Lyris User's Guide
[previous] [next] [contents]
Disallow Email Posting
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
List admin posting
Admin Moderation
Number moderating
Allow Non-Member Posting
Action Phrase Restrictions
Password based posting
Banning members
Disallow Email Posting
Secure HTTP web interface
Lyris extensions
Confirmed subscriptions
Duplicate messages
Cross-posting
Maximum posts per member
Maximum quoting allowed
Maximum Messages Per Day
Limit the Message Size
Reject Email Attachments
Moderator auto-approval
Command detection
Anonymous Postings
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Disallow Email Posting

A mailing list can be set to disallow all email posting, and require all postings to be contributed through the web interface. This allows you to get rid of all the authentication issues that accompany email, and is considered very secure.

Some sites put the Lyris web interface on a web server behind a firewall, where no-one from the outside can reach it. In addition, most web servers have password-based security access features, and the entire Lyris web interface be protected with this password.

Optionally, if you want outsiders to have access to the web interface, you can place a copy of the Lyris web interface program on a publicly available web server, but with features removed from it, so they cannot abuse the script, no matter what. Because the Perl source code to the Lyris web interface is included with Lyris, it is very easy to remove features such as "create a message" and "read messages" from the Lyris web interface. Some of our most security conscious customers, such as banks, use this technique.

Other pages which link to this page:
  • Security Features for Posting Messages
  • Page 378 of 556