Lyris User's Guide
[previous] [next] [contents]
Password based posting
Table of Contents
· Introduction
· Email Commands
· Web Interface for Users
· Server Administrator
· Site Administrator
· List Administrator
· Other Topics
· · Security Considerations
· · Security Issues Relating to Members
· · · Access to the list archives
· · · Access to the list of members
· · · Access to Subscribe to the Mailing List
· · · Steps to restrict false impersonations
· · · Security Features for Posting Messages
· · · · List admin posting
· · · · Admin Moderation
· · · · Number moderating
· · · · Allow Non-Member Posting
· · · · Action Phrase Restrictions
· · · · Password based posting
· · · · Banning members
· · · · Disallow Email Posting
· · · · Secure HTTP web interface
· · · · Lyris List Manager extensions
· · · · Confirmed subscriptions
· · · · Duplicate messages
· · · · Cross-posting
· · · · Maximum posts per member
· · · · Maximum quoting allowed
· · · · Maximum Messages Per Day
· · · · Limit the Message Size
· · · · Reject Email Attachments
· · · · Moderator auto-approval
· · · · Command detection
· · · · Anonymous Postings
· · · Access to unsubscribe and change settings
· · · Visibility of the existence of the mailing list
· · · Web Interface Access
· · · Overview of Lyris List Manager Posting Security
· · · Security Considerations of the From: field
· · · Security Recommendations for Announcement lists
· · · How Lyris List Manager Determines the Identity of the Person Posting
· · Lyris List Manager Mail Merge
· · The Lyris List Manager command line
· · Modifying lyris.plc
· Add-On Packages
· Installing and Upgrading
· Appendix
· Frequently Asked Questions

Password based posting

Using this feature, the submitter's password must be included somewhere in the body of the message posting and is automatically removed by Lyris List Manager.

You can use this feature to protect announcement lists and to authenticate postings on a discussion list.

The way this feature works is by identifying the member of the mailing list who is posting, looking up that person's personal password and then checking for that password. If the password exists in the body of the message, it is removed, and the posting is allowed. If it does not appear, the message is refused with a helpful message.

This feature is very useful in a discussion list situation where strong positive authentication is needed. Because the From: address of email messages can be easily forged, in a discussion list, it is possible for someone to impersonate another member and send a posting to the mailing list as if they were that person. This feature prevents this possible abuse.

Because each member has their own password, they must include it in the body of their messages to the discussion list. They can change their password at will, by using email commands or the web interface.

The list administrator has the option of requiring all postings to have a password. In this case, every member must assign themselves a password in order to post.

The list administrator also has the option of only requiring members with passwords to include their password. This allows the members on the mailing list who are worried about impersonation to use password-based posting and for those unconcerned by the risk, to avoid the need to include their password.

Lyris List Manager also has the capability of requiring members to have passwords. This is a list administrator setting that means with web-based subscriptions, the subscriber must define a password. With email subscriptions, Lyris List Manager assigns the subscriber an easy way to remember adjective-noun password and emails it to them. In this way, if you want absolute posting authentication, you can require a password in all postings and also have Lyris List Manager require every member to have a password.

Other pages which link to this page:
  • Security Features for Posting Messages
    		• Page 418 of 629