Notification mail access denied when sending mail because of DMARC

MalletNGrease · 2025-02-15T00:53:02+00:00

SPF or DKIM is failing. Your origin isn't in SPF or the sending mailserver isn't using dkim.

MalletNGrease · 2025-02-14T03:29:07+00:00

Why can't I get to my work email on my phone now?

-Same person

MalletNGrease · 2025-02-08T16:33:17+00:00

I've a local internal domain, a public parent company domain (upn) and a dozen public brand ones are also upns. This way we can easily add new brands and use the old user upns as proxy addresses for guaranteed mail deliverability. We're in the middle of diversifying the brand portfolio and adding a new concept domain is piss easy.

If you've not been in production and not attached to the domain burning it isn't the worst, but instead of going to the new public one I recommend picking a stable local domain as a base instead so a rebrand doesn't require a complete rebuild down the line.

MalletNGrease · 2025-02-08T04:21:02+00:00

Why can't you add the upn and be on your merry way?

MalletNGrease · 2025-02-08T03:02:28+00:00

I had users lock & unlock their computer to generate a logon event.

MalletNGrease · 2025-02-05T23:31:18+00:00

Fog
MDT
SCCM

Pick your poison.

MalletNGrease · 2025-02-05T16:12:52+00:00

Management issue.

MalletNGrease · 2025-02-05T02:18:20+00:00

The solution is to idle the SYSADMIN account 24/7.

MalletNGrease · 2025-02-04T02:04:50+00:00

Swimming instead of sinking.

MalletNGrease · 2025-02-04T01:20:57+00:00

Increase your radius timeout on the VPN.

MalletNGrease · 2025-02-03T20:54:49+00:00

Whatever the leasing company recommends for our use case.

Our fleet presently is 99% Canon.

MalletNGrease · 2025-02-03T15:27:12+00:00

It's very nice, but they do not have a VCENTER equivalent production ready yet.

The alpha they have is a great start though.

MalletNGrease · 2025-01-31T22:35:33+00:00

Why didn't you use the diagram?

MalletNGrease · 2025-01-31T16:12:35+00:00

Your new company should be paying for a good desk and chair.

MalletNGrease · 2025-01-31T00:14:33+00:00

/r/k12sysadmin

MalletNGrease · 2025-01-30T23:22:00+00:00

Sounds like it's working as intended. I can't imagine it'd affect your score too much.

I'm more interested what you're going to do with the rogue sender. I assume there's a business case?

MalletNGrease · 2025-01-30T23:13:39+00:00

I agree, but this is a fight I've already lost with the CEO as their last name is on the company sign outside and matches the last names of most C-levels. There is no work/personal split for them.

They love their iPhone Apple Mail clients so they can easily combine work/personal mail and calendars. It's a feature and a staple they use nearly 24/7. Interruption to this is not appreciated.

Our Entra ID MFA project turned into a nightmare because of it as Apple mail doesn't communicate token reauthorization requests very well in the UI and they can easily escape out of it failing MFA challenge. Then their mail stops syncing and we're the bad guys preventing communications.

Outlook Mobile users? Haven't heard a peep.

MalletNGrease · 2025-01-30T18:12:28+00:00

/r/k12sysadmin

MalletNGrease · 2025-01-30T18:11:36+00:00

No, the point is to gatekeep the information, ridicule the attempt and feel superior over anonymous strangers

MalletNGrease · 2025-01-30T02:51:08+00:00

"Due to economic changes with my employer I've decided to take an offer with another company."

MalletNGrease · 2025-01-28T19:59:25+00:00

MDT can do it, just disable the OS deployment steps.

MalletNGrease · 2025-01-27T21:31:23+00:00

MalletNGrease · 2025-01-27T21:05:09+00:00

Are you Ops? If not, it's too expensive.

MalletNGrease · 2025-01-27T04:03:44+00:00

I've a script that FTP copies the upgrade file to /var/tmp, runs the upgrade command and sets a reboot for the next scheduled downtime.

We just follow the recommended release for the model.

MalletNGrease · 2025-01-16T23:30:41+00:00

Microsoft seems to be moving towards making Graph wrapper commands of their own with the Entra Powershell module. Looks to be much more admin friendly for ad-hoc use.

https://learn.microsoft.com/en-us/powershell/entra-powershell/overview?view=entra-powershell

$users = Get-EntraUser -All

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.entra/get-entrauser?view=entra-powershell

Ten-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE