I've noticed most scripts checking from and to parts are somewhat flawed. Eg:
# if sender claims to be in our domain in From header field.... if (search("(f|From): .*@mydomain.com)) { .... };
Looks ok right? Not really - I'll explain why.
I wanted my REGISTER request's host part to match my realm exactly to avoid uri==myself matching and then the above example not matching. A user could register @sipserver.mydomain.com and it would be accepted. They'd be from our domain but without a check. So I did this:
if (method=="REGISTER") { if (search("^To: .*@mydomain.com")) { authenticate } else { no thanks }
But, this can be spoofed by setting a name (eg in kphone) with a domain part. The To part of the sip register message will then look like this:
To: "Hello @mydomain.com" sip:2001@sipserver.mydomain.com
And it will match. Bummer. Use check_to (I hope the parsing of this field is accurate, I might take a look at the source!), or use a regexp like:
search("^To: .*sip:[^@]+@mydomain.com");
Hope that does it.
Conor.
_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/