This is mostly to make things a matter of public record, in addition to a bit of a rant.
Got a call yesterday morning. They can't process credit cards. That office happens to use Intuit/Quickbooks for everything from inventory tracking, to payment processing and accounting. I've been down the road of getting away from Intuit often. Don't know if this will push them past the edge or not.
Ok, spent 2 hours manually doing updates because the automatic ones broke along the way somewhere. Updates complete. Good, we should be up and running. They try to login, and get asked for a code. Ok, check the email address... nothing.
Now I'm calling Intuit support (bad idea, but we're basically not in business at this point.) That's a 3 hour call where I'm told something is wrong with our email server.
Fine, hang up with one unhelpful peon. Go eat lunch (3:30pm at this point, my blood sugar is about to tank.)
Get back into the office around 4:30. Enough time to find something very interesting in the server logs...
2016-10-05 14:01:56 H=lvmailappout12.intuit.com [184.108.40.206]:30939 sender verify fail for <[email protected]>: response to "RCPT TO:<[email protected]>" from mailin.intuit.com [220.127.116.11] was: 550 #5.1.0 Address rejected.
2016-10-06 11:17:10 H=mailout203.intuit.com [18.104.22.168]:49121 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
Now, I spent way to much time figuring out how to deal with spam, and have gotten it figured out for the most part. So, they are sending a confirmation code out using an address that their own email server does not acknowledge as being valid. Yet it's somehow my fault that the email is not being delivered.
Spent another 2 hours on the phone this morning going over the same stuff. We're working through alternatives, none of which are something the business would normally find acceptable.
This on top of them having me enable SSL2 in the browser. Uhm, these computers have to remain PCI compliant, and they just purposely made them non-compliant.
Malicious company, let it be known.