From f2474def5b4a6b7e5ed2b644ba06d2f2a7410419 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Mon, 8 Jun 2026 10:50:42 -0700 Subject: [PATCH] sync: auto-sync from GURU-BEAST-ROG at 2026-06-08 10:50:37 Author: Mike Swanson Machine: GURU-BEAST-ROG Timestamp: 2026-06-08 10:50:37 --- wiki/clients/rieusset-corp.md | 99 +++++++++++++++++++++++++++++++++++ wiki/index.md | 1 + 2 files changed, 100 insertions(+) create mode 100644 wiki/clients/rieusset-corp.md diff --git a/wiki/clients/rieusset-corp.md b/wiki/clients/rieusset-corp.md new file mode 100644 index 0000000..22144bc --- /dev/null +++ b/wiki/clients/rieusset-corp.md @@ -0,0 +1,99 @@ +--- +type: client +name: rieusset-corp +display_name: Rieusset Corp (Tom Sorensen) +last_compiled: 2026-06-08 +compiled_by: GURU-BEAST-ROG/discord-bot +sources: + - clients/dataforth/session-logs/2026-04-14-session.md + - .claude/memory/project_neptune_sbr_email_routing.md + - clients/internal-infrastructure.md + - discord thread 1513597169796645157 (2026-06-08) +--- + +# Rieusset Corp (Tom Sorensen) + +Small business client. Email hosted on ACG's Neptune Exchange server with Mailprotector CloudFilter filtering. + +--- + +## Profile + +- **Primary contact:** Tom Sorensen +- **Domain:** rieussetcorp.com +- **Syncro customer ID:** 16188 +- **Contract type:** Per-incident (verify) +- **Billing rate:** Standard (verify) + +--- + +## Email Hosting + +Mail is hosted on **Neptune Exchange** (ACG-managed, physically at Dataforth D2). Inbound and outbound filtered via **Mailprotector CloudFilter**. + +### Mailboxes (as of 2026-04-14) + +| AD Account | Email Address | User | +|---|---|---| +| `tom` | tsorensen@rieussetcorp.com | Tom Sorensen (primary) | +| `tomrc` | tomrc@rieussetcorp.com | Tom Sorensen (alternate) | +| `ojodeagua` | ojodeagua@rieussetcorp.com | Tom Sorensen (alternate) | +| `csorensen` | csorensen@rieussetcorp.com | Christine Sorensen | + +### Mailprotector + +- **Domain ID:** 57833 +- **Customer ID:** 16188 +- **Allow rules:** clipto.com (added 2026-06-08 — verification emails were being quarantined as bulk) + +### Outbound Routing (Neptune SBR) + +Outbound mail routes via Mailprotector smarthost using Exchange Sender-Based Routing: + +- **Send connector:** `Outbound.Sorensen` +- **Address space:** `rieussetcorp.sbr` +- **Smarthost:** `rieussetcorp-com.outbound.emailservice.io` +- **SBR config file:** `C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Custom\Microsoft.Exchange.SBR.InternalDomains.config` (on Neptune) + +### DKIM + +- **Selector:** `s1` +- **Key location:** `C:\Program Files\Exchange DkimSigner\keys\` on Neptune +- **Status:** [WARNING] DkimSigner globally DISABLED on Neptune as of 2026-04-23 (post-KB5084071 compatibility issue). Outbound mail from rieussetcorp.com is currently unsigned. + +--- + +## Access + +| Resource | Method | +|---|---| +| Mailboxes | Neptune Exchange — connect via ACG-DC16 WinRM or on-box PowerShell as administrator.ACG | +| Mailprotector | `py mp.py` CLI, domain ID 57833 | +| AD accounts | ACG-DC16 (172.16.3.52) — acg.local domain | + +Passwords were last reset 2026-04-14 (all accounts set to `RC$sor3740` at that time — verify current state before sharing). + +--- + +## History + +| Date | Event | +|---|---| +| 2026-03-22 | Outbound routing failure — fixed by adding Neptune IPs (67.206.163.124, 67.206.163.122) to Mailprotector authorized sender list | +| 2026-04-14 | All four AD account passwords reset via ACG-DC16 WinRM | +| 2026-06-08 | Two "Verification code" emails from Clipto (hello@clipto.com) quarantined as bulk spam → manually released (IDs 4502364979, 4502352351); allow rule added for clipto.com on Mailprotector domain | + +--- + +## Known Issues / Notes + +- **Outbound routing is systemic with devcon:** when rieussetcorp outbound breaks, check devconllc.com SBR config too (same Neptune transport agent). See `memory/project_neptune_sbr_email_routing.md`. +- **DkimSigner disabled globally** — outbound mail is unsigned. Will be resolved when Neptune is migrated to Exchange 2019. +- **Neptune dependency:** this client's mail service lives or dies with Neptune. See `wiki/clients/internal-infrastructure.md` for Neptune status and migration plan. + +--- + +## Backlinks + +- [[clients/internal-infrastructure]] — Neptune Exchange hosts rieussetcorp.com mail +- [[clients/dataforth]] — Neptune physically colocated at Dataforth D2 diff --git a/wiki/index.md b/wiki/index.md index 0fce053..9884d55 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -28,6 +28,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 | | [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K–$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 | | [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 3–6 months | 2026-05-24 | +| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 | | [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 | | [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete; 2026-06-04 site-wide outage resolved (UDR Ultra reboot dropped VPN port-forward, re-added in controller); BridgettePSHomeComputer re-enrolled (new UUID 01160fc8); vault drift open (pst-admin password); Syncro 278525 (Peaceful Spirit Massage) | 2026-06-04 | | [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |