Lyris User's Guide
[previous] [next] [contents]
Admin Moderation
Table of Contents
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
List admin posting
Admin Moderation
Number moderating
Allow Non-Member Posting
Action Phrase Restrictions
Password based posting
Banning members
Disallow Email Posting
Secure HTTP web interface
Lyris extensions
Confirmed subscriptions
Duplicate messages
Maximum posts per member
Maximum quoting allowed
Maximum Messages Per Day
Limit the Message Size
Reject Email Attachments
Moderator auto-approval
Command detection
Anonymous Postings
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Frequently Asked Questions

Admin Moderation

All messages to be sent are stored in a "to be moderated" area, and either must be approved from the web interface, or by a list moderator, who receives a request-to-approve email message from Lyris for every posting. The message that the moderator sends back to Lyris must contain both the "message number" to approve the specific message, as well as the password which corresponds to that person's From: address.

This is a fairly secure method of protecting your mailing list. The main way that a malicious person could break through this protection would be to have a "TCP/IP packet sniffer" on your TCP/IP connection (perhaps in your office network) and try to see the password that you have. Then, the person could theoretically use your password to approve future messages.

If you are concerned about this type of security attack, you can take some simple steps to prevent it. First, set your list up to not send moderator notification messages (no member set to "receive moderation notifications"). Then, when a message needs to be approved, use the Lyris web interface to approve it. For additional security, use a web server that supports Secure-HTTP, so that the Lyris web interface communication is entirely encrypted, and cannot be "sniffed".

Other pages which link to this page:
  • Security Features for Posting Messages
  • Page 372 of 556