Lyris User's Guide
[previous] [next] [contents]
Replace With
Table of Contents
Lyris Email Commands
Web Interface for Users
Server Administrator
Overview of Server Administrator
Server Admin Menu
Sites Menu
Server Config
Server Documents
Server Action Phrases
First Action Phrase Page
Create Phrase
Response Document
Replace With
Run a program before Phrase
Run a program after Phrase
Notify Who of Action Phrase
First Auto-Responder Page
Create Auto-Responder
Server People
Incoming Mail
Outgoing Mail
Server Admin Log
Shutdown Server
Site Administrator
List Administrator
Other Topics
Add-On Packages
Installing and Upgrading
Frequently Asked Questions

Replace With

(optional) Replace any matched text with this text.

This option is extremely useful for announcements lists, as it can be used to provide transparent posting security, so that only you are allowed to send to your mailing list, with 100% security, no-one else is able to, and you do not have to do anything special once it is set up.

For example, you can create an action phrase which refuses any postings that do not have your signature line in them, and which changes your signature in a subtle way, perhaps changing a comma to a semicolon, so that the action phrase which allows posts is no longer present..

Or, if you are using a particular version of a mail program, which adds its own header to every message (example: "X-Mailer: MS Mail 3.412") you can set your list up to refuse any message that doesn't have a particular characteristic. Another use is to require a certain password to be included in every posting, and all postings without that password are rejected.

If you do not use the "Replace With" feature, then the key phrase, which allowed the message to go through, is visible in your postings. Thus, it is possible that someone would take your example message, change a few things, and attempt to forge the message as if it came from you. Because the key phrase is visible in the posted message, someone can exploit this. This is unlikely, but it is possible. There are some malfunctioning mail server programs which take locally undeliverable mail and return it in such a way that it looks exactly like the original post Lyris almost always catches this problem (because they have headers in them that Lyris added to catch this), but the same technique is possible by someone who is dishonest.

The "Replace With" feature allows you to change (or erase) the key phrase which allowed your message to be posted. Say, for example, that you set your action phrase to refuse all postings which do not contain "X-Mailer: MS Mail 3.412" in their header. Messages that are accepted should change this key phrase to have a slight difference, say: "X-Mailer: MS Mail 3.413". There is no way for others to know that the "2" changed to a "3", and hence no way for them to bypass your security.

Other headers can be used as well. For example, have the action phrase be a particular "Received" header, which indicates from where the message came from. Set your action phrase to look for a Received: header that only your internal network would generate, set your action phrase to refuse messages which do not have this Received: line, and then slightly alter the Received: line so that others do not know what the key is to get in.

This feature can also be used to implement password based posting, which means that any contribution which does not have the posting password is refused. For example, set your action phrase to refuse any posting which does not contain the word "open sesame", then set the action phrase to Replace With a space (" "), thus erasing the password.

Other pages which link to this page:
  • Create Phrase
  • New in Version 2.5
  • Page 162 of 556