The Server Support team is tasked with providing key services for the OSU campus community.
Active Directory (AD) is a directory service that holds user accounts, computer accounts and groups, and stores security information for those objects. The servers that store the directory information and respond to authentication and directory lookup requests are called domain controllers. Global Catalog servers are special directory servers that contain a subset of information for every object in the forest.
Network Engineering maintains the forest root for the Oregonstate.edu AD forest. In addition, Network Engineering is responsible for the following:
Note: If circumstances arise which affect the overall health of the Active Directory forest and Network Engineering cannot reach the DCA responsible for a system, Network Engineering may log in to Domain Controllers and make necessary changes; we will notify DCAs immediately afterward in such cases.
In order to keep our AD forest as robust and reliable as possible, and to decrease replication traffic, we would like to minimize the number of domains in the Oregonstate.edu forest. Network Engineering will only consider requests for new domains when the following are true:
Information Services provides access to the FS_Mail domain for groups who wish to use Microsoft Exchange but do not maintain their own Active Directory domain. There is no charge for FS_Mail accounts. Each department has access to their own Organizational Unit (OU), and permissions are delegated to the Departmental Computing Administrator (DCA).
Departments interested in using the FS_Mail domain should contact us.
There are currently two directories on campus:
These two directories contain much of the same information, but they are not identical.
The OSU Online Directory currently contains records for everyone that has an ONID account (anyone officially associated with OSU). The OSU Online Directory is meant to be public and gets information from OSU's student and human resources system (Banner). Because the information in the Online Directory comes straight from Banner, it is generally very accurate.
The Exchange Global Address Book is a private directory visible only by people with accounts in OSU's Active Directory forest (Exchange users and all ONID users). It contains all the information from the OSU Online Directory (because ONID accounts are listed in it as well), plus a large number of Exchange accounts. All of the non-ONID information in Exchange is manually entered in a somewhat inconsistent way. This means that sometimes it is more accurate and sometimes it is less accurate than the Online Directory.
We are doing our best to bring these two directories closer together over time.
This directory requires no authentication, and is very easy to configure. See the ONID documentation for more information.
If you are using Outlook in MAPI mode (this is how most users on campus use Outlook), you can automatically view the Global Address Book by clicking on the Address Book icon. There is no special configuration required.
If you are using a different email client, or Outlook in POP or IMAP mode, you will need to add the Global Address Book as an LDAP server in your client's settings. Please note the following caveats if you choose to use this directory via LDAP:
To add the GAL to your Outlook 2007/2003 client first go to the Control panel. From the Control Panel double click on the Mail icon, click Show Profiles, select the profile you want to add the GAL to. Now with your profile selected click on Properties, E-mail Accounts, Address Book tab, New, LDAP, and put in the information below.
The settings needed to connect to the Global Address Book are as follows:
Where "domain\username" is an Active Directory domain and username.
Having trouble? Try setting your search base to dc=oregonstate,dc=edu
Information Services is responsible for the management of the campus-wide email infrastructure. We provide mail relaying, spam and virus filtering, Microsoft Exchange mailboxes, mailing lists, and more.
We provide a fee-based mailbox-hosting service to approximately 4,500 users campus-wide. We do not provide account administration; that task is delegated to the Department Computer Administrator (DCA) for the department. If your department does not have a DCA to manage account and mailbox administration and support, you should consider using the Community Network service.
Billing and technical information can be found on our Microsoft Exchange Mailbox Hosting page.
Exchange Online Archiving is an email storage option that has been implemented for Exchange accounts allowing messages to be quickly and easily archived to simplify mailbox quota management. This solution utilizes server-side storage that works in a similar manner to the traditional Personal Folders (PST) files most of us are used to. The advantage with this approach is that the archive is backed-up nightly, can have messages moved into it automatically, and is available within Webmail so it can be accessed from off campus. Information and instructions for using Exchange Online Archiving.
This newly enabled feature on the Exchange servers gives individuals the ability to publish their calendar online. Once enabled people can see your current appointments via the web. This can be useful if you have a need for individuals on campus, off campus, or even people outside of the university to view your calendar. Learn how to publish your Exchange calendar online.
We host email lists for discussion, classes, information distribution, or any other use, so long as the purpose of the list is for OSU-related business. Additional information and list administration (such as creating and managing your lists) is available at lists.oregonstate.edu.
The campus mail relays handle most of the email coming into and leaving campus. The relays run Debian GNU/Linux with Postfix as the mail transport agent. These servers do spam and virus detection with a host of utilities including several RBLs, Amavis, SpamAssassin and ClamAV. These services are provided free of charge to all departments at OSU.
The maximum size limit for a message sent through the campus mail relays is 100Mb.
Any machine on campus that needs to send mail can use the host mail.oregonstate.edu as its outbound SMTP relay.
Hosts off-campus can also use mail.oregonstate.edu, but ONID authentication with SSL/TLS is required. The following email clients are known to support smtp auth: Outlook, Outlook Express, Eudora, Thunderbird and Mail.app. For more information on configuring email clients, please see the Helpdocs site.
Mail servers on campus should route outbound mail through smtp.oregonstate.edu instead of mail.oregonstate.edu. We try to divide up our traffic so that spam or virus mail inadvertently sent from workstations doesn't cause our production mail servers to be blacklisted. Please don't use smtp.oregonstate.edu to relay mail from regular workstations.
Note: the smtp.oregonstate.edu servers are inaccessible from off-campus. This allows us to handle on-campus and off-campus mail differently.
Most inbound mail for campus passes through the relay.oregonstate.edu servers. If you would like to point an MX at relay.oregonstate.edu, please contact Network Engineering so that we can configure the necessary transport records.
If you would like to configure a host to accept mail only from the campus mail servers, please allow the following IPs:
The diagram below shows how mail flows at OSU. Click on the diagram to see the full-sized image.
Note that emails from authenticated clients, on-campus clients, and OSU mail servers are only subject to anti-virus scanning. In contrast, messages from the Internet (cloud with angry eyes in the diagram) are subject to many more checks including RBLs, greylisting and SpamAssassin tagging.
When email messages leave the OSU network destined for the Internet, they are subject to anti-virus scanning, but are not otherwise hindered.
The "Client Rules" on the top-right of the picture show that email can also be filtered by the recipient.
Network Engineering uses several tools to help keep spam from reaching your mailbox.
OSU implemented greylisting at the campus mail relays on October 30, 2007. At that time, statistics showed that greylisting reduced by over half the amount of spam that arrives in OSU email accounts.
Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queueing the message and resending later. (Resend times vary, but 15-30 minutes is typical.) On subsequent attempts to send a message, the greylisting server allows the message to be delivered.
Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.
The downside of greylisting is that it may cause a legitimate message to be delayed (typically for about 30 minutes, although this depends on the configuration at the sending server). Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. This will only happen the first time that a new sender tries to send to a new recipient.
Sites that have implemented greylisting address these issues by building up a comprehensive whitelist. That is the approach we are taking as well. We have already whitelisted several sites that OSU communicates with on a daily basis. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.
NOTE: Greylisting does not apply to email sent within OSU.
An RBL is a list of hosts that are known spammers or open relays (misconfigured mail servers). When we receive email from one of these sites, we bounce the message back to the sender explaining that they are in an RBL and providing directions to get delisted from it. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISPs mail server rather than sending directly to us (a trick often used by spammers).
We use the following RBLs at OSU:
If you are having trouble receiving mail from another site because they are listed in one of these RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get delisted - we may be able to help them get delisted, or simply add them to the allow list.
In addition to RBLs and greylisting, we maintain a custom block list for OSU. When we receive complaints about senders or hosts on the Internet spamming OSU addresses, we put in a static block for that site. Sometimes the block is a sender address (such as firstname.lastname@example.org), or an IP address. In some cases we will block an entire domain name (e.g. everything @foo.com) or a block of IP addresses that seem to be in use by spammers.
We treat messages that are detected as phish the same way that we treat virus emails: they are discarded at the mail relays. In addition, we block the reply-to address on phishing emails so that if anyone at OSU tries to reply to a phish, their message will not go to the phisher. Users who have responded to a phish with their username and password will typically have their OSU account disabled, and will be asked to change their password.
Despite our best efforts, some phishing emails still make it through. Please never send your password in email, and be careful with your personally identifiable information such as credit card numbers and social security number.
All messages coming into OSU from the Internet are tagged with SpamAssassin headers. These headers indicate the likelihood that a given message is spam. You can use these headers to filter mail that is likely spam into a junk folder. For more information, see the SpamAssassin page.
Network Engineering provides a fee-based Microsoft Exchange mailbox hosting service to approximately 4,500 users campus-wide. This service includes:
Permissions are delegated to the Department Computer Administrator (DCA), who is responsible for all account and mailbox administration and user support. DCAs have access to a full-time Exchange support person for help with everything from configuring clients to troubleshooting mail delivery problems.
We charge $2 per mailbox/month for mailboxes set to the default "prohibit send" limit. Current default limits are:
Mailboxes set to a higher quota are billed an additional $2 per 500,000KB increment of the default "prohibit send" limit, e.g. a 1GB mailbox costs $4/month, a 1.5GB mailbox costs $6/month, and so on.
Resource mailboxes with a quota of 100MB are free.
We also provide access to the FS_Mail domain for groups who wish to use Exchange but do not maintain their own Active Directory domain. There is no charge for FS_Mail accounts.
Please note: Network Engineering does not provide account administration - that task is delegated to the DCA for the department. If your department does not have a person to manage account and mailbox administration and support, you should consider using the Community Network service.
Excepting College of Business courses (see below), every course at OSU now has its own Exchange email address. These class addresses are actually email 'groups' and contain the ONID email address of every student in the course. An instructor can quickly and easily contact everyone currently enrolled in the class by sending an email to the course address and adding new members to the group.
On the first day of each term the email groups are automatically created from course lists in Banner. Instructors are automatically given permission to send and receive group email. By default, instructors are only allowed to send group email from their ONID email address.
What if I don't know my ONID login name and password?
If you have never signed up for ONID, or have forgotten your ONID password, visit the ONID homepage. To sign up for ONID, click on the "Sign Up For ONID" link in the top left. To change a forgotten password, click on the "Change Password" link in the top left.
Why was my message to my class list rejected?
By default, only the instructor of a course can send to the list, and only from their ONID email address. If you are the instructor for a course and need to send to a list from another email address, click on the link above to manage your list. Login with your ONID credentials, and then add your other email address as a sender.
Why can't I add my email address as a sender?
Your email address must be in the Exchange Global Address Book in order for you to add it as an approved sender on your class list. Contact your Department Computer Administrator to get your email address added to the Exchange Global Address Book.
How do I remove a Sender that I added manually?
All senders that you have added manually are now displayed. You can remove one by clicking on the person's name.
How do I remove a Member that I added manually?
We have not implemented this feature yet, but we hope to make it available soon.
Where are the College of Business classes?
The College of Business uses a different process to create class groups. In order to avoid confusion, we are not creating ONID class groups for Business classes. If you are a Business instructor, please contact your college for more information about class groups.
I added my TA as a sender. Why don't they receive mail sent to the list?
Adding someone as a sender is not the same as adding them as a member. If you want someone to be able to send to a list AND receive mail sent to a list, add them as both a sender and a member.
Will the changes I make to my class groups now be saved for next term?
No. All group configuration changes and memberships are reset at the end of the term, because a given course may be taught by a different instructor in the next term. If you make custom changes to your class groups one term, you will need to make those changes again at the beginning of the next term.
Can I get a list of the members on my class lists?
The list memberships are hidden in the Exchange Global Address Book to protect student privacy. To obtain a list of members in your classes, visit Blackboard or the OSU Online Services page.
Oregon State University uses SpamAssassin to tag inbound email that appears to be spam. You can use these SpamAssassin tags to filter junk mail out of your mailbox.
Example headers that you can filter on:
X-Spam-Level: ******** (a # of stars indicating the likeliness that this is spam)
When creating a rule in your e-mail program to filter mail based on SpamAssassin tags, you have the choice of either using the "X-Spam-Flag" header, or the "X-Spam-Level" header. The X-Spam-Flag header will be set to YES whenever the message has a SpamAssassin score of 5 or higher. If you would like to catch messages with a score of 3 or more instead, you can create a rule that looks for this header:
You can enable SpamAssassin by going to http://www.onid.orst.edu. Choose "Login to ONID", and click on "Manage Mail" after you have authenticated.
MS SQL Server is a database management system that supports Microsoft's version of SQL (Structured Query Language). It has commonly been used by businesses for small to medium size databases. On campus its main use has been for data storage for third party applications and websites.
We offer an environment for departments to use MS SQL 2005 & 2008 without having to purchase server hardware, software, and licensing. SQL Maintenance and backups are included with the service.
If your department is interested in our SQL hosting service, please fill out the SQL Server Request Form. If you have general questions about this service, contact us at itconsult (at) oregonstate.edu or 541-737-4710.
Secure Sockets Layer (SSL) is a security protocol that provides an encrypted Internet connection. An SSL certificate is proof from an independent third party that your website belongs to the organization it says it does and that your users will be transmitting information via an encrypted connection. You should use an SSL certificate to protect any website or service that handles sensitive data such as login credentials.
Certificates can also be used to sign documents electronically or to sign code for distribution.
OSU is now registered for the InCommon Certificate service. With this membership, OSU has unlimited access to SSL certificates at no additional cost to individual service providers. All OSU-owned domains are covered. The following certificate types are available: web server SSL certificates, extended validation certificates, code signing certificates, wildcard certificates and SAN certificates. The certificate authority (CA) is Comodo, an industry-standard CA trusted by most clients.
To obtain a certificate through InCommon, please complete the InCommon SSL Certificate Request Form.
Thawte - To request or renew a Thawte certificate, please use the form below. However, please be aware that OSU now has access to free certificates from InCommon (see above).
Windows Servers - All domain-joined Windows servers in the Oregonstate AD forest can make use of AD SSL certificates at no cost. The certificates will automatically be trusted by AD-joined client machines at OSU. To request a Windows certificate, please email ServerSupport@oregonstate.edu.
Other CAs: You may request an SSL certificate from another Certificate Authority and the request will typically be forwarded to the WHOIS contact for the domain name of the host.
IPSCA - You may also request an SSL certificate from IPSCA, a certificate authority that provides free 2 year SSL certificates to EDU customers. Please Note: we have experienced some support issues with IPSCA and are no longer recommending this service.
IPSCA certificates should work with all major browsers but we do not have a lot of experience with this vendor yet, so use at your own risk. These certificates are ideal for systems with limited use that you might currently be securing with a self-signed certificate.
The following steps should be followed by the system administrator of the server that the SSL certificate will be hosted on.
Once we have reviewed your request, you will receive an email back from us indicating that you can proceed with the renewal or acquisition.
Information Services offers low-cost, fault-tolerant VMware Virtual Machine hosting. Both of our systems use VMware ESX and Dell 2950 PowerEdge servers. You can get individual VMware Virtual Machines starting at just $60.00/Month, or we can implement a customized dedicated VMware server environment to meet your needs.
We provide you with a base Linux or Windows Operating System, either 32bit or 64bit, on VMware ESX hosts along with VMware HA (High Availability) on Dell PowerEdge servers connected to 4GB fiber array disks. We can take snapshots of your VM before you apply updates or install applications to test. Once testing is done please contact us to remove the snapshots, as they are for temporary uses and are not to be used as a backup service.
We can install Windows Server 2003/2008, Debian, Red Hat Enterprise Linux or SUSE Linux. You would need to purchase an OS license or provide proof of ownership.
Our monthly fee covers:
Owners of the VMs are responsible for:
As an alternative to performing your own backups, Information Services offers server backup services for an additional cost.
|Processor Capacity||Memory||Disk Storage||Base Cost|
|1 CPU||512 MB up to 1024||up to 40 GB||$60.00/mo|
|2 CPUs||2 GB RAM||up to 80 GB||$90.00/mo|
|4 CPUs||3 GB RAM and up||up to 200 GB||$125.00/mo|