Right now I have a SIP trunk and all incoming calls come through that. But I’d also like to accept public internet calls destined to email@example.com. I have the SRV records set up appropriately. How can I safely do this? Examples appreciated Thank you
How can I get my asterisk server to accept public, incoming calls to user@domain?
I think the best way will be allowing only calls to @ValidDomains and ban those who call dialing @IPAddress (because they are probably friendly scanners).
And use TLS!
Thanks that makes sense. Would you have a sample config of what that might look like? I am a beginner
Basically you define an anonymous endpoint:
then write dialplan with an extension for user, which uses the CHANNEL function to obtain the domain part, and validate it. You make very sure that the context is incapable of making chargeable calls, including making sure that caller side transfer options are all turned off in Dial.
Although SIP is designed to work like this you should note that hardly anyone actually configures theirs this way. Most people would consider it an unacceptable security risk.
You will get large numbers of calls with the wrong user and domain.
Using TLS is only of value to the extent that most phone fraudsters don’t bother with it; certificates that validate against commonly trusted CAs are easy to obtain. On the other hand, your callers may find getting a certificate too much trouble, given that ad hoc point to point SIP is so rarely used.
Try what David suggested
1- Create a service to watch UDP 5060, filtering remote incoming INVITEs. Grab IP Address from those who not use your acceptable/allowed domain names in TO field and put a DROP role in iptables with these addresses (eternally).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.