sync: auto-sync from GURU-5070 at 2026-06-15 11:20:33
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-15 11:20:33
This commit is contained in:
@@ -62,8 +62,16 @@ CryoWeave manufactures custom cryogenic cable assemblies (millikelvin to 300K) f
|
||||
### Email & Identity
|
||||
|
||||
- **Domain:** cryoweave.com
|
||||
- **Email:** Hosted externally [unverified — mail provider not documented]
|
||||
- **Greg's email:** greg@cryoweave.com
|
||||
- **Email:** **Microsoft 365 / Exchange Online** (confirmed 2026-06-15 — MX `cryoweave-com.mail.protection.outlook.com`, `autodiscover` → `autodiscover.outlook.com`). The IX/cPanel box only hosts the website, not mail.
|
||||
- **M365 tenant:** Cryoweave | Tenant ID `44705a37-b5d8-4bb1-882d-e18775612ada` | initial domain `cryoweave.onmicrosoft.com`
|
||||
- **Remediation suite:** onboarded 2026-06-15 (all ComputerGuru apps consented + roles; no MDE). ACG Global Admin `sysadmin@cryoweave.com` created (creds: SOPS `clients/cryoweave/m365-sysadmin.sops.yaml` + 1Password Clients). MFA not yet registered on it.
|
||||
- **Greg's email:** greg@cryoweave.com (Greg Schickling, owner/GA)
|
||||
- **DNS (zone on ns1/ns2.acghosting.com / IX) as of 2026-06-15:**
|
||||
- **SPF** OK: `v=spf1 +a +mx +ip4:72.194.62.5 +ip4:162.248.93.233 +ip4:162.248.93.81 +include:spf.protection.outlook.com -all` (authorizes M365, aligned).
|
||||
- **DMARC** `_dmarc` → `v=DMARC1; p=quarantine; sp=quarantine; fo=1; rua=mailto:rua@azcomputerguru.com` (hardened from p=none to **p=quarantine** 2026-06-15; **promote to p=reject** after ~1 week of clean aggregate reports confirm all legit senders — incl. the IX website/contact form — align). Cross-domain report authorization published on the azcomputerguru.com Cloudflare zone: `cryoweave.com._report._dmarc.azcomputerguru.com TXT "v=DMARC1;"` (2026-06-15). `rua@azcomputerguru.com` **shared mailbox created** in ACG's tenant (DisplayName "DMARC Reports", GUID 46b898f8-cfac-4b81-8980-e681b13fb833, mike@ FullAccess+automap) — full reporting chain live; aggregate reports arrive within ~24h. (NB: a single `*._report._dmarc` wildcard does NOT cover a 2-label reported domain; add one per-client record on the azcomputerguru.com Cloudflare zone.)
|
||||
- **DKIM** (M365 selector1/2): CNAMEs published + **signing ENABLED 2026-06-15** (`Get-DkimSigningConfig`: Enabled=True, Status=Valid, 2048-bit). Targets `selector1-cryoweave-com._domainkey.cryoweave.w-v1.dkim.mail.microsoft` (+ selector2).
|
||||
- Stale `mail.cryoweave.com` CNAME → old Neptune (67.206.163.124) **removed**.
|
||||
- **Outbound-email issue (open):** Greg reports mail not reaching recipients. SPF passes/aligns, so auth isn't hard-failing; pending **message trace** (EXO app-only access still propagating after onboarding) + Greg's NDR to pinpoint restriction/reject/junk. DKIM+DMARC gaps were the most likely junking cause.
|
||||
|
||||
### Network
|
||||
|
||||
|
||||
Reference in New Issue
Block a user