sync: auto-sync from GURU-BEAST-ROG at 2026-06-25 19:13:01
Author: Mike Swanson Machine: GURU-BEAST-ROG Timestamp: 2026-06-25 19:13:01
This commit is contained in:
committed by
ClaudeTools Bot
parent
f3edf62cf7
commit
2391b510a5
@@ -124,6 +124,10 @@ Invoice: ticket_id=109697650, customer_id=487887 -> invoice_id=1650804914, total
|
||||
|
||||
- **Lindsay's IT / Wirechunk:** Needs to enable DKIM signing for `agencyzoomify.com` on the Wirechunk platform. Outreach sent 2026-06-25. No response yet. If they respond needing technical guidance, the fix is: in Wirechunk's admin/domain settings, generate a DKIM key pair for `agencyzoomify.com`, then publish the provided CNAME or TXT record in agencyzoomify.com's DNS.
|
||||
- **TABL entry is a workaround:** If Wirechunk fixes their DKIM, the TABL entry becomes unnecessary but harmless. No action needed unless there's a reason to remove it.
|
||||
- **bt@tedards.net DELETE folder:** Unexplained by server-side config. EOP delivers all Lindsay messages cleanly. Client-side Outlook behavior suspected. Bill or Yvonne need to check Outlook junk email settings on Bill's machine. Could also add safe sender for agencyzoomify.com on bt@tedards.net mailbox (TABL and transport rule already cover it tenant-wide).
|
||||
- **Wirechunk test to Tedards pending:** No Wirechunk-origin messages have been traced to bt@tedards.net or y226@tedards.net in 10 days. To confirm the DMARC fix is working for Wirechunk → Tedards path, Lindsay needs to send a test from Wirechunk specifically to a tedards.net address.
|
||||
- **GuruProtect (ACG inbound) breaking DMARC for agencyzoomify.com:** When Inky adds a warning banner to agencyzoomify.com emails arriving at ACG, it breaks DKIM body hash, causing DMARC to fail at final ACG delivery. One "Testing" message from Lindsay went to ACG junk because of this. An ACG-side TABL for agencyzoomify.com would fix this, or GuruProtect could be configured to suppress banner for that domain.
|
||||
- **Mike will resume this investigation on ticket #5070.**
|
||||
|
||||
---
|
||||
|
||||
@@ -134,3 +138,56 @@ Invoice: ticket_id=109697650, customer_id=487887 -> invoice_id=1650804914, total
|
||||
- **Wirechunk platform:** https://agencyzoomify.com (platformId: gz3p2m, siteId: jrhPAXTEL5HMZCCAwiCADG)
|
||||
- **Prior session log:** `session-logs/2026-05-01-session.md` (original diagnosis, no fix applied)
|
||||
- **TABL entry identity:** `RgAAAAArywm90jRVQo0kEayuw5_TBwBRjA0l48MZR4z_7XjWEYzfAAAAAAEVAABRjA0l48MZR4z_7XjWEYzfAABl1MyUAAAA0`
|
||||
|
||||
---
|
||||
|
||||
## Update: 19:11 PT — bt@tedards.net trace, Lindsay replies, GuruProtect analysis
|
||||
|
||||
### Summary
|
||||
|
||||
After context compaction, Mike continued the investigation with a focus on new information: Yvonne Tedards reported emails from the Lindsay/Bill conversation were ending up in Bill's DELETE folder and disappearing in real-time (count dropping 5 → 4 → 3 while she watched). Mike also received a response from Dmitriy (Lindsay's IT/Wirechunk) who clarified that Wirechunk sends from the `platform.agencyzoomify@wirechunk.site` envelope sender, not `agencyzoomify.com` — and that DKIM for agencyzoomify.com is not the right fix, that adding agencyzoomify.com as a custom sending domain in Wirechunk is the correct approach.
|
||||
|
||||
Mike asked several clarifying questions: which emails were being allowed before (the husband's direct Outlook emails), whether the original analysis was correct (mechanism correct, specific envelope sender domain was wrong — said boltonselect.com, correct is wirechunk.site), and what his name/email was (not captured in prior investigation; confirmed he's Brandon Bolton at brandon@agentive-one.com, sending from agentive-one.com domain in the theboltonagency M365 tenant).
|
||||
|
||||
Investigation extended to bt@tedards.net. ACG mailbox trace found Bill (not Yvonne) had forwarded three messages to mike@ labeled "BOLTON #1/2/3 in DELETE FOLDER." Message trace for bt@tedards.net (10-day window) showed all Lindsay messages as Delivered with clean 2-event traces ("Message received" → "successfully delivered"). Zero Wirechunk messages delivered to bt@tedards.net in 10 days. No server-side inbox rules (18 rules, none matching agencyzoomify.com), zero sweep rules, no blocked sender entries for agencyzoomify.com. Message trace detail (Get-MessageTraceDetailV2) on all five Lindsay → bt messages confirmed clean delivery with no rule-fire events.
|
||||
|
||||
GuruProtect/Inky analysis: ACG uses GuruProtect for inbound email. Tedards does NOT use Inky. When Bill's BOLTON forwards arrived at ACG, GuruProtect added its warning banner (External / First-Time Sender). The "Testing" email from Lindsay that went to junk at ACG failed because GuruProtect modified the HTML body (banner insertion) which broke DKIM body hash, and Inky's outbound IP (34.210.15.192) is not in agencyzoomify.com's SPF → DMARC fails at final ACG delivery. Mike corrected an erroneous assumption that Tedards also used Inky.
|
||||
|
||||
Lindsay replied three times to the outreach email: confirmed she added Dmitriy to resolve the Wirechunk issue, asked if she should start a new email chain, and sent a Wirechunk test ("Sent. Refer an Agency to AgencyZoomify") which GuruProtect tagged as Graymail and delivered to ACG inbox. Session ended with Mike requesting a save; will resume on ticket #5070.
|
||||
|
||||
### Additional Key Decisions
|
||||
|
||||
- **DELETE folder at bt@tedards.net is client-side:** All server-side investigation was exhausted (message trace, inbox rules, sweep rules, junk config). EOP delivers cleanly. No server-side explanation found. Conclusion: Outlook client junk filter or manual user deletion. Did not attempt to fix without clearer evidence of cause.
|
||||
- **Correction logged:** Initial session incorrectly identified boltonselect.com as the envelope sender domain for Wirechunk. Correct envelope sender is platform.agencyzoomify@wirechunk.site (per Dmitriy). Our applied fixes remain valid regardless.
|
||||
- **GuruProtect assumption corrected:** Briefly implied Tedards may also use Inky based on routing headers. Mike corrected: only ACG uses Inky. Correction logged to errorlog.md.
|
||||
|
||||
### Additional Problems Encountered
|
||||
|
||||
- **Get-MessageTraceDetail deprecated:** Returned 400 with deprecation notice pointing to Get-MessageTraceDetailV2. Switched cmdlet, no further issues.
|
||||
- **ACG mailbox Graph search for "Testing" returned unrelated results:** $search="Testing" matched too broadly. Found the relevant message by searching junk folder directly with from: filter.
|
||||
- **Inky IP breaking DMARC at ACG:** Lindsay's direct Outlook "Testing" email went to ACG junk because GuruProtect modified body → broke DKIM → DMARC failed at final hop. Not a Tedards issue; ACG-side problem. Unresolved; potential fix is ACG-side TABL for agencyzoomify.com or GuruProtect domain allowlist.
|
||||
|
||||
### New Findings
|
||||
|
||||
```
|
||||
# bt@tedards.net - Lindsay messages (all Delivered, clean trace)
|
||||
Jun 25 23:33 Re: 8445 Bolton/Farmers - discovery → Delivered (BOLTON #1)
|
||||
Jun 25 09:51 Re: 8445 Bolton/Farmers - Discovery/conf call → Delivered (BOLTON #2)
|
||||
Jun 25 01:46 Re: 8445 Bolton/Farmers - correction → Delivered (BOLTON #3)
|
||||
Jun 19 21:12 Discovery → Delivered
|
||||
Jun 19 21:09 Re: Bolton Case - Bill Tedards → Delivered
|
||||
|
||||
# Wirechunk messages to bt@tedards.net (10-day window): 0
|
||||
# Sweep rules on bt@tedards.net: 0
|
||||
# Server-side inbox rules matching agencyzoomify.com: 0
|
||||
|
||||
# Lindsay replies to ACG outreach (mike@azcomputerguru.com inbox):
|
||||
00:05 UTC "Thank you, I added Dmitriy to resolve Wirechunk issue"
|
||||
00:43 UTC "Would you like me to email directly in a new chain?"
|
||||
01:43 UTC Wirechunk test ("Sent. Refer an Agency to AgencyZoomify") — tagged Graymail by GuruProtect, delivered to inbox
|
||||
|
||||
# GuruProtect broke DMARC on ACG-inbound Lindsay "Testing" email:
|
||||
ARC i=1: spf=pass, dkim=pass, dmarc=pass (originating from theboltonagency M365)
|
||||
ARC i=3: spf=softfail (Inky IP 34.210.15.192 not in agencyzoomify.com SPF), dkim=fail (body hash modified by Inky banner), dmarc=fail action=quarantine
|
||||
→ Message landed in ACG junk (FilteredAsSpam in message trace)
|
||||
```
|
||||
|
||||
@@ -17,6 +17,8 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
<!-- Append entries below this line -->
|
||||
|
||||
2026-06-26 | GURU-BEAST-ROG | email-investigation | [correction] assumed tedards.net also uses GuruProtect/Inky; correct: only ACG uses Inky for inbound. Tedards routes directly to Exchange Online.
|
||||
|
||||
2026-06-25 | Howard-Home | wiki-compile | [friction] Sonnet subagent hit 32k output-token cap regenerating full ~600-line article via Write; wrote nothing [ctx: fix=targeted staged edits of deltas for large existing articles, not full regen]
|
||||
|
||||
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=raw]
|
||||
|
||||
Reference in New Issue
Block a user