I have configured sipXproxy and have a remote user registered with sipXecs. I noticed sipXecs is not authenticating the INVITE or a call setup with a 407 Proxy Authentication Required, if the calling party user name is not registered/located with sipXecs user database.So, any unauthorized users could call to my internal phones, which I think is a severe security issue. I am using the dev release 3.11.9, is this issue fixed in 3.11.11? Also, can some one please explain me how sipXecs sends an 407 when it receives an INVITE. I mean, does it check whether the user name in the from-uri matches the user name in the DB, does it check whether the caller is from the same domain before sending the 407??. What if the user name is not found in the user DB?
Thanks Arjun _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
