azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70aa4c484b253b3df44b85cb55ee2ba2f20439dc
claudetools/.claude/memory/project_neptune_sbr_email_routing.md
Mike Swanson d3f3d28fb6 sync: auto-sync from GURU-KALI at 2026-05-26 19:41:06 
Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-26 19:41:06
2026-05-26 19:41:07 -07:00

3.2 KiB
Raw Blame History

name, description, type
name description type
Neptune SBR Email Routing Setup How outbound email routing works on Neptune Exchange - SBR agent, MailProtector smarthost, send connectors, and common fix for new clients project

[INFO] Treat outbound routing breakage as systemic, not per-client. Multiple clients (devcon, Sorensen/rieussetcorp) have hit the same "email not routing from Neptune" symptom — likely a shared config/platform problem rather than isolated incidents. When a fix is applied for one client, check whether it needs replicating for the others.

Neptune Outbound Email Routing Chain

  1. User sends mail from Exchange mailbox on Neptune (172.16.3.11)
  2. Microsoft.Exchange.SBR transport agent (Priority 12) fires on OnResolved event
  3. SBR reads config files at C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Custom\:
    • Microsoft.Exchange.SBR.InternalDomains.config — list of domains SBR handles
    • Microsoft.Exchange.SBR.OverrideSettings.config — maps domain.com;domain.sbr for routing
    • Microsoft.Exchange.SBR.IgnoreAuthAs.config — exclusions
  4. SBR rewrites recipient routing to .sbr domain (e.g., rieussetcorp.sbr)
  5. Exchange matches .sbr address space to the corresponding Send Connector (e.g., Outbound.Sorensen)
  6. Send connector smarthosts through MailProtector: domain-com.outbound.emailservice.io
  7. MailProtector relays to final destination

There is also a messageconcept ExSBR agent at Priority 11 (C:\Program Files\messageconcept\ExSBR\).

Common Issue: New client or server move

When Neptune's IP changes or a new domain is added, MailProtector must have the sending server IP authorized. Without this, MailProtector accepts the relay but drops/rejects the message.

Fix (2026-03-22 for rieussetcorp.com): Added 67.206.163.124 and 67.206.163.122 to MailProtector's authorized sender IPs.

Neptune Location

Neptune physically moved from ACG office (72.194.62.7) to Dataforth (67.206.163.124 inbound, 67.206.163.122 outbound). SNAT rule on Dataforth UDM (/data/on_boot.d/10-neptune-snat.sh) should force outbound to use .124.

Access

  • WinRM: 172.16.3.11, ACG\administrator, via pywinrm with NTLM
  • Exchange PS: Connect via New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://neptune.acg.local/PowerShell/ -Authentication Kerberos
  • Requires Tailscale route through D2TESTNAS (192.168.0.9) for 172.16.0.0/22

Known Issues (as of 2026-03-22)

[STALE 2026-05-26 — these overnight TODOs are ~2 months old and were never reconciled; re-verify before acting.]

  • 67.206.163.122 has no PTR record and is blacklisted by some providers
  • SNAT rule may not be active — outbound was going as .122 not .124 on 3/16. Need to check UDM (192.168.0.254) — couldn't auth via SSH tonight, check in morning
  • MAIL transport server still exists in Exchange config but server is decommissioned
  • Spam queues with junk domains (wwwyamaha666.ru, bestspatulas.com, etc.)
  • Tailscale 172.16.0.0/22 route moved from ACG pfSense to D2TESTNAS — may need permanent solution
  • UDM SSH password (Paper123!@#-unifi) was rejected — may have changed

Resolved (2026-03-22)

  • rieussetcorp.com outbound: Added 67.206.163.124 and .122 to MailProtector authorized IPs — mail now flowing
Reference in New Issue View Git Blame Copy Permalink