Problem description:

If you're using FaxChange with Exchange gateway and want to sent a fax, you should send e-mail with recipient with FAX address type. This KB record describes, how to send fax via SMTP address type - from other mail client than MS Outlook or from internet.

Solution:

MS Exchange Internet Mail Connector has a little documented feature. When it receives SMTP address in form IMCEA<address type>-<address>@<yourcompany.com>, it converts it into valid internal address of this type. So if it receives address

IMCEAFAX-0225308454@company.com

it will be converted into correct fax address FAX:0225308454. If address should contains any of "invalid" characters (like plus or space), those characters should be written as +<hexacode>, ie.

plus = +2B
space = +20

and so on. You should "encrypt" fax address in this way if you want to sent it through Exchange IMC.

OK, we have recipient's fax address sent via SMTP. But the sender's address is SMTP-based - and FaxChange internaly uses Exchange (X.500) addresses in user database, and gateway rejects SMTP senders. So we have to switch gateway into SMTP-ready mode using registry item

HKEY_LOCAL_MACHINE\SOFTWARE\Datasys\FaxChange\global\system\AllowInternetSenders

You may set this item to "1" and then messages from SMTP addresses will be accepted. User with SMTP address will be added into FaxChange user database (if FaxChange is allowed to do so) and it will not be equal to the same user which is using FaxChange from Outlook client. You should switch off fax previews for all SMTP users - because they aren't able to answer to preview.

If you haven't allowed FaxChange to automatically add users, SMTP user will not be found in database. This can be solved. You have to encrypt sender e-mail address also. Set sender address to

IMCEAEX-<Exchange address>@company.com

You may find Exchange address in fxUserM. Spaces in address should be replaced with +20.

New registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Datasys\FaxChange\global\systemAllowIMCEAaddres. This entry sets, if mails are accepted ( 1 ) or denied ( 0 ), when they arrive in "IMCEAFAX-..." format to FaxChange gateway ( are not converted by EX Internet Mail connector )

Security warning 1: If somebody send an e-mail with recipient in IMCEAFAX-... form and sender in IMCEAEX-... form (with valid Exchange address), this email is converted in IMC so it look like standard "internal" e-mail. FaxChange can't find that e-mail is sent from internet - fax will be proceed and probably sent! This is a security hole in MS Exchange Server. So we recommed you to disable all e-mails with any of addresses in IMCEA* form on firewall or mail relay server.

Security warning 2: The same problem may be encountered if sender has SMTP address, which is the same as SMTP address of any of your Exchange users. Recommended solution: the same as in previous point.

If your users are using fax preview, the security risk is low - because fax will be converted and then preview will be sent to internal Exchange user. The user will see preview for fax, that he/she did not send - and probably will not press "Yes, send it!" button... If intruder will use it's own SMTP address, he/she will receive preview but he/she can't reply to it (because Exchange forms are need for doing this). This security hole can be abused with fax previews switched off only.

Tip: If you want to allow internet users to fax to one specific number easily, you may create Custom Recipient (Contact in Exchange 2000) and set its primary address to FAX address. Then the internet users can send faxes to custom recipient's SMTP address.

Further information:

• If recipient address is fax (IMCEAFAX-) and sender's address is SMTP (but not SMTP address of one of internal Exchange users), gateway will write security warning into Application event log. You may disable this feature in registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Datasys\FaxChange\global\system\InternetSendersCauseSecWarning = "0"

• IMCEA<address type> text is case sensitive so IMCEAFAX-444@... will be converted OK but imceafax-444@.... will not.
• Handling of IMCEA* addresses in Exchange IMC is little described in MS KB record Q271575.
• If SAP Add-on is activated, SMTP sender will be transfered to administrator - and administrator can assign this sender into one of internal Exchange addresses.
• This record describes FaxChange 5.1.11 and newer.

Keywords:

FaxChange, internet fax, IMC

If there is something unclear, send us an email to development@datasys.cz.