Institute of Physics

ContactGrudziądzka 5, 87-100 Toruń
tel.: +48 56 611 3310
e-mail: ifiz@fizyka.umk.pl

LAN

Basic information | Rules for using the network and servers | E-mail

1. Basic information

Contents:
1.1 Administrators
1.2 Servers and services
1.3 Changing the password
1.4 Access to the faculty account (with a shell) for students
1.5 Access to local network resources via OpenVPN
1.6 Access to Internet via Eduroam
1.7 Registration and configuration of a new computer (new network card)
1.8 Antivirus program

The network of the Department of Applied Computer Science and the Institute of Physics is a part of Toruń’s urban computer network TORMAN.

1.1 Administrators

1.2 Servers and services

The local computer network is connected to the TORMAN network with a bandwidth of 2 Gb/s. Network devices work in the 100/1000/10000 Mb/s standard. The smooth functioning of the network, in which more than 400 hosts work, requires maintaining appropriate rigors in its expansion and connecting new computers. Therefore, any changes and expansion of the network must be agreed and approved by the administrators before they are directed for implementation.

1.3 Changing the password

In order to change the password, please use the website at https://www.fizyka.umk.pl/passwd. On faculty servers, the password is updated four times a day (by 2, 8, 14 and 20). For security reasons, access to this site is only possible from computers working on the local computer network. Anyone who has an account and can register via ssh on the server ameryk.fizyka.umk.pl can access this page by following the following instructions:

The ‘-D’ option used above is responsible for using the so-called ssh dynamic port forwarding.

1.4 Access to the faculty account (with a shell) for students

At the beginning of the academic year 2006/2007, student accounts on the servers of our faculty are not founded independently, but are closely related to the accounts on the university student server. Therefore, in order to gain access to departmental servers it is necessary to first set up an account on the university server using the Account creation form. In addition to the account on the central server, an additional account (with the same identifier and password) is created on the departmental server and becomes available the next day.

1.5 Access to local network resources via OpenVPN

Due to security considerations the access to servers running in the local network (general servers and workgroup servers) is restricted by the proper confguration of the firewall.
The most convenient and secure access to local network resources is provided by the OpenVPN system. In order to use the system, the user should install on his computer the OpenVPN client software and obtain certificates.

Employees and doctoral students shoud contact the administrator of the system to receive the certificates (email: operator@fizyka.umk.pl).

Students must submit an application (OpenVPN-application) to the WFAiIS Dean’s Office in order to obtain the certificates.

Certificates together with the configuration files (for Windows and Linux) are placed in the openvpn subdirectory of the user’s home directory.

By default, an OpenVPN client uses the UDP communication protocol to connect to the OpenVPN server. Unfortunately, often in public places access to the IF+KIS LAN is difficult since the Internet connection is only available via HTTP and HTTPS protocols. In order to circumvent this limitation, you need to start the OpenVPN client using client4tcp.conf instead of client.conf configuration file.

For Windows (Linux) users, the contents of the file should be unziped in the c:\Users\(profile)\OpenVPN\config directory (/etc/openVPNconfig). From now on, you can establish an OpenVPN connection using the new “client4tcp” configuration.

Using OpenVPN over TCP is also recommended in case of the unstable/poor connection.

Installing and running the OpenVPN service requires the administrative privileges (Windows – administrator, Linux – root).

Windows users can start the OpenVPN client in the graphical mode, and then by right-clicking on the OpenVPN icon in the taskbar, indicate the client (configuration) and select “connect”. As the administrator you can also run in the console mode start.bat script (located in the appropriate OpenVPN directory). In both cases, after the connection is established, a new logical interface should be created and new entries in the routing table added. This can be verified by running the following commands in console mode (cmd): ipconfig/all and netstat -r. In case of routing tables you should see extra routes to networks 158.75.104.0 and 158.75.4.0. When the OpenVPN client is stopped these entries are automatically removed.

1.6 Access to Internet via Eduroam

Since April 2005, the Eduroam wireless network has been operating on the Nicholaus Copernicus University. It enables authenticated access to the Internet in many scientific institutions in Poland and around the world, including the Institute of Physics premises. Due to the size of the building and its construction (thick reinforced walls), as well as the limited number of access points, the radio signal of adequate quality is available only in frequently used open spaces (the entrance hall, the main corridors and the bar) and large lecture halls (S20 and S26). If the radio signal quality in other areas is unsatisfactory, employees should connect
their computers directly to the cable infrastructure of the local area network (see Section 1.7).

In the case of employees, connecting a computer to the Eduroam network requires the installation of a special certificate.

Students connect their computers to this network by authenticating themselves through their ID and password, which they use when registering on departmental servers (http://eduroam.umk.pl/studenci/instalacja/). More information on the access mode and hardware configuration can be found at http://eduroam.umk.pl/studenci/.

Connecting the computer to the Eduroam network allows unrestricted access to the Internet, but it does not allow access to the resources of the local computer network (except access to the server http://www.fizyka.umk.pl and to your account on the server ameryk). Such access can be obtained only after obtaining the appropriate certificate and installing the OpenVPN system (see the previous item). To this end, students must apply to the dean’s office of WFAiIS with the application signed (OpenVPN-application), which will be the basis for issuing the certificate, which, together with the OpenVPN service configuration file (for Linux and Windows) will be placed in the openvpn subdirectory of the user’s home directory.

1.7 Registration and configuration of a new computer (new network card)

A new computer can utilise the cable local network provided it can aquire a separate IP number from a DHCP server. To this end the computer must be registered beforehand by sending an email to operator@fizyka.umk.pl with information about the computer’s location, its administrator and its network card’s hardware address (so called MAC address, i.e. 1A:60:19:07:1A:F0). When a network card is swapped for another one MAC addresses of both the cards should be provided.

1.8 Antivirus program

WFAiIS employees can use the Eset Smart Security antivirus software; see http://www.uci.umk.pl/pracownicy/esetsmartsecurity/.

2. Rules for using the network and servers

Contents:
2.1 Prohibitions and recommendations
2.2 Choosing and changing the password
2.3 Available disk space

The local computer network of the Institute of Physics and the Department of Applied Computer Science together with computers connected to it (including servers) is used by the employees and students of the Faculty to complete their didactic and scientific tasks. Currently, servers support about 1,200 people. In order to provide everyone with access to servers, good and reliable services and provide the necessary level of
system protection, the following rules for using the servers are introduced (see also the Computer Network Regulations of the Nicolaus Copernicus University).

2.1 Prohibitions and recommendations

The user is prohibited from:

Failure to comply with the above prohibitions and recommendations will result in immediate loss of access to the server and other appropriate sanctions. The Dean of the Faculty will be informed of any significant violation of the rules of using the local computer network.

2.2 Choosing and changing the password

In order to protect your own data and protect the entire system from intrusions, each user MUST use a password that is difficult to guess.

When creating a password, do not use:

The password must be at least nine characters long, including at least one capital letter and one number or special character (@!,:; “…).

When creating a password, it is recommended to use:

2.3 Available disk space

Due to the limited disk resources that can be allocated to users’ home directories, as well as a large number of users, one has to use these resources prudently. If it is necessary to store larger amounts of data for a short period of time, the /tmp space should be used.

Home directories are regularly archived. In the event of data loss, it is possible to recover them. Because no system is 100% sure, it is recommended to archive the most important data on your own. The system administrator is not responsible for the loss of data collected by users.

3. E-mail

Contents:
3.1 Access to mail
3.2 How to deal with unwanted mail (spam)?

3.1 Access to mail

Each user can access his mailbox in several ways:

Access to mail in text mode on departmental servers
The alpine and mutt programs are used for e-mail. Changing the default settings is possible by placing them in the local configuration files ~/.pinerc and ~/.muttrc. Windows users can login using, for example, the putty program.

Access to mail via Thunderbird, Outlook (Express), Evolution, etc.
When working on a local computer network, you can use the e-mail service without logging into one of the servers. Electronic mail can be downloaded and sent using any e-mail client, for example, the mozilla-mail program or Outlook Express. When configuring this
service, please indicate as a POP3 server (incoming mail) – pop3.umk.pl and as SMTP server (outgoing mail) – smtp.umk.pl. You can also use the IMAP protocol (imap.umk.pl server) to contact the e-mail server.

The mail server forces the connection between the server and the mail client to be encrypted. Therefore, client programs such as Thunderbird, Outlook (Express) and others must be forced to encrypt the connection:

Sending mail via the mail.fizyka.umk.pl server is possible not only from the local network, but from any network (eg home network) under the condition of logging in with authentication. This means that when sending mail, you also need to enter the server access password.

In the case of Outlook 2010 (also 2007), the following account settings must be used:

Under the “More settings” button it is necessary

Access to e-mail through WWW
You can also use the e-mail service using a web browser for this purpose. All you need to do is go to http://www.umk.pl/poczta, choose IMP and log in with your e-mail address as your identifier on the departmental server. Detailed information on how to use this service can be found at http://www.uci.umk.pl/studenci/poczta/pocztawww/.

3.2. How to deal with unwanted mail (spam)?
Recently, the number of unsolicited e-mails has increased significantly, i.e. spam messages that reach our mailboxes every day. Therefore, an antyspam program has been installed on the mail server. It looks at the headline and contents of each letter and, based on fairly sophisticated rules, determines whether the letter is spam. If the message is classified as spam, a letter with modified ‘Subject:’ field is received in the mailbox, viz.

Subject: *** SPAM *** ….

It allows you to automatically delete spam from the main mailbox and transfer them to a separate mailbox.

How to do it?

Variant 1 (for those logging in to polon/tor servers to read the mail)

In order to automatically forward all letters qualified as spam to a separate file (a separate mailbox), you should create (using an editor) a file ~/.procmailrc containing the following four lines:

MAILDIR $ = $ HOME/Mail
: 0
* ^ Subject: \*\*\*Spam\*\*\*
Mail/spam

If the mail is kept in a different directory, e.g. mail, then you need to make a proper change to the .procmailrc file.

Variant 2 (for users who use Outlook Express or similar software to download mail from the server)

Outlook Express allows filtering of mail downloaded from the mail server (POP server) according to the content of the Subject field. You need to activate this option and send mail automatically marked as *** Spam *** to a separate folder.

Outlook Express (OE) allows you to connect to the mail server using the IMAP protocol (when creating an account you must indicate that the incoming mail server should be mail.fizyka.umk.pl, and IMAP should be used for mail transmission, not POP ). After configuring the e-mail account in OE, select Account-Properties-IMAP. In the “Folders” section, enter “mail” in the “Main folder path” field (without quotes). After connecting to the server, there is no automatic transfer of mail from the server to the personal computer, but Outlook Express allows you to view the contents of the mailbox, delete letters and transfer only selected items to the personal computer. You can also browse other mailboxes located in the home directory (or in any of the subdirectories that you specify by selecting the IMAP tab (Tools-Account-Properties-IMAP). In particular, you can view the mailbox Mail/SPAMY if you indicate the Mail directory as an additional place to
view e-mail. In this directory you can collect your spam messages by following the instructions given above (see Option 1).

Option 3 (people who want to gain fuller control over the fate of letters that reach them)

The anti-spam program modifies the header of each checked-out letter by adding lines to the form:

X-Spam-Level: ****************************

Please note that each letter receives penalty points and an appropriate number of *. At the moment, only those lists for which the number of penalty points exceeds 5 are classified as spam (this parameter is configurable and may change). Of course, you can filter mail based on the number of penalty points. If you want to only send letters marked with at least two, three, etc. asterisks to the Mail/SPAMY file, then you need a row

* ^Subject: \*\*\*Spam\*\*\*

replace with a line

* ^X-Spam-Level: \*\*+

or

* ^X-Spam-Level: \*\*\*+

etc.