10-10-2021 05:49 AM
Hi,
i am getting spam calls through my expressway-e
for example , the calls show it is coming from 1000@domain.com ,
and i don't have did 1000 in my cucm, How come they could call extension without a registring
How can i block this
events are below
Event="Search Attempted" Service="SIP" Src-alias-type="SIP" Src-alias="NoAuth@@domain.com" Dst-alias-type="SIP" Dst-alias="sip:7898@@domain.com" Call-serial-number="dff8b230-9f11-4e4a-b36a-f9f6ae482d4c" Tag="03cd0d25-75bb-49d0-88cb-79408e3e0d28" Detail="searchtype:INVITE" Level="1" "
Event="Call Attempted" Service="SIP" Src-ip="x.x.x.x" Src-port="46923" Src-alias-type="SIP" Src-alias="sip:NoAuth@domain.com" Dst-alias-type="SIP" Dst-alias="sip:7898@domain.com" Call-serial-number="dff8b230-9f11-4e4a-b36a-f9f6ae482d4c" Tag="03cd0d25-75bb-49d0-88cb-79408e3e0d28" Protocol="TLS" Auth="NO" Level="1"
Thanks
Solved! Go to Solution.
10-10-2021 08:41 AM - edited 10-11-2021 06:04 AM
Use CPL, either as configuration put into the web page or as a file to block these calls based on your policy.
As an example this is something similar to what we use on B2B E's.
<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<address-switch field="destination">
<address regex="<public IP of E 1>|<public IP of E 2>|<public IP of E 3>|<public IP of E 4>">
<address-switch field="originating-zone">
<address is="DefaultZone">
<!-- Calls coming from the DefaultZone zone are not allowed to use the IP of this gateway -->
<reject status="403" reason="Denied by policy"/>
</address>
</address-switch>
</address>
<otherwise>
<address-switch field="destination">
<address regex="(.*)<your domain>.com">
<address-switch field="unauthenticated-origin" subfield="host">
<address subdomain-of="webex.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="<domain to allow 1>.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="<domain to allow 2>.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="ciscotac.net">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="ciscospark.com">
<!-- Route the call -->
<proxy/>
</address>
<otherwise>
<!-- Reject Calls from All Other Sources -->
<reject status="403" reason="Denied by Policy"/>
</otherwise>
</address-switch>
</address>
</address-switch>
</otherwise>
</address-switch>
</taa:routed>
</cpl>
10-10-2021 08:41 AM - edited 10-11-2021 06:04 AM
Use CPL, either as configuration put into the web page or as a file to block these calls based on your policy.
As an example this is something similar to what we use on B2B E's.
<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<address-switch field="destination">
<address regex="<public IP of E 1>|<public IP of E 2>|<public IP of E 3>|<public IP of E 4>">
<address-switch field="originating-zone">
<address is="DefaultZone">
<!-- Calls coming from the DefaultZone zone are not allowed to use the IP of this gateway -->
<reject status="403" reason="Denied by policy"/>
</address>
</address-switch>
</address>
<otherwise>
<address-switch field="destination">
<address regex="(.*)<your domain>.com">
<address-switch field="unauthenticated-origin" subfield="host">
<address subdomain-of="webex.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="<domain to allow 1>.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="<domain to allow 2>.com">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="ciscotac.net">
<!-- Route the call -->
<proxy/>
</address>
<address subdomain-of="ciscospark.com">
<!-- Route the call -->
<proxy/>
</address>
<otherwise>
<!-- Reject Calls from All Other Sources -->
<reject status="403" reason="Denied by Policy"/>
</otherwise>
</address-switch>
</address>
</address-switch>
</otherwise>
</address-switch>
</taa:routed>
</cpl>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide