As noted earlier, the email to fax gateway is universally available. The mail protocol has been designed to go through. Unless one pays attention, any mail to fax gateway is reachable from anywhere in the world.
To make matters worse, this is generally just what most people need. To cope with that, the linuxconf email to fax gateway supports various schemes to limit access to this facility. Here they are:
Whenever a mail message goes through a mail gateway, a new line is added in the envelope of the mail. This line tell us which gateway managed the message and when each received it.
By counting the number of "Received" lines in the envelope, the fax gateway can tell if the mail originated from the local network or not. Linuxconf proposes this as a strategy to differentiate between faxes from the inside and faxes coming from the Internet.
Be aware that this is not 100% foolproof. If the email to fax gateway is
visible from the Internet, anyone can telnet to it and inject a
message in it. This will look like a local fax. To make sure the concept
of "local faxes" is meaningful, you need some firewalling mechanism
which isolates the fax gateway from the Internet. Then, the only way to
reach it from outside would be to use at least another mail
gateway. This would be detected as a non-local fax.
The email to fax gateway is not always the mail server of the organization. However, it is simpler if it is.
If this is the case, the following solution may be used:
You can define a list of users who can fax to various locations. A user is identified by his email address. You can also enter his PGP public signature. With this, the email to fax gateway will be able to certify that a fax message really came from the fax user.
You can selectively tell if PGP signatures are needed for different fax destinations.