verify.conf

[general]
curltimeout = 5 ; default timeout of 5 seconds for curl requests

[peer2peer](!)
requestmethod = curl
verifymethod = reverse
local_var = __clidverif
remote_var = IAXVAR(clidverif)
via_remote_var = IAXVAR(nodevia)
extendtrust=yes
failgroup = spam
via_number = 5551111 ; your 7D DISA number here!
clli = HSTNTXMOCG0 ; your CLLI code here!
region = US
threshold = 4
failureaction = nothing
flagprivateip = yes
; tech: ensures tech is IAX2
; username: ensures alphanumeric username exists
; secret: allows alphanumeric secret to exist
; outkey: allows alphanumeric outkey to exist
; host: ensures at least 1 "." in the host (that it isn't a reference to a local peer with username/password), allows a numeric port
; extension: requires alphanumeric - plus *, #, ^, :, (, ) - extension
; context: allows an alphanumeric (plus underscore) context
outregex = ^[iI][aA][xX]2\/[a-zA-Z0-9_\-]+(:[a-zA-Z0-9]+)?+(:\[[a-zA-Z0-9.]+\])?+@([a-zA-Z0-9_\-]+\.)+[a-zA-Z0-9_\-]+(:[0-9]+)?+\/([A-Za-z0-9*#^:\(\)])+(@[a-zA-Z0-9_\-]+)?$
successregex = [0-9]0

[pstn](!)
verifymethod = pattern
failgroup = spam
local_var = __clidverif
threshold = 10
successregex = [0-9]0
blacklist_endpoint = https://api.phreaknet.org/v1/blacklist?key=${interlinkedkey}&number=${FILTER(0-9,${CALLERID(num)})}&cvs=${clidverif}
blacklist_threshold = 2.4

[pstn-us](pstn)
verifycontext = pstn-us-verify-patterns
code_fail = 32 ; should catch emtpy caller IDs
stirshaken_var = __ssverstat ; Process STIR/SHAKEN dispositions
;Add this to the dialplan:
;[pstn-us-verify-patterns]
;exten => _[A-Za-z]!,1,Return(32)
;exten => _X!,1,Return(31)
;exten => _NXXNXXXXXX,1,Return(30)
;exten => _1NXXNXXXXXX,1,Return(30)
;exten => _N00NXXXXXX,1,Return(31)
;exten => _1N00NXXXXXX,1,Return(31)
;exten => _800NXXXXXX,1,Return(30)
;exten => _1800NXXXXXX,1,Return(30)
;exten => _[01]XXXXXXXXX,1,Return(31)
;exten => _XXX[01]XXXXXX,1,Return(31)
;exten => _[2-79]00NXXXXXX,1,Return(31)
;exten => _[2-79]22NXXXXXX,1,Return(31)
;exten => _[2-79]33NXXXXXX,1,Return(31)
;exten => _[2-79]44NXXXXXX,1,Return(31)
;exten => _[2-79]55NXXXXXX,1,Return(31)
;exten => _[2-79]66NXXXXXX,1,Return(31)
;exten => _[2-79]77NXXXXXX,1,Return(31)
;exten => _[2-79]88NXXXXXX,1,Return(31)
;exten => _[2-79]99NXXXXXX,1,Return(31)
;exten => _X11XXXXXXX,1,Return(31)

[pstn-uk](pstn)
verifycontext = pstn-uk-verify-patterns
code_fail = 42 ; should catch emtpy caller IDs
;Add this to the dialplan:
;[pstn-uk-verify-patterns]
;exten => _[A-Za-z]!,1,Return(42)
;exten => _X!,1,Return(41)
;exten => _XXXXXXXX!,1,Return(40) ; minimum acceptable UK CLID length assumed to be 8

[pstn-au](pstn)
verifycontext = pstn-au-verify-patterns
code_fail = 52 ; should catch emtpy caller IDs
;Add this to the dialplan:
;[pstn-au-verify-patterns]
;exten => _[A-Za-z]!,1,Return(52)
;exten => _X!,1,Return(51)
;exten => _XXXXXXXXXX!,1,Return(50)  ; minimum acceptable AU CLID is 10
;exten => _0[169]!,1,Return(51) ; AU numbers don't start with 06 or 09 or 01
;exten => _[1-9]XXXXXXXXX,1,Return(51) ;  AU numbers start with a 0 (10th last digit)

[pstn-other](pstn)
verifycontext = pstn-other-country-verify-patterns
code_fail = 62 ; should catch emtpy caller IDs
;Add this to the dialplan:
;[pstn-other-countries-verify-patterns]
;exten => _[A-Za-z]!,1,Return(62)
;exten => _X!,1,Return(61)
;exten => _XXXXXXX!,1,Return(60) ; minimum acceptable CLID length assumed to be 7

[phreaknet](peer2peer)
verifymethod = direct
verifyrequest = https://api.phreaknet.org/v1/?key=${interlinkedkey}&asterisk=${VERSION()}&asteriskv=${VERSION(ASTERISK_VERSION_NUM)}&called=${EXTEN}&number=${IF(${EXISTS(${IAXVAR(nodevia)})}?${IAXVAR(nodevia)}:${VERIFYARG1})}&ip=${CHANNEL(peerip)}&clid=${CALLERID(num)}&ani2=${CALLERID(ani2)}&cnam=${STRREPLACE(FILTER(0-9A-Za-z \x20\x2C\x2D\x2E,${CALLERID(name)}), ,+)}&cvs=${IAXVAR(clidverif)}&threshold=2.4&token=${IAXVAR(vertoken)}&verify
allowtoken = no ; PhreakNet supports tokens, but they're built into verifyrequest
remote_stirshaken_var = IAXVAR(ssverstat)
setinvars = fqdn='${CUT(clidverif,~,2)}',__clidverif='${CUT(clidverif,~,1)}',__mlppdigit=${IAXVAR(mlpp)},__ssverstat=${IAXVAR(ssverstat)}
setoutvars = IAXVAR(mlpp)=${mlppdigit},IAXVAR(ssverstat)=${ssverstat}
code_good = 70
code_fail = 71
code_requestfail = 77
code_spoof = 79

[cnet](peer2peer)
threshold = 5 ; so few C*NET nodes use verification that a lower threshold would reject a substantial number of calls
requestmethod = enum
verifyrequest = +${VERIFYARG1},ALL,,1,std.ckts.info
allowtoken = no ; C*NET doesn't support tokens.
via_number = 12311111
code_good = 20
code_fail = 21
code_requestfail = 27
code_spoof = 29
blacklist_endpoint = https://api.phreaknet.org/v1/blacklist?key=${interlinkedkey}&number=${FILTER(0-9,${CALLERID(num)})}&cvs=${clidverif}
blacklist_threshold = 2.4
blacklist_failopen = yes
; some C*NET nodes make calls from different IPs than the incoming calls go to. On C*NET, the only way to verify these is manual exceptions, since there is no support for tokens.
exceptioncontext = cnet-exceptions-lookup ; add the below context to your dialplan:

;[cnet-exceptions-lookup] ; this is different from the [cnet-exceptions] in the verification subroutines. Last updated 20211212.
;exten => _1488XXXX,1,Return(199.199.196.82)
;exten => _1596XXXX,1,Return(45.32.212.173)

[npstn](peer2peer)
clli = NPSTNXY0 ; NPSTN uses NPSTN* CLLIs
verifyrequest = https://crtc.npstn.us/api/v1/?auth=${npstnkey}&lookup=${VERIFYARG1}
allowtoken = yes ; NPSTN uses standalone tokens
validatetokenrequest = https://crtc.npstn.us/api/v1/verification/temptoken.php?auth=${npstnkey}&token=${IAXVAR(npstnverifytoken)}
obtaintokenrequest = https://crtc.npstn.us/api/v1/verification/temptoken.php?auth=${npstnkey}&disavia=2311111
via_remote_var = IAXVAR(DISAVIA)
token_remote_var = IAXVAR(npstnverifytoken)
setinvars = __autovonprioritydigit=${IAXVAR(npstnmlpp)},__forcesecurechannel=${IAXVAR(forcesecurechannel)}
setoutvars = IAXVAR(npstnmlpp)=${autovonprioritydigit},IAXVAR(forcesecurechannel)=${forcesecurechannel}
code_good = 10
code_fail = 11
code_requestfail = 17
code_spoof = 19