[Serusers] Checking spoofed From headers

[Juha Heinanen]

sip writes:

 > Am I going to have to do a search("^From:.*@my.domain.com")) and then
 > proxy_authorise and check from... essentially only authenticating users who
 > claim to be from my system? 

there is even a function to check if from host is local to your proxy.

 > I'll give it a shot. Seems kind of backward, though.

another option is to use pki certificates that both UAs can verify, but
i haven't seen those implemented in UAs.

-- juha