--- type: client name: klem-littlehearts display_name: Bob Klem / Little Hearts Little Hands last_compiled: 2026-06-15 compiled_by: GURU-BEAST-ROG/discord-bot sources: - clients/internal-infrastructure/session-logs/2026-03-17-neptune-exchange-cleanup.md - discord thread 1516115120453844992 (2026-06-15) --- # Bob Klem / Little Hearts Little Hands Education-sector client. Email hosted on ACG's Neptune Exchange server with Mailprotector CloudFilter filtering. The school was previously known as **Air and Space Academy** and was later renamed to **Little Hearts Little Hands**. Two legacy domains (airandspaceacademy.com, lifelonglearningacademy.com) are kept active and are intended to function as aliases delivering to the primary @littleheartslittlehands.org mailboxes. --- ## Profile - **Primary contact:** Bob Klem / Robert Klem - **Domains:** - `littleheartslittlehands.org` — primary mail domain - `airandspaceacademy.com` — legacy alias domain (school's former name) - `lifelonglearningacademy.com` — legacy alias domain - **Domain registrar:** GoDaddy (client's own account — ACG does NOT have API access) - **Mailprotector account:** Bob Klem, account ID 17414 --- ## Email Hosting Mail is hosted on **Neptune Exchange** (ACG-managed, physically at Dataforth D2). Inbound and outbound filtered via **Mailprotector CloudFilter**. ### Intended Architecture `littleheartslittlehands.org` is the **primary domain**. The two legacy domains are **email address aliases** on the same mailboxes — mail sent to `rklem@airandspaceacademy.com` delivers to the `rklem@littleheartslittlehands.org` mailbox. No forwarding; the alias addresses are proxy addresses on the Exchange mailbox object. ### Mailprotector Domain Provisioning (as of 2026-06-15) | Domain | MP Domain ID | Status | |---|---|---| | airandspaceacademy.com | 29764 | Active (provisioned 2020-03-15) | | littleheartslittlehands.org | 49493 | Active (provisioned 2024-05-07) | | lifelonglearningacademy.com | — | **NOT provisioned** | ### MX Records (as of 2026-06-15) — BOTH WRONG Both alias domains currently point MX directly to `mail.acghosting.com`, bypassing Mailprotector. Neptune's inbound restriction transport rule (priority 0) **blocks direct delivery** for these domains — meaning inbound mail to both alias domains is currently being rejected. | Domain | Current MX | Correct MX | |---|---|---| | airandspaceacademy.com | `mail.acghosting.com` (priority 10) | `airandspaceacademy-com.inbound.emailservice.io` | | lifelonglearningacademy.com | `mail.acghosting.com` (priority 10) | `lifelonglearningacademy-com.inbound.emailservice.io` (after MP provisioning) | **Action required:** 1. Provision `lifelonglearningacademy.com` in Mailprotector under account 17414 (Bob Klem) 2. Update both MX records in GoDaddy (client's account — need credentials from client) 3. Standard Mailprotector secondary/tertiary MX pattern: priority 10/20/30 via .io/.cc/.co ### Neptune Exchange Mailboxes (as of 2026-06-15) #### Correctly configured — .org primary with alias addresses | Display Name | Primary SMTP | Alias Domains Present | |---|---|---| | Robert Klem | rklem@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com, @littleheartslittlehands.com | | Marylou Klem | marylou@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com | #### Needs alias addresses added — .org primary, no legacy domain aliases | Display Name | Primary SMTP | Missing Aliases | |---|---|---| | Ms Williamson | swilliamson@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com | #### Standalone mailboxes — primary is still legacy domain, NOT alias on .org mailbox These accounts have a legacy domain as their primary address. No corresponding @littleheartslittlehands.org mailbox exists. Status deferred per Mike (2026-06-15) — do not convert until instructed. | Alias | Primary SMTP | Notes | |---|---|---| | ajoseph | ajoseph@airandspaceacademy.com | Former staff? | | email | email@airandspaceacademy.com | Generic address | | lschlegel | lschlegel@airandspaceacademy.com | Former staff? | | mrocha | mrocha@airandspaceacademy.com | Former staff? | | RicohCopier | RicohCopier@airandspaceacademy.com | Device mailbox — verify if copier still active | | sbranch | sbranch@airandspaceacademy.com | Former staff? | | tstevens | tstevens@airandspaceacademy.com | Former staff? | | specialeducation | specialeducation@lifelonglearningacademy.com | Generic/role address | ### SBR / Send Connector (outbound) | Domain | SBR Tag | Send Connector | Smart Host | |---|---|---|---| | airandspaceacademy.com | airandspaceacademy.sbr | Outbound.LittleHearts | littleheartslittlehands-org.outbound.emailservice.io | | lifelonglearningacademy.com | lifelonglearningacademy.sbr | Outbound.LLA | lifelonglearningacademy-com.outbound.emailservice.io | | littleheartslittlehands.org | littleheartslittlehands.sbr | Outbound.LittleHearts | littleheartslittlehands-org.outbound.emailservice.io | ### Neptune Transport Rules Affecting This Client - **Restrict Inbound - Devcon and LittleHearts** (priority 0): Rejects inbound mail to airandspaceacademy.com / littleheartslittlehands.org / .com that does NOT arrive from Mailprotector IPs. Direct-to-Neptune delivery is blocked. This is why the broken MX records cause inbound mail to fail. --- ## Open Items 1. **[CRITICAL] Fix airandspaceacademy.com MX on GoDaddy** — Mailprotector already provisioned. Just needs MX updated to `airandspaceacademy-com.inbound.emailservice.io`. Requires client's GoDaddy account credentials. 2. **[CRITICAL] Provision lifelonglearningacademy.com in Mailprotector** — not yet in MP. Must do before changing MX. 3. **[CRITICAL] Fix lifelonglearningacademy.com MX on GoDaddy** — same as above, after MP provisioning. Requires client's GoDaddy account credentials. 4. **[LOW] Add alias addresses to Ms Williamson's mailbox** — `swilliamson@airandspaceacademy.com` and `swilliamson@lifelonglearningacademy.com` proxy addresses missing. 5. **[DEFERRED] Standalone legacy-domain mailboxes** — 8 accounts still have old domain as primary. Mike to advise which (if any) need .org counterparts or should be disabled. --- ## History | Date | Event | |---|---| | 2020-03-15 | airandspaceacademy.com provisioned in Mailprotector | | 2024-05-07 | littleheartslittlehands.org provisioned in Mailprotector | | 2026-03-17 | Neptune cleanup — spam purged from airandspaceacademy.com mailboxes; SBR routing configured; inbound restriction rule created. MX fix deferred. | | 2026-06-15 | Mailbox audit via RMM. Confirmed MX on both alias domains still pointing direct to mail.acghosting.com. GoDaddy API key is ACG's account — client domains are in client's own GoDaddy. |