Lyris User's Guide
[previous] [next] [contents]
Password based posting
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
List admin posting
Admin Moderation
Number moderating
Allow Non-Member Posting
Action Phrase Restrictions
Password based posting
Banning members
Disallow Email Posting
Secure HTTP web interface
Lyris extensions
Confirmed subscriptions
Duplicate messages
Cross-posting
Maximum posts per member
Maximum quoting allowed
Maximum Messages Per Day
Limit the Message Size
Reject Email Attachments
Moderator auto-approval
Command detection
Anonymous Postings
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Password based posting

Using this feature, the submitter's password must be included somewhere in the body of the message posting, and is automatically removed by Lyris.

You can use this feature to protect announcement lists, and to authenticate postings on a discussion list.

The way this feature works is by identifying the member of the mailing list who is posting, looking up that person's personal password, and then checking for that password. If the password exists in the body of the message, it is removed, and the posting is allowed. If it does not appear, the message is refused with a helpful message.

This feature is very useful in a discussion list situation where strong positive authentication is needed. Because the From: address of email messages can be easily forged, in a discussion list it is possible for someone to impersonate another member, and send a posting to the mailing list as if they were that person. This feature prevents this possible abuse.

Because each member has their own password, they must include it in the body of their messages to the discussion list. They can change their password at will, by using email commands or the Lyris web interface.

The list administrator has the option of requiring all postings to have a password. In this case, every member must assign themselves a password in order to post.

The list administrator also has the option of only requiring members with passwords to include their password. This allows the members on the mailing list who are worried about impersonation to use password-based posting, and for those unconcerned by the risk, to avoid the need to include their password.

Lyris also has the capability of requiring members to have passwords. This is a list administrator setting, and means that with web-based subscriptions, the subscriber must define a password, and with email subscriptions, Lyris assigns the subscriber an easy to remember adjective-noun password, and emails it to them. In this way, if you want absolute posting authentication, you can require a password in all postings, and also have Lyris require every member to have a password.

Other pages which link to this page:
  • Security Features for Posting Messages
  • Page 376 of 556