wiki: compile darrell-delphen (seed)

2026-06-18 12:54:57 -07:00
parent 6f4cadb16f
commit 0797478a96
2 changed files with 57 additions and 1 deletions
--- a/wiki/clients/darrell-delphen.md
+++ b/wiki/clients/darrell-delphen.md
@@ -0,0 +1,55 @@
+---
+type: client
+name: darrell-delphen
+display_name: Darrell Delphen
+last_compiled: 2026-06-18
+compiled_by: GURU-5070/claude-main
+sources:
+  - clients/darrell-delphen/session-logs/2026-06/2026-06-18-mike-email-link-sni-block.md
+backlinks: []
+---
+
+# Darrell Delphen
+
+## Profile
+- **Contract type:** Break-fix (no prepaid block)
+- **Key contacts:** Darrell Delphen
+- **Billing rate:** $150/hr remote (most recent labor)
+- **Location:** Yantis, TX
+- **Syncro customer ID:** 35996725
+- **Managed devices:** GuruRMM agent on DDDOffice072023 (0 assets recorded in Syncro)
+
+## Infrastructure
+
+### Servers & Services
+| Host | IP | Role | OS | Notes |
+|---|---|---|---|---|
+| DDDOffice072023 | LAN behind 192.168.1.1 | Workstation | Windows | GuruRMM agent `000ed57d-fd05-4001-871c-244f43155c16` (v0.6.66); ISP egress 167.89.210.225 |
+
+### Email & Identity
+- **Mail security:** Intermedia Email Protection (rewrites links to `url.emailprotection.link`). Mailbox accessed via Outlook. (verify tenant/host details)
+
+### Network
+- **ISP / WAN:** ISP-provided/managed **Extreme EXOS** gateway (LAN gateway 192.168.1.1, egress 167.89.210.225). Client has no login to this device — changes require ISP escalation.
+- **Firewall:** the EXOS gateway runs ISP-side web/URL filtering (the "NetIQ" feature) capable of SNI-based TLS inspection.
+- **VPN:** (verify — none known)
+
+## Access
+- Remote management: GuruRMM (agent on DDDOffice072023)
+- Vault path: (verify — no client credentials vaulted)
+
+## Patterns & Known Issues
+
+- **ISP gateway SNI filtering breaks Intermedia/Outlook email links.** The ISP-managed Extreme EXOS gateway's "NetIQ" URL-filtering feature has SNI-intercepted and reset TLS to `url.emailprotection.link` (Intermedia's link-rewriter), producing `ERR_CONNECTION_ABORTED` / SChannel `0x80090326` (SEC_E_ILLEGAL_MESSAGE) on Outlook links while Gmail links (Google redirector) worked. The client cannot change this device — resolution requires an ISP ticket. If it recurs, suspect the "NetIQ" feature being re-enabled and confirm with an SNI-varied handshake test against `199.193.205.140`.
+
+## Active Work
+
+*No open tickets in Syncro as of 2026-06-18.*
+
+## History Highlights
+
+- **2026-06-18** — Diagnosed Outlook email links failing (`ERR_CONNECTION_ABORTED`). Root cause: ISP EXOS gateway "NetIQ" feature SNI-blocking Intermedia's `url.emailprotection.link` rewriter. Deployed Cloudflare WARP as interim bypass; ISP disabled the feature for the permanent fix; verified native path and removed WARP. Billed 1.0h remote ($150, Syncro #32437 / invoice #67853).
+
+## Backlinks
+
+*(none yet)*
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -1,7 +1,7 @@
 # Wiki Index

 Last updated: 2026-06-18
-Compiled by: Mikes-MacBook-Air/claude-main
+Compiled by: GURU-5070/claude-main

 This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
 Run `/wiki-lint` to check for stale entries and broken backlinks.
@@ -25,6 +25,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 | [ACG Internal Infrastructure](clients/internal-infrastructure.md) | ACG's own hosting infra — Neptune Exchange (cert expires 2026-05-31, DkimSigner disabled), IX server, Cloudflare tunnel workaround, ACG M365 tenant gaps | 2026-05-24 |
 | [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare; BB-SERVER (WS2016) GuruRMM enrolled; Datto→SharePoint migration incomplete; M365 apps partially consented | 2026-05-24 |
 | [CryoWeave](clients/cryoweave.md) | Custom cryogenic cable assemblies; cPanel on IX; website redesign + SEO project in progress; Syncro ID not documented | 2026-05-24 |
+| [Darrell Delphen](clients/darrell-delphen.md) | Break-fix residential (Yantis, TX); single Windows workstation DDDOffice072023 (GuruRMM); 2026-06-18 Outlook email links failing = ISP-managed Extreme EXOS gateway "NetIQ" SNI-filtering of Intermedia's url.emailprotection.link rewriter (WARP interim bypass, ISP disabled the feature for permanent fix); Syncro #35996725 | 2026-06-18 |
 | [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 |
 | [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K–$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 |
 | [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 3–6 months | 2026-05-24 |