Using Nomorobo to block calls in Asterisk

Nomorobo is a fantastic service. It’s not perfect; plenty of illegal phone spammers are using throwaway numbers and/or illegally spoofing caller ID numbers to make calls that appear to be from random numbers — usually in your own area code. Short of using a strict whitelist, I don’t see a real way to get rid of those. Using Nomorobo, though, will dramatically cut down on the number of junk calls you will receive.

There’s a little problem, though… while many phone providers offer the service (we’ve been using Ooma), they don’t appear to offer the service to individuals or small businesses who run their own phones.

I ran my own Asterisk PBX for several years, supporting our home phones as well as a separate line I used for work, and even a toll-free number for my side business. Life was good for quite a while, but eventually it got to be quite a hassle trying to keep up with all the junk calls. Then my VOIP carrier changed their pricing to make them much less attractive from a cost standpoint. Eventually we switched to Ooma. They’ve been good, but not without issues. The Telo Air occasionally loses communication with the mothership, and if you don’t see the red light you won’t know that your phones aren’t working. The cost has gone up, now running over $20 per month for the Ooma Premier, which includes what I consider to be some pretty basic features — like call blocking, for example.

Now we have some family members who need a home phone, but I just can’t bear to see them get roped into paying really stupid monthly costs for a simple phone line. That, and our Ooma service is getting more expensive and (it seems) less reliable by the year. Time to switch back. But how can I keep Nomorobo? It would be a tough sell to do without that!

Well, Twilio to the rescue! They offer a Nomorobo lookup API that costs a tiny amount per lookup — $.003, or 0.3 cents per incoming call lookup. Conversely, that’s 333 lookups per dollar. Not bad, I’ll gladly pay that to avoid taking telemarketing or scam robocalls. Now, if only we could get Nomorobo to list all of the numbers used by political “push polls”, recorded messages, and other political campaign silliness!

Twilio’s call rates are not outrageously high either, and their monthly costs for DIDs (phone numbers) are pretty reasonable. The only thing I’ll fault them on is too much hassle to set up CNAM for your outbound calls, so unless you go through that process everything shows up as the number only with no CID name. Flowroute is MUCH better for this, so I route most of my outbound calls through them.

So — how to get Asterisk to do the lookup? After several hours of playing around with this, I found that it’s pretty easy to do. While it wouldn’t be terribly helpful (or smart) for me to post my entire dialplan here, I’ll include enough to get you going. I put this very near the top of the context I use for incoming calls from PSTN trunks. There’s no sense in burning CPU cycles on a call if you’re just going to drop it anyway.

First, you’ll need a Twilio account. They’re even nice enough to give you some credit on your account if you’re new, and it’s enough for quite a bit of learning and development work. I funded my account so I can use them for international calls — they’re ridiculously cheap for most destinations. They’re also a good solution if you want to get DIDs in countries outside the US.

Once you have a Twilio account established, use your account SID and auth token to set CURLOPT() with your username and password. This will be used in the next line to make the curl call to the API:

same = n,Set(CURLOPT(userpwd)=username:password)

Now, make the call to Twilio’s API to get the spam score. The result is a block of JSON that gets saved as TWILIO_RESULT:

same = n,Set(TWILIO_RESULT=${CURL("${CALLERID(num)}?AddOns=nomorobo_spamscore")})

Since we’ve got a block of JSON, we’ll need to extract the one wee bit we need. Fortunately Asterisk has a solution for that as well, so we don’t need to resort to anything drastic like a shell command:

same = n,Set(SPAMSCORE=${JSON_DECODE(TWILIO_RESULT,add_ons.results.nomorobo_spamscore.result.score)})

Now we use that result to drop the call if it’s spam. A simple Hangup(2) tells the caller that their call was rejected:

same = n,GotoIf($[ ${SPAMSCORE} = 1]?dropcall)

Later in the dialplan, after we’ve done the whole “call the user, drop to voicemail if they don’t answer, yadda yadda yadda” we have this:

same = n(dropcall),Hangup(21)

The Hangup(21) tells that their call was rejected. There are other, even more creative codes to use… like these (list courtesy of

  • 1 – Unallocated number
  • 22 – Number changed
  • 27 – Destination out of order
  • 38 – Network out of order

Letsencrypt, Duckdns, and Cox

Like some other ISPs, Cox blocks all incoming access to port 80 on residential connections. They also use DHCP to assign dynamic IP addresses, which can can and do change occasionally — especially when you reboot your router. That’s fine in most cases, but can be a real pain in the ass if you run any local services that you need to access from outside the home. For example, if you run your own email and want to use IMAP, you’re likely going to need an SSL certificate. You need a way to have your DNS update to point to your new IP when it changes.

One way to do all of this without paying subscription fees is with Duckdns and Letsencrypt. Duckdns is a free DNS service with an easy to use API that can be updated by a script when your IP address changes. Letsencrypt is a free SSL certificate CA; I can’t say enough good things about Letsencrypt and encourage you to support them with a donation as I have.

So. First we can use cron to run a command that updates our duckdns IP address every ten minutes or so.

echo url="{my_domain}&token={my_token}&ip=" | curl -k -o ~/duck.log -K -

Simple, right? Now we have a hostname that always points to our own home IP address – or at least always does within ten minutes of an IP address change, which is probably good enough for most purposes.

Now for the SSL certificate. Letsencrypt will happily issue free a 90 day SSL cert for your domain. Normally, one runs a script from cron that renews the certificate if the cert is expiring in less than 30 days. IF you can expose port 80 to the web, even temporarily, then life is good — just run ‘certbot renew‘ once a day, or even once a week, and everything happens for you in the background. If, however, your ISP filters port 80… well, there’s the pain-in-the-ass part. The certbot script renew script will only work if you have port 80 open to the web. I haven’t found a way to get Letsencrypt’s server to use any other port to reach your web server, so forwarding a non-blocked port (8880, for example) to your local server’s port 80 does you no good.

All is not lost; it just means a bit more work. Letsencrypt will also issue certificates using DNS challenges for authentication, placing specific TXT records to prove that you have control of the domain or subdomain in question. The process looks like this:

certbot certonly --manual --preferred-challenges dns -d -d

The certbot script will tell you to create TXT records in DNS for your domain, and will wait for you to do so before proceeding. You can use your DNS provider’s web or API interface to add or change the TXT record accordingly. Duckdns now supports TXT records in addition to A records, and updating yours is simple:

curl '{my_domain}&token={my_token}&txt={my_txt}&verbose=true'

Once you’ve verified that the TXT records are there using, say, ‘dig _acme_challenge.{my_domain} TXT‘ — simply hit ENTER to let the script finish. You should end up with a renewed SSL cert.

My previous ISP didn’t block port 80, so I never had to do any work at all for this. I ran the ‘certbot renew’ command from cron once a day, and it automatically updated the certs for me. Now that port 80 is no longer an option, I will need to manually renew the certificate every 90 days. I’ll actually do it at around 75 days, because Letsencrypt helpfully sends out emails to let you know when your certificate is within 15 days of its expiration.

A year’s worth of updates

Time flies when you’re ignoring a blog, right? I’ll catch up.

  • The Mercedes is gone. After everything I’d fixed on it, when the transmission decided it didn’t want to work reliably any more — screw it, I was done. It was an awesome car to drive, but not so much fun to own. I replaced it with a much newer 2018 BMW 540i Xdrive, which has been wonderful.
  • Still flying occasionally, but nowhere near as much as I should or want to.
  • Nothing’s happened with the Mustang, other than getting the engine put back together.
  • We’ve picked up a couple more rental houses; that enterprise is going pretty well overall.
  • We switched from Visible to T-Mobile. Visible had great service when we signed up; it slowly degraded to barely usable. TMO has been better, but not great.
  • I just dumped CenturyLink. Our CenturyLink fiber service has been down since Wednesday morning (it’s Friday now). It took me three hours to get through to a human there, on the phone, who told me they could have someone out Saturday morning. Absolutely appalling service. We were up and running on Cox within an hour of leaving the house to go pick up their equipment.
  • Now I remember why I didn’t like Cox’s equipment… zero flexibility, no control over your own local network at all. You can’t even set your own DNS, so my Pi-Hole is not functional. I’ve got new equipment coming this afternoon. New cable modem, router, and mesh wifi.
  • I left my long time employer (a bank) a little over a year ago and now work for another bank.

Fixing a front heat issue

The symptom: No (or intermittent) heat in the front seats of a 2007 W221 S600.

  • The vents blow cool to cold air most of the time.
  • Changing the temperature zone setting has no effect.
  • Turning the climate control system OFF for a minute or so, then back ON will result in warm air blowing briefly, cooling off rapidly — as if there is hot water in the heat exchanger, but no flow of hot water from the engine.
  • XENTRY/DAS diagnostics show all temperature sensors working.

Fixes tried:

  • Replaced AC water valve. The old one was in need of replacement; the top water hose neck snapped off during removal and the rack & pinion gear was jammed with some debris, so it likely wasn’t working. The valve is a non-Mercedes sourced part, unbranded, likely Chinese sourced like everything else. $40, quality appears to be quite good and the fit was perfect.
  • Tested valve operation with XENTRY/DAS. Using the actuations top open and close the valve result in hot air (CLOSED) and cool air (OPEN), so the valve is mechanically and electrically operational.
  • Used diagnostics to teach-in and normalize all actuators, flaps, and air control potentiometers. This had no effect on the symptoms.
  • I wanted to reverse the wires to the valve at the plug. My hypothesis was that the motor was simply installed backward, resulting in the valve running opposite the direction commanded by the HVAC system. Since it’s an open loop system, the front SAM would have no idea that this was happening. Unfortunately, I had no convenient place to swap the wires. I ended up determining that it was indeed wired backwards internally. A new part from a Mercedes dealer (thanks, Husker Auto Group!) fixed it.

Results: Fully working heat!!


I’ve moved the blog to a new web service… one of the AWS virtual server offerings. So far, so good… and dirt cheap.

A couple months of Mercedes ownership

I’ve been adjusting to “semi sort of exotic” V12 ownership.  Early May I bought a Mercedes S600 with under 48K miles on the odometer.  If you’re unfamiliar, it’s an exceptionally opulent luxury sedan with a 510 HP, twin-turbocharged 5.5 liter V12 and an active hydraulic suspension system, among other things. It hasn’t been trouble-free, but I don’t think anything new has broken since I bought it — it just had problems that weren’t obvious when I looked at it.  If I’d have had a proper dealer PPI done, I would have screwed the price down a few more thousand — but the logistics of doing that in a distant city are difficult to say the least.  Next time (and there will be a next time), I’ll do it differently.  

The real adjustment is in how these things are serviced.  Got a problem?  Unless it’s something mechanical that’s obviously broken, you’re going to absolutely need the Mercedes dealer level software (at the very least), on a dedicated laptop, and the hardware to get it to talk to the car.  Period.  Or, you take it to a dealer that charges a $160 “diagnostic fee” per symptom.  Or, you find an independent shop and hope they’re as good as they claim.  The mechanical systems are very complex.  The electronics are far, far more complex.  Just an example: You turn the thumbwheel on the dash air vent to control airflow.  It’s not a mechanical control.  It’s a potentiometer, which is read by a control unit that sits on the CAN bus, and talks to numerous other control units, and a decision is made how much to move the electrically actuated damper behind that vent.  Oh, the potentiometer went bad and can’t be read?  No A/C for you, pal.

I’ll be about $3K deep in repairs, parts, and vehicle-specific tools by the time I’m done, maybe a little less.  The good news is, half of that is the one thing that the dealer HAS to do — the rest I can do myself with parts sourced from Fleabay or a couple of dealers that sell factory original parts at a deep discount.  By the weekend I’ll be equipped to do anything the dealer can do diagnostic-wise, which will pay for itself quickly.  

On the plus side…  the thing is over-built, and the level of engineering and the build quality is fantastic.  Even at 13 years old, this car has features most new cars don’t.  You can cruise all day long in ridiculous comfort (the massaging seats help), and if the mood ever strikes you to see, for example, how long it takes to go from 40 to 130 MPH…  it will happily and very quickly do it, without drama, and you’re nowhere near the top end.  This model is limited to 157 MPH, and it will easily do it.  It’s not going to be as cheap to own and operate as my F150, for example, but once it’s fully sorted out I don’t think it will be punitively bad, either.  You don’t own a car like this (or a Ferrari, or a McLaren, or a Bentley, or whatever) because it’s cheap.  

Props to Hulu.

We’ve caught up on all the Hulu shows we watch, no new ones for a couple of months. There is really nothing we need from them until the new season is available. Went to cancel my subscription, with the intent of re-starting in April or May. Hey — they let you “pause” your subscription for up to 12 weeks. Sweet!! Exactly what I needed to do. Thanks for anticipating our needs, guys.

Dumping Hulu

Hulu was more or less OK, but we’re switching to DirecTV Now. Same price, but they have AMC AND a program guide. How did I ever miss the fact that Hulu doesn’t carry AMC?? I have no idea, but that’s a deal breaker. And I got really freakimg tired of no program guide, and being forced to scroll through the crap networks we don’t EVER watch, every time I wanted to see what’s on.

DirecTV Now isn’t perfect but so far it beats Hulu for streaming live TV. We may pick up basic Hulu from time to time if we want to catch up on some of their series, but I’m not keeping them on the payroll any more.

Hulu Support contacted me via Twitter to say they do have a program guide. Let’s just say their idea of what qualifies as a program guide differs from mine. You can get a listing of what is on RIGHT NOW, and the next show on each channel. No indication of whether a show is new or a rerun. No time grid to see what’s on later. No way to filter the channel list other than very recently viewed channels, or scroll through all of them whether you want to or not. Don’t ever care what’s on BET, MTV, Cartoon Network or whatever? Too bad. Oh, and whatever you were watching is gone while you’re looking — no audio or background video, like with cable or DTV.

At this point we’re new to streaming our live TV, so my loyalty to any vendor is zero. We’ll switch until we find something we like, and if I find something better we’re gone.

The sad state of application programming

The Hulu app froze again yesterday and required a force stop. We had another episode of the house phones (the Panasonic DECT6.0 cordless set) not seeing the line from the Ooma, and the Ooma Telo box needed to be power cycled to fix it. I’ve had to power-cycle the Fire TV Cube a couple of times since I installed it a couple of weeks ago. It seems that the Fire TV Cube and the Ooma box will just need regular power cycles to keep them from hanging. This kind of stuff is becoming more and more common… apps are stable for a few hours or a few days, but past that your chances of things working as they should decline rapidly.

I think software development is really being taken over by people who are only marginally competent. You probably know the type. They’ve been to all the classes, got the degrees, can write the code, but really don’t understand how things work, and their code is functional only under ideal conditions. I work with these types daily. They’re unable to think about what happens when things don’t work exactly as they should. The typical conversation consist of me asking one of them what happens when X breaks, which results in a puzzled look. X isn’t supposed to break, you see, and if it does then X is at fault and should be fixed. Never occurs to them to allow for X breaking as a known possibility. Problem is, the guy who wrote X is also a marginally competent idiot, so in the end everything breaks and no one understands why.

We seem to be accepting this as the norm. I talk to people a generation younger than myself and either they are incredibly lucky, or I’m incredibly unlucky, or I’m the only one in the world that ever has an application misbehave. They seem to just accept it as normal and move on. A quick power cycle, a quick reboot, force stop and move on, whatever. As do I, but I do notice it. I can remember when applications being unstable was not unusual, but everyone understood that it was a problem and something to be fixed. Now it just seems that no one cares. OK, if we’re talking about some time sucking game, I don’t care either… but we’re not. We’re talking about systems that should be at least as reliable as what they replace, but turn out to be a pile of crap. I can’t count how many working hours are wasted on bad phone connections, twitchy chat sessions breaking, crappy remote meeting sessions, and slipshod work by people who should know better.

Cord cutting update

Well, we’ve been watching Amazon Prime and Hulu Live for a week now. We have not yet needed to switch back to cable, which is good. It has not been quite the seamless transition one would hope for, but it’s not a complete pain in the ass either. Compared to watching cable, it’s a lot more labor intensive. Lots of button pushing, menu navigating, and we seem to have a disruption of some sort on average at least once a night. Wrong video streams, app crashes, Fire TV reboots, etc. It may not be a deal breaker, but then again it may be. It certainly is a pain in the ass.

My short take on it is, this whole thing is great. Or it would be, if the apps were written by people who actually gave a damn whether things actually worked for more than a few hours at a time. I’ve started doing a power-on reset of my Ooma box once a week to keep it from wandering off the path of righteousness; it looks like the Fire TV Cube may need that once a day or so. Unfortunately, there is no way to force reboot either one remotely so it turns into me remembering to go unplug the stupid things.

Here’s the good, the bad, and the ugly so far…

The Good:

  • The shows we watch are automatically recorded, so we can watch them whenever we please.
  • Video and audio quality seem to be very good. I haven’t tried any lower quality settings to see how it impacts things.
  • So far, I don’t think we have found any of our shows that we can’t watch.

The Bad:

  • Navigation is just clunky, there’s no other way to describe it. There’s lots of button pushing, and you have to be careful of lag and slow response.
  • Different apps for different shows. Amazon Prime for Jack Ryan and a couple of others, Hulu for most things. Not a huge deal, but integration could certainly be better.
  • Data burn. We’re on a 1TB/month plan. We had been using 2-5 GB/day; now we’re hitting peaks of 25GB or more. Average seems to be around 15, which is still OK… but we’ll actually need to pay attention to our data usage, which is not ideal. Obviously streaming video is going to burn bandwidth; this was not unexpected.

The Ugly:

  • Alexa commands are a joke. Tell Alexa “Tune Discovery on Hulu”… no dice, Alexa says Hulu can’t find that channel. We use the remote for most everything.
  • The Hulu app is not what I would call stable. I have started force terminating it once a day, just to keep it from crashing at inopportune times.
  • The Fire TV Cube is also not what I would call stable. roughly every other night or so, it will just spontaneously crash and reboot in the middle of a show.
  • Hulu’s inexplicable and stupid lack of a program guide. It’s idiotic, there’s really no other way to describe it. Guys, you’re selling this as a LIVE TV service, why not act like it and put up a damned program guide?
  • Occasionally, our sound bar will simply power itself off in the middle of watching something. What turned it off? Why? No indication, it’s a mystery. And of course, that means you have to grab another damned remote… unless you tell Alexa to turn the sound bar on, which Alexa will, and then you lose the audio stream from the Hulu app.