SYNAQ Root Cause Analysis
SYNAQ Securemail – Inbound and Outbound Mail Delivery Incident
Date: 2016-11-02
Summary and Impact to Customers
On Wednesday 2nd November from 07:59 – 14:31, SYNAQ Securemail experienced an inbound and outbound mail delivery incident.
The resultant impact of the event was the delay of up to 13 hours for certain inbound and outbound mail.
Root cause and Solution
The root cause of this event was due to a DDoS attack, where a large number of black listed IP addresses were attempting to send us mail. As a result, the ensuing reject logs that were sent to the MySQL server utilised all of the existing connections and mails could thus not be processed accordingly.
In order to resolve this issue, our engineers restarted the MySQL server to establish new connections to the MySQL database so that mails could once again be processed efficiently.
Remediation Actions
• We have increased our monitoring measures and controls so that this issue does not recur in the future.
• We have upgraded our Botnet detector to detect and block these attacks at the connection layer.