateway can tell if the mail originated from the local network or not. Linuxconf proposes this as a strategy to differentiate between faxes from the inside and faxes coming from the Internet.

Local faxes and the Internet

Be aware that this is not 100% foolproof. If the email to fax gateway is visible from the Internet, anyone can telnet to it and inject a message in it. This will look like a local fax. To make sure the concept of "local faxes" is meaningful, you need some firewalling mechanism which isolates the fax gateway from the Internet. Then, the only way to reach it from outside would be to use at least another mail gateway. This would be detected as a non-local fax.

The fax gateway is not the mail server

The email to fax gateway is not always the mail server of the organization. However, it is simpler if it is.

If this is the case, the following solution may be used:

3.2 Fax users

You can define a list of users who can fax to various locations. A user is identified by his email address. You can also enter his PGP public signature. With this, the email to fax gateway will be able to certify that a fax message really came from the fax user.

You can selectively tell if PGP signatures are needed for different fax destinations.

Next Previous Contents