Lyris User's Guide [previous] [next] [contents]

Admin Moderation Table of Contents · Introduction · Email Commands · Web Interface for Users · Server Administrator · Site Administrator · List Administrator · Other Topics · · Security Considerations · · Security Issues Relating to Members · · · Access to the list archives · · · Access to the list of members · · · Access to Subscribe to the Mailing List · · · Steps to restrict false impersonations · · · Security Features for Posting Messages · · · · List admin posting · · · · Admin Moderation · · · · Number moderating · · · · Allow Non-Member Posting · · · · Action Phrase Restrictions · · · · Password based posting · · · · Banning members · · · · Disallow Email Posting · · · · Secure HTTP web interface · · · · Lyris List Manager extensions · · · · Confirmed subscriptions · · · · Duplicate messages · · · · Cross-posting · · · · Maximum posts per member · · · · Maximum quoting allowed · · · · Maximum Messages Per Day · · · · Limit the Message Size · · · · Reject Email Attachments · · · · Moderator auto-approval · · · · Command detection · · · · Anonymous Postings · · · Access to unsubscribe and change settings · · · Visibility of the existence of the mailing list · · · Web Interface Access · · · Overview of Lyris List Manager Posting Security · · · Security Considerations of the From: field · · · Security Recommendations for Announcement lists · · · How Lyris List Manager Determines the Identity of the Person Posting · · Lyris List Manager Mail Merge · · The Lyris List Manager command line · · Modifying lyris.plc · Add-On Packages · Installing and Upgrading · Appendix · Frequently Asked Questions Admin Moderation All messages to be sent are stored in a "to be moderated" area and either must be approved from the web interface or by a list moderator, who receives a request-to-approve email message from Lyris List Manager for every posting. The message that the moderator sends back to must contain both the "message number" to approve the specific message, as well as the password which corresponds to that person's From: address. This is a fairly secure method of protecting your mailing list. The main way that a malicious person could break through this protection would be to have a "TCP/IP packet sniffer" on your TCP/IP connection (perhaps in your office network) and try to see the password that you have. Then, the person could theoretically use your password to approve future messages. If you are concerned about this type of security attack, you can take some simple steps to prevent it. First, set your list up to not send moderator notification messages (no member set to "receive moderation notifications"). Then, when a message needs to be approved use the web interface to approve it. For additional security, use a web server that supports Secure-HTTP, so that the web interface communication is entirely encrypted and cannot be "sniffed".

Other pages which link to this page: Security Features for Posting Messages

Page 414 of 629