sync: auto-sync from GURU-BEAST-ROG at 2026-06-08 10:50:37
Author: Mike Swanson Machine: GURU-BEAST-ROG Timestamp: 2026-06-08 10:50:37
This commit is contained in:
99
wiki/clients/rieusset-corp.md
Normal file
99
wiki/clients/rieusset-corp.md
Normal file
@@ -0,0 +1,99 @@
|
||||
---
|
||||
type: client
|
||||
name: rieusset-corp
|
||||
display_name: Rieusset Corp (Tom Sorensen)
|
||||
last_compiled: 2026-06-08
|
||||
compiled_by: GURU-BEAST-ROG/discord-bot
|
||||
sources:
|
||||
- clients/dataforth/session-logs/2026-04-14-session.md
|
||||
- .claude/memory/project_neptune_sbr_email_routing.md
|
||||
- clients/internal-infrastructure.md
|
||||
- discord thread 1513597169796645157 (2026-06-08)
|
||||
---
|
||||
|
||||
# Rieusset Corp (Tom Sorensen)
|
||||
|
||||
Small business client. Email hosted on ACG's Neptune Exchange server with Mailprotector CloudFilter filtering.
|
||||
|
||||
---
|
||||
|
||||
## Profile
|
||||
|
||||
- **Primary contact:** Tom Sorensen
|
||||
- **Domain:** rieussetcorp.com
|
||||
- **Syncro customer ID:** 16188
|
||||
- **Contract type:** Per-incident (verify)
|
||||
- **Billing rate:** Standard (verify)
|
||||
|
||||
---
|
||||
|
||||
## Email Hosting
|
||||
|
||||
Mail is hosted on **Neptune Exchange** (ACG-managed, physically at Dataforth D2). Inbound and outbound filtered via **Mailprotector CloudFilter**.
|
||||
|
||||
### Mailboxes (as of 2026-04-14)
|
||||
|
||||
| AD Account | Email Address | User |
|
||||
|---|---|---|
|
||||
| `tom` | tsorensen@rieussetcorp.com | Tom Sorensen (primary) |
|
||||
| `tomrc` | tomrc@rieussetcorp.com | Tom Sorensen (alternate) |
|
||||
| `ojodeagua` | ojodeagua@rieussetcorp.com | Tom Sorensen (alternate) |
|
||||
| `csorensen` | csorensen@rieussetcorp.com | Christine Sorensen |
|
||||
|
||||
### Mailprotector
|
||||
|
||||
- **Domain ID:** 57833
|
||||
- **Customer ID:** 16188
|
||||
- **Allow rules:** clipto.com (added 2026-06-08 — verification emails were being quarantined as bulk)
|
||||
|
||||
### Outbound Routing (Neptune SBR)
|
||||
|
||||
Outbound mail routes via Mailprotector smarthost using Exchange Sender-Based Routing:
|
||||
|
||||
- **Send connector:** `Outbound.Sorensen`
|
||||
- **Address space:** `rieussetcorp.sbr`
|
||||
- **Smarthost:** `rieussetcorp-com.outbound.emailservice.io`
|
||||
- **SBR config file:** `C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Custom\Microsoft.Exchange.SBR.InternalDomains.config` (on Neptune)
|
||||
|
||||
### DKIM
|
||||
|
||||
- **Selector:** `s1`
|
||||
- **Key location:** `C:\Program Files\Exchange DkimSigner\keys\` on Neptune
|
||||
- **Status:** [WARNING] DkimSigner globally DISABLED on Neptune as of 2026-04-23 (post-KB5084071 compatibility issue). Outbound mail from rieussetcorp.com is currently unsigned.
|
||||
|
||||
---
|
||||
|
||||
## Access
|
||||
|
||||
| Resource | Method |
|
||||
|---|---|
|
||||
| Mailboxes | Neptune Exchange — connect via ACG-DC16 WinRM or on-box PowerShell as administrator.ACG |
|
||||
| Mailprotector | `py mp.py` CLI, domain ID 57833 |
|
||||
| AD accounts | ACG-DC16 (172.16.3.52) — acg.local domain |
|
||||
|
||||
Passwords were last reset 2026-04-14 (all accounts set to `RC$sor3740` at that time — verify current state before sharing).
|
||||
|
||||
---
|
||||
|
||||
## History
|
||||
|
||||
| Date | Event |
|
||||
|---|---|
|
||||
| 2026-03-22 | Outbound routing failure — fixed by adding Neptune IPs (67.206.163.124, 67.206.163.122) to Mailprotector authorized sender list |
|
||||
| 2026-04-14 | All four AD account passwords reset via ACG-DC16 WinRM |
|
||||
| 2026-06-08 | Two "Verification code" emails from Clipto (hello@clipto.com) quarantined as bulk spam → manually released (IDs 4502364979, 4502352351); allow rule added for clipto.com on Mailprotector domain |
|
||||
|
||||
---
|
||||
|
||||
## Known Issues / Notes
|
||||
|
||||
- **Outbound routing is systemic with devcon:** when rieussetcorp outbound breaks, check devconllc.com SBR config too (same Neptune transport agent). See `memory/project_neptune_sbr_email_routing.md`.
|
||||
- **DkimSigner disabled globally** — outbound mail is unsigned. Will be resolved when Neptune is migrated to Exchange 2019.
|
||||
- **Neptune dependency:** this client's mail service lives or dies with Neptune. See `wiki/clients/internal-infrastructure.md` for Neptune status and migration plan.
|
||||
|
||||
---
|
||||
|
||||
## Backlinks
|
||||
|
||||
- [[clients/internal-infrastructure]] — Neptune Exchange hosts rieussetcorp.com mail
|
||||
- [[clients/dataforth]] — Neptune physically colocated at Dataforth D2
|
||||
@@ -28,6 +28,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 |
|
||||
| [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K–$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 |
|
||||
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 3–6 months | 2026-05-24 |
|
||||
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
|
||||
| [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 |
|
||||
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete; 2026-06-04 site-wide outage resolved (UDR Ultra reboot dropped VPN port-forward, re-added in controller); BridgettePSHomeComputer re-enrolled (new UUID 01160fc8); vault drift open (pst-admin password); Syncro 278525 (Peaceful Spirit Massage) | 2026-06-04 |
|
||||
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
|
||||
|
||||
Reference in New Issue
Block a user