azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-BEAST-ROG at 2026-06-08 10:50:37

Browse Source 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-08 10:50:37
This commit is contained in:
Mike Swanson
2026-06-08 10:50:42 -07:00
parent eb5757d170
commit f2474def5b
2 changed files with 100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
wiki/clients/rieusset-corp.md Normal file
View File

@@ -0,0 +1,99 @@
---
type: client
name: rieusset-corp
display_name: Rieusset Corp (Tom Sorensen)
last_compiled: 2026-06-08
compiled_by: GURU-BEAST-ROG/discord-bot
sources:
- clients/dataforth/session-logs/2026-04-14-session.md
- .claude/memory/project_neptune_sbr_email_routing.md
- clients/internal-infrastructure.md
- discord thread 1513597169796645157 (2026-06-08)
---
# Rieusset Corp (Tom Sorensen)
Small business client. Email hosted on ACG's Neptune Exchange server with Mailprotector CloudFilter filtering.
---
## Profile
- **Primary contact:** Tom Sorensen
- **Domain:** rieussetcorp.com
- **Syncro customer ID:** 16188
- **Contract type:** Per-incident (verify)
- **Billing rate:** Standard (verify)
---
## Email Hosting
Mail is hosted on **Neptune Exchange** (ACG-managed, physically at Dataforth D2). Inbound and outbound filtered via **Mailprotector CloudFilter**.
### Mailboxes (as of 2026-04-14)
| AD Account | Email Address | User |
|---|---|---|
| `tom` | tsorensen@rieussetcorp.com | Tom Sorensen (primary) |
| `tomrc` | tomrc@rieussetcorp.com | Tom Sorensen (alternate) |
| `ojodeagua` | ojodeagua@rieussetcorp.com | Tom Sorensen (alternate) |
| `csorensen` | csorensen@rieussetcorp.com | Christine Sorensen |
### Mailprotector
- **Domain ID:** 57833
- **Customer ID:** 16188
- **Allow rules:** clipto.com (added 2026-06-08 — verification emails were being quarantined as bulk)
### Outbound Routing (Neptune SBR)
Outbound mail routes via Mailprotector smarthost using Exchange Sender-Based Routing:
- **Send connector:** `Outbound.Sorensen`
- **Address space:** `rieussetcorp.sbr`
- **Smarthost:** `rieussetcorp-com.outbound.emailservice.io`
- **SBR config file:** `C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Custom\Microsoft.Exchange.SBR.InternalDomains.config` (on Neptune)
### DKIM
- **Selector:** `s1`
- **Key location:** `C:\Program Files\Exchange DkimSigner\keys\` on Neptune
- **Status:** [WARNING] DkimSigner globally DISABLED on Neptune as of 2026-04-23 (post-KB5084071 compatibility issue). Outbound mail from rieussetcorp.com is currently unsigned.
---
## Access
| Resource | Method |
|---|---|
| Mailboxes | Neptune Exchange — connect via ACG-DC16 WinRM or on-box PowerShell as administrator.ACG |
| Mailprotector | `py mp.py` CLI, domain ID 57833 |
| AD accounts | ACG-DC16 (172.16.3.52) — acg.local domain |
Passwords were last reset 2026-04-14 (all accounts set to `RC$sor3740` at that time — verify current state before sharing).
---
## History
| Date | Event |
|---|---|
| 2026-03-22 | Outbound routing failure — fixed by adding Neptune IPs (67.206.163.124, 67.206.163.122) to Mailprotector authorized sender list |
| 2026-04-14 | All four AD account passwords reset via ACG-DC16 WinRM |
| 2026-06-08 | Two "Verification code" emails from Clipto (hello@clipto.com) quarantined as bulk spam → manually released (IDs 4502364979, 4502352351); allow rule added for clipto.com on Mailprotector domain |
---
## Known Issues / Notes
- **Outbound routing is systemic with devcon:** when rieussetcorp outbound breaks, check devconllc.com SBR config too (same Neptune transport agent). See `memory/project_neptune_sbr_email_routing.md`.
- **DkimSigner disabled globally** — outbound mail is unsigned. Will be resolved when Neptune is migrated to Exchange 2019.
- **Neptune dependency:** this client's mail service lives or dies with Neptune. See `wiki/clients/internal-infrastructure.md` for Neptune status and migration plan.
---
## Backlinks
- [[clients/internal-infrastructure]] — Neptune Exchange hosts rieussetcorp.com mail
- [[clients/dataforth]] — Neptune physically colocated at Dataforth D2

1
wiki/index.md
View File

@@ -28,6 +28,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 | | [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 |
| [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 | | [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 |
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 | | [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
| [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 | | [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete; 2026-06-04 site-wide outage resolved (UDR Ultra reboot dropped VPN port-forward, re-added in controller); BridgettePSHomeComputer re-enrolled (new UUID 01160fc8); vault drift open (pst-admin password); Syncro 278525 (Peaceful Spirit Massage) | 2026-06-04 | | [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete; 2026-06-04 site-wide outage resolved (UDR Ultra reboot dropped VPN port-forward, re-added in controller); BridgettePSHomeComputer re-enrolled (new UUID 01160fc8); vault drift open (pst-admin password); Syncro 278525 (Peaceful Spirit Massage) | 2026-06-04 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 | | [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |