azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

session log: 2026-04-30 update — Tedards email diagnosis, DMARC escalation, billing

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-01 20:08:11 -07:00
parent 1280f50ff8
commit bd3fac798e
1 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
session-logs/2026-04-30-session.md
View File

@@ -368,3 +368,65 @@ Per Mike's clarification:
- #32022 (Michael Johnson) — "*Cancelled* Onsite - Printer error" — Cancelled (no time entry needed) - #32022 (Michael Johnson) — "*Cancelled* Onsite - Printer error" — Cancelled (no time entry needed)
**Note on Sombra (#32225):** Per Mike, RMM enrollment doesn't require billing, but if any actual work was done, it should have a time entry. **Note on Sombra (#32225):** Per Mike, RMM enrollment doesn't require billing, but if any actual work was done, it should have a time entry.
---
## Update: 17:10 — Tedards email diagnosis, DMARC escalation, billing
## User
- **User:** Mike Swanson (mike)
- **Machine:** DESKTOP-0O8A1RL
- **Role:** admin
## Session Summary
Diagnosed an email delivery issue for Tedards where emails from `lindsay@agencyzoomify.com` were routing to trash without any client-side rule. Checked Exchange Online inbox rules for `y226@tedards.net` (29 rules found, none targeting agencyzoomify.com) and reviewed the junk email configuration (blocked senders list did not include agencyzoomify.com). DNS email authentication for agencyzoomify.com was checked: SPF covers Titan Email and M365 with `~all` fallback, DMARC is set to `p=quarantine`, but DKIM records (selector1/selector2 CNAMEs) are entirely absent. Root cause identified as DMARC quarantine policy with no DKIM alignment — EOP at the receiving side quarantines messages that fail DMARC. Recommended adding `lindsay@agencyzoomify.com` to Yvonne's trusted senders as an immediate workaround, and advised that Lindsay's IT needs to enable DKIM in M365 for agencyzoomify.com. Mike has not yet confirmed the trusted senders add — still pending.
The tedards.net DMARC escalation cron job fired at 1:17 PM. DKIM was confirmed still `Enabled: true, Status: Valid` in M365. The `_dmarc.tedards.net` TXT record was resolving cleanly from public DNS (`p=none`). The old record (WHM zone line 19) was removed via `removezonerecord` and a new `p=quarantine` record was added via `addzonerecord`. Verification via nslookup from 8.8.8.8 confirmed the new record live.
Sync pulled Howard's new client stub for Sombra Residential LLC — a Windows Server 2012 box (labelled Server2013, actually WS2012 build 9200) enrolled in GuruRMM today. Machine is EOL since 2023-10-10 and running unpatched. Howard flagged it for Mike to discuss migration path with the client.
Billing was logged for the DKIM/DMARC work after showing Mike a preview: new Syncro ticket #32231 created (status Resolved), 1hr Remote Business at $150.
## Key Decisions
- **Trusted senders add pending explicit confirmation** — adding to the junk bypass list is a tenant-side change that affects mail filtering posture; held for Mike's yes.
- **DMARC escalated to p=quarantine rather than p=reject** — quarantine is a safe production policy; p=reject requires higher confidence in DKIM/SPF coverage and should be a deliberate next step.
- **Billing preview shown before submitting** — after missing the preview on the QB ticket earlier in the session, adopted pattern of showing subject/description/labor/amount before any Syncro POST.
## Problems Encountered
- **agencyzoomify.com has no DKIM** — `selector1._domainkey.agencyzoomify.com` returns NXDOMAIN. Their DMARC is `p=quarantine` which means any message failing DMARC alignment (likely on DKIM since SPF alignment depends on envelope-from) gets quarantined at the recipient. Not a tedards.net issue — it is entirely on the sending side.
## Infrastructure and DNS Changes
### tedards.net DNS (WHM on 72.194.62.5)
| Record | Change |
|---|---|
| `_dmarc.tedards.net` TXT | Updated: `p=none``p=quarantine; sp=quarantine; adkim=r; aspf=r;` |
## Syncro Tickets
| Ticket | Client | Action |
|---|---|---|
| #32231 (ID 109712846) | Bill/Yvonne Tedards | Created + 1hr Remote Business — DKIM/DMARC setup ($150) |
## Pending Tasks
- **Trusted senders add for Yvonne** — add `lindsay@agencyzoomify.com` to `y226@tedards.net` trusted senders via `Set-MailboxJunkEmailConfiguration`. Mike to confirm.
- **lindsay@agencyzoomify.com DKIM** — advise Yvonne to pass to Lindsay: enable DKIM in M365 Defender portal for agencyzoomify.com. Without it, their `p=quarantine` DMARC will continue causing delivery issues at other recipients too.
- **Sombra Residential WS2012 EOL** — Server2013 (actually WS2012, EOL 2023-10-10) enrolled by Howard. Needs migration path discussion with client. sysadmin account password also needs to be captured in vault.
- **QB PDF fix** (Yvonne Tedards) — awaiting confirmation that disabling Protected Print Mode + QB Repair resolved the issue.
- **Tedards email issue ticket #32228** — `lindsay@agencyzoomify.com` delivery problem. Root cause found; fix pending.
## Reference
- tedards.net Exchange mailboxes: `bt@tedards.net` (Bill), `y226@tedards.net` (Yvonne)
- tedards.net tenant ID: `4fcbb1f4-fbf9-4548-a93e-7d14a3c091e6`
- WHM API: `https://72.194.62.5:2087` (vault: `infrastructure/ix-server.sops.yaml`)
- agencyzoomify.com DKIM status: NO RECORDS — selector1/selector2 NXDOMAIN
- agencyzoomify.com DMARC: `v=DMARC1; p=quarantine; rua=mailto:lindsay@agencyzoomify.com`
- Sombra Residential vault: `clients/sombra-residential/server2013.sops.yaml`
- Syncro ticket #32228: Tedards email issue (no billing yet)
- Syncro ticket #32231: Tedards DKIM/DMARC ($150 logged)