From bd3fac798e85f93d2ab2043ba1bac1371a645012 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 1 May 2026 20:08:11 -0700 Subject: [PATCH] =?UTF-8?q?session=20log:=202026-04-30=20update=20?= =?UTF-8?q?=E2=80=94=20Tedards=20email=20diagnosis,=20DMARC=20escalation,?= =?UTF-8?q?=20billing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- session-logs/2026-04-30-session.md | 62 ++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/session-logs/2026-04-30-session.md b/session-logs/2026-04-30-session.md index 7987659..c433548 100644 --- a/session-logs/2026-04-30-session.md +++ b/session-logs/2026-04-30-session.md @@ -368,3 +368,65 @@ Per Mike's clarification: - #32022 (Michael Johnson) — "*Cancelled* Onsite - Printer error" — Cancelled (no time entry needed) **Note on Sombra (#32225):** Per Mike, RMM enrollment doesn't require billing, but if any actual work was done, it should have a time entry. + +--- + +## Update: 17:10 — Tedards email diagnosis, DMARC escalation, billing + +## User +- **User:** Mike Swanson (mike) +- **Machine:** DESKTOP-0O8A1RL +- **Role:** admin + +## Session Summary + +Diagnosed an email delivery issue for Tedards where emails from `lindsay@agencyzoomify.com` were routing to trash without any client-side rule. Checked Exchange Online inbox rules for `y226@tedards.net` (29 rules found, none targeting agencyzoomify.com) and reviewed the junk email configuration (blocked senders list did not include agencyzoomify.com). DNS email authentication for agencyzoomify.com was checked: SPF covers Titan Email and M365 with `~all` fallback, DMARC is set to `p=quarantine`, but DKIM records (selector1/selector2 CNAMEs) are entirely absent. Root cause identified as DMARC quarantine policy with no DKIM alignment — EOP at the receiving side quarantines messages that fail DMARC. Recommended adding `lindsay@agencyzoomify.com` to Yvonne's trusted senders as an immediate workaround, and advised that Lindsay's IT needs to enable DKIM in M365 for agencyzoomify.com. Mike has not yet confirmed the trusted senders add — still pending. + +The tedards.net DMARC escalation cron job fired at 1:17 PM. DKIM was confirmed still `Enabled: true, Status: Valid` in M365. The `_dmarc.tedards.net` TXT record was resolving cleanly from public DNS (`p=none`). The old record (WHM zone line 19) was removed via `removezonerecord` and a new `p=quarantine` record was added via `addzonerecord`. Verification via nslookup from 8.8.8.8 confirmed the new record live. + +Sync pulled Howard's new client stub for Sombra Residential LLC — a Windows Server 2012 box (labelled Server2013, actually WS2012 build 9200) enrolled in GuruRMM today. Machine is EOL since 2023-10-10 and running unpatched. Howard flagged it for Mike to discuss migration path with the client. + +Billing was logged for the DKIM/DMARC work after showing Mike a preview: new Syncro ticket #32231 created (status Resolved), 1hr Remote Business at $150. + +## Key Decisions + +- **Trusted senders add pending explicit confirmation** — adding to the junk bypass list is a tenant-side change that affects mail filtering posture; held for Mike's yes. +- **DMARC escalated to p=quarantine rather than p=reject** — quarantine is a safe production policy; p=reject requires higher confidence in DKIM/SPF coverage and should be a deliberate next step. +- **Billing preview shown before submitting** — after missing the preview on the QB ticket earlier in the session, adopted pattern of showing subject/description/labor/amount before any Syncro POST. + +## Problems Encountered + +- **agencyzoomify.com has no DKIM** — `selector1._domainkey.agencyzoomify.com` returns NXDOMAIN. Their DMARC is `p=quarantine` which means any message failing DMARC alignment (likely on DKIM since SPF alignment depends on envelope-from) gets quarantined at the recipient. Not a tedards.net issue — it is entirely on the sending side. + +## Infrastructure and DNS Changes + +### tedards.net DNS (WHM on 72.194.62.5) + +| Record | Change | +|---|---| +| `_dmarc.tedards.net` TXT | Updated: `p=none` → `p=quarantine; sp=quarantine; adkim=r; aspf=r;` | + +## Syncro Tickets + +| Ticket | Client | Action | +|---|---|---| +| #32231 (ID 109712846) | Bill/Yvonne Tedards | Created + 1hr Remote Business — DKIM/DMARC setup ($150) | + +## Pending Tasks + +- **Trusted senders add for Yvonne** — add `lindsay@agencyzoomify.com` to `y226@tedards.net` trusted senders via `Set-MailboxJunkEmailConfiguration`. Mike to confirm. +- **lindsay@agencyzoomify.com DKIM** — advise Yvonne to pass to Lindsay: enable DKIM in M365 Defender portal for agencyzoomify.com. Without it, their `p=quarantine` DMARC will continue causing delivery issues at other recipients too. +- **Sombra Residential WS2012 EOL** — Server2013 (actually WS2012, EOL 2023-10-10) enrolled by Howard. Needs migration path discussion with client. sysadmin account password also needs to be captured in vault. +- **QB PDF fix** (Yvonne Tedards) — awaiting confirmation that disabling Protected Print Mode + QB Repair resolved the issue. +- **Tedards email issue ticket #32228** — `lindsay@agencyzoomify.com` delivery problem. Root cause found; fix pending. + +## Reference + +- tedards.net Exchange mailboxes: `bt@tedards.net` (Bill), `y226@tedards.net` (Yvonne) +- tedards.net tenant ID: `4fcbb1f4-fbf9-4548-a93e-7d14a3c091e6` +- WHM API: `https://72.194.62.5:2087` (vault: `infrastructure/ix-server.sops.yaml`) +- agencyzoomify.com DKIM status: NO RECORDS — selector1/selector2 NXDOMAIN +- agencyzoomify.com DMARC: `v=DMARC1; p=quarantine; rua=mailto:lindsay@agencyzoomify.com` +- Sombra Residential vault: `clients/sombra-residential/server2013.sops.yaml` +- Syncro ticket #32228: Tedards email issue (no billing yet) +- Syncro ticket #32231: Tedards DKIM/DMARC ($150 logged)