Lyris User's Guide
[previous] [next] [contents]
Action Phrase Restrictions
Table of Contents
· Introduction
· Email Commands
· Web Interface for Users
· Server Administrator
· Site Administrator
· List Administrator
· Other Topics
· · Security Considerations
· · Security Issues Relating to Members
· · · Access to the list archives
· · · Access to the list of members
· · · Access to Subscribe to the Mailing List
· · · Steps to restrict false impersonations
· · · Security Features for Posting Messages
· · · · List admin posting
· · · · Admin Moderation
· · · · Number moderating
· · · · Allow Non-Member Posting
· · · · Action Phrase Restrictions
· · · · Password based posting
· · · · Banning members
· · · · Disallow Email Posting
· · · · Secure HTTP web interface
· · · · Lyris List Manager extensions
· · · · Confirmed subscriptions
· · · · Duplicate messages
· · · · Cross-posting
· · · · Maximum posts per member
· · · · Maximum quoting allowed
· · · · Maximum Messages Per Day
· · · · Limit the Message Size
· · · · Reject Email Attachments
· · · · Moderator auto-approval
· · · · Command detection
· · · · Anonymous Postings
· · · Access to unsubscribe and change settings
· · · Visibility of the existence of the mailing list
· · · Web Interface Access
· · · Overview of Lyris List Manager Posting Security
· · · Security Considerations of the From: field
· · · Security Recommendations for Announcement lists
· · · How Lyris List Manager Determines the Identity of the Person Posting
· · Lyris List Manager Mail Merge
· · The Lyris List Manager command line
· · Modifying lyris.plc
· Add-On Packages
· Installing and Upgrading
· Appendix
· Frequently Asked Questions

Action Phrase Restrictions

Action Phrases are a feature in Lyris List Manager that allow you to trigger various actions based on some text appearing in a message. You can look for a trigger phrase in the body of a message, in the headers, in the Subject:, the From:, etc.

Action phrases permit several kinds of security restrictions to be placed on postings. For example, you can use an action phrase to refuse if a message if:
1) Some particular text does not appear in a specific place in the message.
2) Some particular text does appear.

A few examples will help make this clearer.

Suppose that everyone in your company uses the Eudora Email program, which, incidentally inserts a "X-Mailer: Eudora" header in every message it sends. You can put an action phrase that automatically rejects any message not created with Eudora. Then, to hide the fact that "X-Mailer: Eudora" might be the trigger phrase, have the Lyris List Manager action phrase change the message to say "X-Mailer: Windows Eudora", so that it no longer matches.

This use of the action phrase feature allows you to reject all messages that do not have some secret phrase in them. If you want, you can create multiple action phrases to add several layers of checks. This sort of checking is very useful with announcement lists.

Action phrases also have the capability of sending a document back, so you can inform the attempted sender that their message was refused. You also have the option being notified when an action phrase triggers. This lets you monitor attempts to "hack" your system.

Another example: Suppose that you maintain a mailing list to discuss Apple computers and you are not interested in discussing Unix. You can set an action phrase to refuse any message that mentions "Unix". People often use this feature to bar inappropriate language on their discussion lists.

Action phrases are not restricted to postings. For example, they can also be put on an autoresponder. You could put your price list on an autoresponder, but require a password to get it. If the password is not in the email message, the action phrase triggers and sends a refusal message. If the password is present, the action phrase does not trigger and the price list is sent.

Some people use action phrases to disable Lyris List Manager server commands or to be notified of things that are suspicious. For example, some mailing list owners have had their lists "hacked" when they were using other list managers and like to be told if someone is trying to snoop through their list. Thus, they disallow the "review" command (which already does not provide the member list) and set themselves to be notified of any attempts to use this command.

Yet another use of action phrases is to only allow postings from certain domains -- for example, only people whose email addresses have the text "@yourcompany.com" in their From: address are allowed through.

Other pages which link to this page:
  • Security Features for Posting Messages
  • Page 417 of 629