Hi,

I'm setting up ser so that unregistered users can't make any calls to anybody. I have configured to allow all other domains to make a call to my local users. But when my local user that is unregistered it can still make calls to other local users. How would I do to block him totally?

here is my ser.cfg:

debug=3
fork=yes
log_stderror=yes

listen=202.84.24.107
port=5060
children=4

dns=no
rev_dns=no

fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"

alias=sip.philonline.com

#load module part

loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/permissions.so"

#module parameter setup

modparam("rr", "enable_full_lr", 1)
modparam("auth_db|uri_db|usrloc|domain|permissions", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)

modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)

modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy.sock")
modparam("mediaproxy", "sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
modparam("mediaproxy", "rtp_asymmetrics", "/usr/local/etc/ser/rtp-clients")
modparam("registrar", "nat_flag", 6)

modparam("acc", "log_level", 2)
modparam("acc", "log_fmt", "cdfimorstup")
modparam("acc", "report_ack", 1)
#modparam("acc", "failed_transactions", 1)
modparam("acc", "log_flag", 1)
#modparam("acc", "report_cancels", 1)
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3)
modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser")

modparam("uri_db", "uri_table", "uri")
modparam("uri_db", "uri_user_column", "username")
modparam("uri_db", "uri_domain_column", "domain")

modparam("domain", "db_mode", 1)
modparam("domain", "domain_table", "domain")
modparam("domain", "domain_col", "domain")

modparam("permissions", "default_allow_file", "/usr/local/etc/ser/allow.permissions")
modparam("permissions", "default_deny_file", "/usr/local/etc/ser/deny.permissions")

#our routing logic

route {

if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too many hops");
break;
};

if (msg:len > max_len) {
sl_send_reply("513", "Message overflow");
break;
};

###record route####

if (method=="INVITE" && client_nat_test("3")) {
record_route_preset("202.84.24.107:5060;nat=yes");
} else if (method!="REGISTER") {
record_route();
};

###call tear down section###
if (method=="BYE" || method=="CANCEL") {
end_media_session();
};

###accounting###

if ((!has_totag() && (method=="INVITE" || method=="ACK")) || (method=="BYE")) {
setflag(1);
};

###loose route###

if (loose_route()) {

if (has_totag() && (method=="INVITE" || method=="ACK")) {
if (client_nat_test("3") || search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy();
};
};

route(1);
break;
};

###call type processing###

if (uri!=myself) {
route(1);
break;
};

if (uri==myself) {

if (method=="CANCEL") {
route(3);
break;
} else if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};

lookup("aliases");
if (uri!=myself) {
route(1);
break;
};

if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};

route(1);
}

##Default message handler##
route[1] {

t_on_reply("1");

if (!t_relay()) {

if (method=="INVITE" || method=="ACK") {
end_media_session();
};

sl_reply_error();
};
}

##Register message handler##
route[2] {

sl_send_reply("100", "Trying");

if (!search("^Contact:\ +\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register();
force_rport();
};

if (!www_authorize("sip.philonline.com","subscriber")) {
www_challenge("sip.philonline.com","0");
break;
};

if (!check_to()) {
sl_send_reply("401", "You are Unauthorized");
break;
};

consume_credentials();

if (!save("location")) {
sl_reply_error();
};
}

##INVITE message Handler##
route[3]
{

if (client_nat_test("3")) {
setflag(7);
force_rport();
fix_nated_contact();
};

if (!search("To: .*@sip.philonline.com")) {

if (!proxy_authorize("","subscriber")) {
proxy_challenge("", "0");
break;
};

if (!check_from() && method=="INVITE") {
sl_send_reply("403", "User From=ID");
break;
};

};

lookup("aliases");
if (uri!=myself) {
route(1);
break;
};

if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};

if (method=="CANCEL") {
route(1);
break;
};

consume_credentials();

if (isflagset(6) || isflagset(7)) {
use_media_proxy();
};

route(1);
}

onreply_route[1] {

if (isflagset(6) || isflagset(7) && (status=~"(180)|(183)|2[0-9][0-9]")) {

if (!search("^Content-Length:\ +0")) {
use_media_proxy();
};
};

if (client_nat_test("1")) {
fix_nated_contact();
};

}

Thanks,
--ryan

Ryan Pagquil
Infodyne Inc. (www.philonline.com)
Tel. (632)-6870715