Whitelisting Incoming Calls on Asterisk

For some reason, this is a topic that I couldn't seem to find a simple HOWTO online for, so I had to create my own.

I ran into a situation where I have a large number of auto-answering intercom boxes connected to an Asterisk system. The intercoms are programmed to pick up immediately upon ringing, allowing the caller to communicate with the room's occupant without any action taken by the occupant. These intercom lines are assigned a DID number from the outside world in a large metro area. See the problem? The occupants were getting a number of calls from locals whom had dialed the wrong number. Sometimes the caller wouldn't hear a response, so they'd call back repeatedly, to the irritation of the occupant. For our scenario, blacklisting wasn't a good option. In metro areas, misdialed numbers are common, and rarely from the same person. I needed to only allow a handful (~20-50) of callers that we knew would be calling the intercoms legitimately. Furthermore, it would be useful to have a notice played for a blocked caller to that they knew either to not try calling again, or to contact us to whitelist the number.

Here are the rules I used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:

; Only allows calls from numbers in the whitelist DB
[macro-inbound-whitelist]
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1)
exten => s,2,Dial(${ARG1})

Then, if you don't have a blacklisted context already, create one:

[blacklisted]
exten => s,1,Playback(not-taking-your-call)
exten => s,3,Hangup

Next, change your inbound call config to use the inbound-whitelist macro:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
exten => 5551234567,2,Hangup

Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.

Now add your number to the whitelist:

asterisk -r
database put whitelist 5551230000 1

And do another test call.

One last word of warning. I did once run into a condition where our telco provider abruptly stopped sending caller ID through our PRI. When this happens, ALL calls show up as null/blank calling numbers. In these instances, ALL calls to your whitelist-protected extensions will be blocked (at least from outside). To temporarily disable whitelisting until the problem is resolved, simply comment out the "exten => s,1,GotoIf ..." line and reload asterisk.

Hopefully this saved someone else out there some time.

UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:

exten => s,1,GotoIf($[ ${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | ${DB_EXISTS(whitelist-support/${CALLERID(num)})} ]?:blacklisted,s,1)

Also with this option, I can treat the whitelist name as an argument in my macro call:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)

In this case, the whitelist DB would be named "whitelist-customername".

5 thoughts on “Whitelisting Incoming Calls on Asterisk”

  1. hi,
    I followed the above procedure adding the macros in extensions.conf file but its not working
    can you please tell me what the following code represents
    "exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
    exten => 5551234567,2,Hangup" what should be entered instead of 5551234567
    please guide me as i am having same scenario to be implemented.
    Thanks in Advance.

  2. 5551234567 represents the extension or DID of the number you wish to implement whitelisting on. It says "when a call comes in within this context destined for 5551234567, process the call using the incoming-whitelist macro, and send the call to the SIP account 123"

  3. Thanks for your reply, working like a charm
    Can it be possible to retrieve or add whitelist numbers through mysql database.
    I want to whitelist around 300k no. will asterisk will be sable for this count.
    Thanks in Advance

  4. MySQL integration should be possible, though I've personally never had to implement it. Here's something to help you get started: http://www.voip-info.org/wiki/view/Asterisk+cmd+MYSQL

    One thing I might be concerned with in your situation is the number of calls that are processed within a given timeframe, as the MySQL integration method there shows a connection being created for each call. Setting up and tearing down those connections with high frequency could lead to excessive server resource utilization and/or lag in processing your calls. There may be an better, alternative method of forming a single persistent MySQL connection that handles all queries for the Asterisk daemon.

  5. Thanks for your reply. I am using elastix for this requirement. I tried in /etc/asterisk/extensions_additional.conf changed macro app-blacklist-check] i changed exten => s,1(check),GotoIf($["${BLACKLIST()}"="1"]?:blacklisted)using your logic to blacklist all calls and for whitelisting using freePBX Gui blacklist entered a no. and tested. I reached my scenario but as blacklist app use AstDb, think this is not a good idea for large count of no.'s and importing of all those no. into AstDb is also difficult. Can you please suggest me for this requirement. Right now I am using a 4GB Ram and Xeon processor server for 300k blacklisted no. in mysql, will this effect my call call quality.
    Thanks in Advance MuchTall.