I use Kamailio 5.3.1 with rtpengine to offer an siptrunk endpoint for my customers. 

I observe that someone of them use tls to encrypt signaling but forgotten to encrypt rtp. 

I want to reject this invites. 

Are there any hints how to do this? 

Thought about reading the sdp and search for a=crypto line and if not send reply with (what code ever will be good for that). 

Cheers

Karsten