Purge compromised reply-to IDs
Overview
If a reply to ID is being misused, we can delete that ID from the system while keeping the user's other valid IDs active.
In IBM Connections, users can reply to a forum post directly from an email notification about the post. When a forum topic is updated, a notification is sent out to people following the topic, and those people can reply to the topic by clicking a link in the notification. The notification has a ReplyToNotification ID, included in the reply email address, which is used to verify the content coming back in to the system when the user replies to the notification. We remove compromised IDs using NewsMaillinService commands. When users leave the organization, you can remove their reply-to IDs so they cannot update a forum by saving an ID, and responding to a forum post.
The ReplyToIdCleanup task runs weekly to purge the system of any reply-to ID records that are out of date, removing IDs are older than the interval specified by replyToIdLifetimeInDays. The expiry period is set to 365 days by default. The task ReplyToIdCleanup removes expired ReplyToNotification IDs, making user replys inoperable. Related reply-to IDs are removed as part of the clean-up task.
Reply-to IDs format...
id@connections.myco.com
id_mailin@connections.myco.comID can be prefix or a suffix...
c0c7e9bf-32d9-48a7-933c-74794479ebf3_replyto@connections.myco.com
replyto_c0c7e9bf-32d9-48a7-933c-74794479ebf3@connections.myco.com
Remove reply-to IDs from the system
Access News config file...
cd app_server_root/profiles/Dmgr01/bin
./wsadmin.sh -lang jython
execfile("newsAdmin.py")
...and execute...
- NewsMailinService.removeReplyToId("replyto address ID")
- Removes a single reply-to ID.
Parameter, which is a string that specifies the reply-to ID to delete.
For example:
NewsMailinService.removeReplyToId("c0c7e9bf-32d9-48a7-933c-74794479ebf3")
- NewsMailinService.removeReplyToIdsForUserExtId("user extId")
- Removes all the reply-to IDs for the user with the specified external ID.
Parameter, which is a string that specifies the external ID for the user whose reply-to IDs to delete.
For example:
NewsMailinService.removeReplyToIdsForUserExtId("91b3897d-b4f8-4d05-3621-50bcaa22d300")
- NewsMailinService.removeReplyToIdsForUserEmail("user email")
- Removes all the reply-to IDs for the user with the specified email address.
Parameter, which is a string that specifies the email address for the user whose reply-to IDs to delete.
For example:
NewsMailinService.removeReplyToIdsForUserEmail("mary_smith@myco.com")
Parent topic:
Administer the News repository
Related:
Configure database clean-up for the News repository
News administrative commands