Hi,<div><br></div><div>Am having a problem with someone trying to use my opensips to relay calls. Below is a snippet of my log file</div><div><br></div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_msg: SIP Request:</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_msg: method: <REGISTER></div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_msg: uri: <sip:<a href="http://sip.persiantools.com">sip.persiantools.com</a>></div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_msg: version: <SIP/2.0></div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: flags=2</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK29073721>; state=6</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_via: end of header reached, state=5</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: via found, flags=2</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: this is the first via</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:receive_msg: After parse_msg...</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:receive_msg: preparing to run routing scripts...</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: flags=100</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_to: end of header reached, state=10</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_to: display={}, ruri={<a href="mailto:sip%3A49102@sip.persiantools.com">sip:49102@sip.persiantools.com</a>}</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:get_hdr_field: <To> [34]; uri=[<a href="mailto:sip%3A49102@sip.persiantools.com">sip:49102@sip.persiantools.com</a>]</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:get_hdr_field: to body [<<a href="mailto:sip%3A49102@sip.persiantools.com">sip:49102@sip.persiantools.com</a>></div>
<div> ]</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:get_hdr_field: cseq <CSeq>: <22695> <REGISTER></div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:maxfwd:is_maxfwd_present: value = 70</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:uri:has_totag: no totag</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: flags=78</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:tm:t_lookup_request: start searching: hash=51210, isACK=0</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:tm:matching_3261: RFC3261 transaction matching failed</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:tm:t_lookup_request: no transaction found</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:parse_headers: flags=200</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:get_hdr_field: content_length=0</div><div>
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:get_hdr_field: found end of header</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:rr:find_first_route: No Route headers found</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:rr:loose_route: There is no Route HF</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:grep_sock_info: checking if host==us: 20==13 && [<a href="http://sip.persiantools.com">sip.persiantools.com</a>] == [72.55.133$</div>
<div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:grep_sock_info: checking if port 5060 matches port 5060</div><div>Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]: DBG:core:check_self: host != me</div>
<div><br></div><div><br></div><div><br></div><div>As you can see am getting Register requests from <a href="mailto:sip%3A49102@sip.persiantools.com">sip:49102@sip.persiantools.com</a>. What I wanted to know, how do I block all requests from <a href="http://sip.persiantools.com">sip.persiantools.com</a>? Do I use the userblacklist module? I tried doing that but my problem is that the database entry requires a prefix, since I want to block all requests from that specific domain how do I go around it? Or conversely how do I make a configuration that only allows requests from a specific domain? Any help would be highly appreaciated.</div>
<div><br></div><div>regards,</div><div>James</div><div><br></div><div>. </div>