Time: Jan. 26, 2022, 12:49 p.m.

Status: Postmortem

Update: Summary and Impact to Customers On Tuesday 25th January 2022 from 11:30 to 16:38, SYNAQ Cloud Mail experienced an authentication incident affecting a subset of users. The resultant impact of the event was that certain users were unable to authenticate and access their mailboxes. Root Cause and Solution The root cause of this event was due to Virtual Machine \(VM\) backup snapshots on two Cloud Mail mailbox stores not being removed as part of a maintenance task. As part of our routine nightly backup processes, or when server maintenance is being performed, backups snapshots are created for each VM to ensure quick roll back and minimal impact to clients should there be an issue during maintenance or otherwise. Once a maintenance task has been completed the snapshots are then removed manually. If snapshots are not removed the performance of the VM slowly degrades over time. Human error resulted in snapshots not being removed from two of the stores after maintenance was performed last week Thursday. Whilst the removal of snapshots is not normally a problem in isolation, a further error occurred with our monitoring scripts that look for this issue – they did not detect that these VM’s had old out-of-date snapshots and therefore no alerts were raised. As such, these snapshots started to impact the performance of the stores on Monday. To resolve this degradation, the snapshots were removed on Tuesday morning. Five of the seven snapshots removed successfully, however, two of the snapshots did not complete their consolidation step and this degraded the VM’s performance even more forcing them to enter an unresponsive state. To resolve this issue, a manual consolidation of both VM’s needed to be run. Due to the business day load and performance of these VM’s this took a couple of hours to complete. Remediation Actions • Process improvements will be made to the existing maintenance process to ensure that the snapshot removal task is triple checked for completion. • Snapshot monitoring checks to be repaired and updated to alert for old snapshots. • Snapshot removal to only take place outside of business hours despite possible degradation of VM performance.

Time: Jan. 26, 2022, 12:49 p.m.

Status: Postmortem

Update: Summary and Impact to Customers On Tuesday 25th January 2022 from 11:30 to 16:38, SYNAQ Cloud Mail experienced an authentication incident affecting a subset of users. The resultant impact of the event was that certain users were unable to authenticate and access their mailboxes. Root Cause and Solution The root cause of this event was due to Virtual Machine \(VM\) backup snapshots on two Cloud Mail mailbox stores not being removed as part of a maintenance task. As part of our routine nightly backup processes, or when server maintenance is being performed, backups snapshots are created for each VM to ensure quick roll back and minimal impact to clients should there be an issue during maintenance or otherwise. Once a maintenance task has been completed the snapshots are then removed manually. If snapshots are not removed the performance of the VM slowly degrades over time. Human error resulted in snapshots not being removed from two of the stores after maintenance was performed last week Thursday. Whilst the removal of snapshots is not normally a problem in isolation, a further error occurred with our monitoring scripts that look for this issue – they did not detect that these VM’s had old out-of-date snapshots and therefore no alerts were raised. As such, these snapshots started to impact the performance of the stores on Monday. To resolve this degradation, the snapshots were removed on Tuesday morning. Five of the seven snapshots removed successfully, however, two of the snapshots did not complete their consolidation step and this degraded the VM’s performance even more forcing them to enter an unresponsive state. To resolve this issue, a manual consolidation of both VM’s needed to be run. Due to the business day load and performance of these VM’s this took a couple of hours to complete. Remediation Actions • Process improvements will be made to the existing maintenance process to ensure that the snapshot removal task is triple checked for completion. • Snapshot monitoring checks to be repaired and updated to alert for old snapshots. • Snapshot removal to only take place outside of business hours despite possible degradation of VM performance.

Time: Jan. 25, 2022, 2:38 p.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail incident has been resolved and all services are running optimally.

Time: Jan. 25, 2022, 2:38 p.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail incident has been resolved and all services are running optimally.

Time: Jan. 25, 2022, 12:43 p.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail Incident. This is being treated as a matter of urgency. Half of affected users have already recovered. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 12:43 p.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail Incident. This is being treated as a matter of urgency. Half of affected users have already recovered. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 11:42 a.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail Incident. This is being treated as a matter of urgency. Half of affected users have already recovered. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 11:42 a.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail Incident. This is being treated as a matter of urgency. Half of affected users have already recovered. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 10:46 a.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 10:46 a.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We will send our next update in 60 minutes

Time: Jan. 25, 2022, 9:59 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where a subset of users are unable to log into their mailboxes. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.

Time: Jan. 25, 2022, 9:59 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where a subset of users are unable to log into their mailboxes. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.

Time: Oct. 20, 2021, 11:44 a.m.

Status: Postmortem

Update: Summary and Impact to Customers On Wednesday 13th October 2021 from 12:03 to 14:06, SYNAQ Cloud Mail experienced a mail authentication incident. The resultant impact of the event was that users received an authentication pop-up message when trying to login and experienced slow access to mail. Root Cause and Solution The root cause of this event was due to an abnormal amount of modification requests being received from the SYNAQ API. The increased writes and load on the master LDAP server prevented the LDAP replicas from being able to replicate the LDAP changes from the master. Since LDAP replicas are responsible for servicing requests for authentication and mail delivery, and were unable to sync correctly from the master LDAP server in this instance, authentication and mail delivery requests were not processed. To resolve this issue, the primary server and all replicas had to be restarted to re-establish the syncing between LDAP servers. Once all the LDAP servers were in sync, authentication requests were once again being processed and users could access their mail. Remediation Actions • More stringent limits on the API are to be put in place to limit the number of requests that can come in from a single IP address to prevent increased load on the LDAP servers. • The SYNAQ infrastructure teams are working in collaboration with the 3rd Party vendor to improve and harden our LDAP configuration.

Time: Oct. 13, 2021, 12:38 p.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail issue has been resolved and the service has returned to optimal functionality.

Time: Oct. 13, 2021, 12:06 p.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail issue has recovered. Our engineers are monitoring the service stability. We will provide a further update in 30 minutes

Time: Oct. 13, 2021, 11:39 a.m.

Status: Identified

Update: Dear Clients, Engineers have identified the Cloud Mail issue and are working on the root cause as a matter of urgency. Users are currently able to access their mailboxes. We will provide a further update in 30 minutes

Time: Oct. 13, 2021, 10:58 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still experiencing an issue where users are unable to access their mailboxes. Engineers are investigating the issue as a matter of urgency. We will provide an update in 30 minutes

Time: Oct. 13, 2021, 10:31 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an issue where users are unable to access their mailboxes. Engineers are investigating the issue as a matter of urgency. We will provide an update in 30 minutes

Time: Oct. 20, 2021, 11:44 a.m.

Status: Postmortem

Update: Summary and Impact to Customers On Wednesday 13th October 2021 from 12:03 to 14:06, SYNAQ Cloud Mail experienced a mail authentication incident. The resultant impact of the event was that users received an authentication pop-up message when trying to login and experienced slow access to mail. Root Cause and Solution The root cause of this event was due to an abnormal amount of modification requests being received from the SYNAQ API. The increased writes and load on the master LDAP server prevented the LDAP replicas from being able to replicate the LDAP changes from the master. Since LDAP replicas are responsible for servicing requests for authentication and mail delivery, and were unable to sync correctly from the master LDAP server in this instance, authentication and mail delivery requests were not processed. To resolve this issue, the primary server and all replicas had to be restarted to re-establish the syncing between LDAP servers. Once all the LDAP servers were in sync, authentication requests were once again being processed and users could access their mail. Remediation Actions • More stringent limits on the API are to be put in place to limit the number of requests that can come in from a single IP address to prevent increased load on the LDAP servers. • The SYNAQ infrastructure teams are working in collaboration with the 3rd Party vendor to improve and harden our LDAP configuration.

Time: Oct. 13, 2021, 12:38 p.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail issue has been resolved and the service has returned to optimal functionality.

Time: Oct. 13, 2021, 12:06 p.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail issue has recovered. Our engineers are monitoring the service stability. We will provide a further update in 30 minutes

Time: Oct. 13, 2021, 11:39 a.m.

Status: Identified

Update: Dear Clients, Engineers have identified the Cloud Mail issue and are working on the root cause as a matter of urgency. Users are currently able to access their mailboxes. We will provide a further update in 30 minutes

Time: Oct. 13, 2021, 10:58 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still experiencing an issue where users are unable to access their mailboxes. Engineers are investigating the issue as a matter of urgency. We will provide an update in 30 minutes

Time: Oct. 13, 2021, 10:31 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an issue where users are unable to access their mailboxes. Engineers are investigating the issue as a matter of urgency. We will provide an update in 30 minutes

Time: July 21, 2021, 12:12 p.m.

Status: Postmortem

Update: **Summary and Impact to Customers** On Tuesday 22nd June 2021 from 14:48 to 28th June 2021 14:55, SYNAQ Cloud Mail experienced an intermittent, degraded mail authentication incident. The resultant impact of the event was that certain users would receive authentication pop-up messages when trying to login via HTTPS, POP3/S, IMAP/S, SMTP/S, as well as slow access to webmail. **Root Cause and Solution** On the 22nd of June 2021 at 14:48 SYNAQ Cloud Mail began to experience incoming mail delays. This delay occurred at the Zimbra MTA \(Mail Transfer Agent\) layer. Once identified, we attempted a series of fixes to resolve the incident. At 15:30 a change was made to increase the processing threads of the MTA servers from 100 to 150 to increase the amount of mail dealt with at any one time by an MTA when trying to deliver mail. The change was done in an attempt to increase the processing of the mail building up in the queue. However, this did not have the desired effect. At 16:30 a new Exim server was added to the MTA cluster \(a project that was going to take place within the next couple of weeks – as detailed below in the root cause section\), and this server was able to process mails with no delays. We ceased new mail delivery to the MTA’s, one at a time, until they cleared their queues. Thereafter, normal mail flow was restored by 16:51. On the 23rd of June 2021 at 09:09, mail delays re-occurred, coupled with a select group of users receiving authentication failure “pop-up” messages when trying to login to their mailboxes. At 09:52 debugging was performed on the Anti-Virus functions on the MTA servers, as this appeared to be where the delay was taking place. Configuration changes then were made to timeout settings and processing times to try and resolve this issue. Unfortunately, this did not have the desired effect. At 10:15 the replacement of the rest of the current Cloud Mail MTAs with new Exim servers commenced. This replacement was decided upon because the one server currently in production was processing mail without delay. This was fully completed by 20:30. At 17:14 mail delays and authentication had recovered. On the 24th of June 2021 at 09:41 a select group of users were receiving authentication pop -up messages when trying to login and experienced slow access to mail. As a result, at 10:17 we moved our focus from the MTAs to the LDAP servers as mail flow was no longer affected since the change to the new Exim servers. A data dump of the master LDAP database was performed and reloaded on all the replicas to rule out any memory page fragmentation \(performance inhibiting side-affect\) across these LDAP servers. At 13:00 file system errors were discovered on the master LDAP server. All Cloud Mail servers were adjusted to point to the secondary master. A file system check and repair was run on the primary LDAP master. While the sever was down memory and CPU resources were increased. At 13:10 mail authentication and slow access had recovered. On the 25th of June 2021 at 09:22, a select group of users were receiving authentication pop-up messages when trying to login and experiencing slow access to mail. At 10:35, TCP and connection and timeout settings adjusted on all the LDAP servers. At 12:35, connection tracking was disabled on the load balancer. This was done to ensure that if there was a particular problem with an individual LDAP replica, then the connections move seamlessly to another replica. Mail authentication and slow access then recovered. On the 26th and 27th of June we experienced no further recurrences of the issues. On the 28th of June 09:30, a select group of users were receiving authentication pop-up messages when trying to login and experienced slow access to mail. At 10:00, two new LDAP replicas were built to be added to the cluster. At 11:03, the global address list feature was turned off \(for classes of service with large domains that did not need this feature\) to try and reduce the traffic to the LDAP servers. At 13:05, we deleted 30 data sources \(external account configurations\) that were stored in LDAP but were showing errors during LDAP replication. At 14:30, the two new LDAP servers and all unique components of Cloud Mail, stores, MTAs, and proxies were pointed to their own unique set of LDAP replicas. At 14:55, mail authentication and slow access had recovered. The root cause of this event was due to a project that we initiated last year to replace standard Zimbra MTAs with custom built Exim MTAs. The purpose of this project was to vastly increase the security and delivery of clients’ mail. The initial project phase \(last year\) was to replace the outbound servers and then to do the inbound servers in July. A test inbound server was added, and this resulted in the start of the experienced issues. In addition, the replacement of all of the remaining MTAs with the new inbound servers in an attempt to resolve the issue, only exacerbated the problem. The problem that was introduced was that all native servers to Zimbra establish a persistent connection through to the LDAP servers. These new MTAs, introduced to reduce load and traffic to the LDAP servers, established short-term connections. The load balancer tried to deal with the different ways to establish connections in the same way and would overload a single LDAP server and would then proceed to affect the rest in cascading manner as the load was redistributed. To resolve this issue, two different load balancer IP addresses were configured with their own separate LDAP servers behind them. One, to manage persistent connections and the other, to manage short-term connections. Thereafter, the relevant servers were pointed to the load balancer IP that suits how they communicate and connect to LDAP. **Remediation Actions** • Two additional LDAP replicas have been built and added to the LDAP cluster. • Two different load balancer IP addresses have been configured with their own separate LDAP servers behind them. One to manage persistent connections and one to manage short-term connections. Thereafter, the relevant servers were pointed to the load balancer IP that suits how they communicate through to LDAP. • A third load balancer IP will be added to improve LDAP redundancy. This will allow store servers to attempt a new connection rather than remaining connected to an LDAP server that is no longer responding.

Time: June 29, 2021, 9:56 a.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail incident has been resolved and the service has returned to optimal functionality. We once again would like to apologise for the lengthy incident resolution, and want to assure you that we are doing a very intensive root cause analysis to understand how we can prevent this from happening in the future.

Time: June 29, 2021, 8:14 a.m.

Status: Monitoring

Update: Dear Clients, Our platform is currently 100% stable and performant. Our engineers are continuing to monitor .

Time: June 29, 2021, 5:57 a.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail incident is still being monitored. Improvements were made to the environment last night and need to be monitored through the peak morning period. We have partners worldwide working with us, please be assured that returning the service to full stability is our top priority.

Time: June 28, 2021, 1:03 p.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still currently experiencing an incident where users are receiving pop-ups to login and slow access to email intermittently. Engineers are still investigating this as a matter of urgency and working on several different resolution options.

Time: June 28, 2021, 12:41 p.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still currently experiencing an incident where users are receiving pop-ups to login and slow access to email intermittently. Engineers are still investigating this as a matter of urgency and working on several different resolution options.

Time: June 28, 2021, 8:20 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing a recurrence of the incident where a subset of users are getting pop-ups or slow mail access. Engineers are investigating this as a matter of urgency.

Time: June 25, 2021, 1:27 p.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail platform is now operational. All clients should be able to access services without any issues. Our Engineers will continue to monitor the platform closely for the next 72 hours before resolving this incident. Please Note: Closing and re-opening your mail application may resolve any remaining issues should they still exist. We sincerely apologise for this lengthy disruption to your email services, we are absolutely committed to excellence and will ensure world-class service moving forward.

Time: June 25, 2021, 9:28 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail platform is still experiencing an incident where a subset of users may experience slow access to their mailbox and/or receive intermittent login pop-up requests. Our Engineers are investigating this as a matter of urgency. Please note: Restarting your mail client or webmail should resolve the issue.

Time: June 25, 2021, 7:22 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail platform is currently experiencing an incident where a subset may experience slow access to their mailbox and/or receive intermittent login pop-up requests. Our Engineers are investigating this as a matter of urgency. Please note: Restarting your mail client or webmail should resolve the issue. We will send our next update in 60 minutes.

Time: June 24, 2021, 12:22 p.m.

Status: Identified

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and all services are operational. We will continue to monitor the service stability for the next 24 hours.

Time: June 24, 2021, 10:41 a.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail issue. This is being treated as a matter of urgency. We will send our next update in 60 minutes.

Time: June 24, 2021, 8:58 a.m.

Status: Investigating

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail intermittent access issue and are working on a resolution. Mail flow and delays have been fully restored. The current intermittent issue regarding mail authentication pop-ups and slow access is being addressed. Please note restarting your mail client or webmail should resolve the issue. We will send our next update in 60 minutes

Time: June 24, 2021, 7:41 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where certain users are getting password prompts and slow access to mail. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.

Time: June 24, 2021, 6:56 a.m.

Status: Monitoring

Update: Dear Clients, Mail flow has been restored. SYNAQ Engineers will continue to monitor throughout the day and will send a full restore once confirmed.

Time: June 23, 2021, 3:14 p.m.

Status: Monitoring

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and are monitoring the service stability for the next 12 hours.

Time: June 23, 2021, 2:48 p.m.

Status: Monitoring

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and are monitoring the service recovery and processing of email backlog

Time: June 23, 2021, 2:08 p.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We have approximately 60% of new mail delivering and we will have 100% of new mail delivering within 30 minutes. The backlog of mail will need to be worked through. We will send our next update in 30 minutes

Time: June 23, 2021, 1:41 p.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We have approximately 30% of new mail delivering and we will have 100% of new mail delivering within 30 minutes. The backlog of mail will need to be worked through. We will send our next update in 30 minutes

Time: June 23, 2021, 12:38 p.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 30 minutes.

Time: June 23, 2021, 11:26 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 30 minutes.

Time: June 23, 2021, 9:29 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. Engineers have restored partial mail flow and are working on restoring the remaining servers. We will send our next update in 60 minutes.

Time: June 23, 2021, 8:21 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 60 minutes.

Time: June 23, 2021, 7:09 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where mail is being delayed. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.

Time: July 21, 2021, 12:12 p.m.

Status: Postmortem

Update: **Summary and Impact to Customers** On Tuesday 22nd June 2021 from 14:48 to 28th June 2021 14:55, SYNAQ Cloud Mail experienced an intermittent, degraded mail authentication incident. The resultant impact of the event was that certain users would receive authentication pop-up messages when trying to login via HTTPS, POP3/S, IMAP/S, SMTP/S, as well as slow access to webmail. **Root Cause and Solution** On the 22nd of June 2021 at 14:48 SYNAQ Cloud Mail began to experience incoming mail delays. This delay occurred at the Zimbra MTA \(Mail Transfer Agent\) layer. Once identified, we attempted a series of fixes to resolve the incident. At 15:30 a change was made to increase the processing threads of the MTA servers from 100 to 150 to increase the amount of mail dealt with at any one time by an MTA when trying to deliver mail. The change was done in an attempt to increase the processing of the mail building up in the queue. However, this did not have the desired effect. At 16:30 a new Exim server was added to the MTA cluster \(a project that was going to take place within the next couple of weeks – as detailed below in the root cause section\), and this server was able to process mails with no delays. We ceased new mail delivery to the MTA’s, one at a time, until they cleared their queues. Thereafter, normal mail flow was restored by 16:51. On the 23rd of June 2021 at 09:09, mail delays re-occurred, coupled with a select group of users receiving authentication failure “pop-up” messages when trying to login to their mailboxes. At 09:52 debugging was performed on the Anti-Virus functions on the MTA servers, as this appeared to be where the delay was taking place. Configuration changes then were made to timeout settings and processing times to try and resolve this issue. Unfortunately, this did not have the desired effect. At 10:15 the replacement of the rest of the current Cloud Mail MTAs with new Exim servers commenced. This replacement was decided upon because the one server currently in production was processing mail without delay. This was fully completed by 20:30. At 17:14 mail delays and authentication had recovered. On the 24th of June 2021 at 09:41 a select group of users were receiving authentication pop -up messages when trying to login and experienced slow access to mail. As a result, at 10:17 we moved our focus from the MTAs to the LDAP servers as mail flow was no longer affected since the change to the new Exim servers. A data dump of the master LDAP database was performed and reloaded on all the replicas to rule out any memory page fragmentation \(performance inhibiting side-affect\) across these LDAP servers. At 13:00 file system errors were discovered on the master LDAP server. All Cloud Mail servers were adjusted to point to the secondary master. A file system check and repair was run on the primary LDAP master. While the sever was down memory and CPU resources were increased. At 13:10 mail authentication and slow access had recovered. On the 25th of June 2021 at 09:22, a select group of users were receiving authentication pop-up messages when trying to login and experiencing slow access to mail. At 10:35, TCP and connection and timeout settings adjusted on all the LDAP servers. At 12:35, connection tracking was disabled on the load balancer. This was done to ensure that if there was a particular problem with an individual LDAP replica, then the connections move seamlessly to another replica. Mail authentication and slow access then recovered. On the 26th and 27th of June we experienced no further recurrences of the issues. On the 28th of June 09:30, a select group of users were receiving authentication pop-up messages when trying to login and experienced slow access to mail. At 10:00, two new LDAP replicas were built to be added to the cluster. At 11:03, the global address list feature was turned off \(for classes of service with large domains that did not need this feature\) to try and reduce the traffic to the LDAP servers. At 13:05, we deleted 30 data sources \(external account configurations\) that were stored in LDAP but were showing errors during LDAP replication. At 14:30, the two new LDAP servers and all unique components of Cloud Mail, stores, MTAs, and proxies were pointed to their own unique set of LDAP replicas. At 14:55, mail authentication and slow access had recovered. The root cause of this event was due to a project that we initiated last year to replace standard Zimbra MTAs with custom built Exim MTAs. The purpose of this project was to vastly increase the security and delivery of clients’ mail. The initial project phase \(last year\) was to replace the outbound servers and then to do the inbound servers in July. A test inbound server was added, and this resulted in the start of the experienced issues. In addition, the replacement of all of the remaining MTAs with the new inbound servers in an attempt to resolve the issue, only exacerbated the problem. The problem that was introduced was that all native servers to Zimbra establish a persistent connection through to the LDAP servers. These new MTAs, introduced to reduce load and traffic to the LDAP servers, established short-term connections. The load balancer tried to deal with the different ways to establish connections in the same way and would overload a single LDAP server and would then proceed to affect the rest in cascading manner as the load was redistributed. To resolve this issue, two different load balancer IP addresses were configured with their own separate LDAP servers behind them. One, to manage persistent connections and the other, to manage short-term connections. Thereafter, the relevant servers were pointed to the load balancer IP that suits how they communicate and connect to LDAP. **Remediation Actions** • Two additional LDAP replicas have been built and added to the LDAP cluster. • Two different load balancer IP addresses have been configured with their own separate LDAP servers behind them. One to manage persistent connections and one to manage short-term connections. Thereafter, the relevant servers were pointed to the load balancer IP that suits how they communicate through to LDAP. • A third load balancer IP will be added to improve LDAP redundancy. This will allow store servers to attempt a new connection rather than remaining connected to an LDAP server that is no longer responding.

Time: June 29, 2021, 9:56 a.m.

Status: Resolved

Update: Dear Clients, The SYNAQ Cloud Mail incident has been resolved and the service has returned to optimal functionality. We once again would like to apologise for the lengthy incident resolution, and want to assure you that we are doing a very intensive root cause analysis to understand how we can prevent this from happening in the future.

Time: June 29, 2021, 8:14 a.m.

Status: Monitoring

Update: Dear Clients, Our platform is currently 100% stable and performant. Our engineers are continuing to monitor .

Time: June 29, 2021, 5:57 a.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail incident is still being monitored. Improvements were made to the environment last night and need to be monitored through the peak morning period. We have partners worldwide working with us, please be assured that returning the service to full stability is our top priority.

Time: June 28, 2021, 1:03 p.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still currently experiencing an incident where users are receiving pop-ups to login and slow access to email intermittently. Engineers are still investigating this as a matter of urgency and working on several different resolution options.

Time: June 28, 2021, 12:41 p.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is still currently experiencing an incident where users are receiving pop-ups to login and slow access to email intermittently. Engineers are still investigating this as a matter of urgency and working on several different resolution options.

Time: June 28, 2021, 8:20 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing a recurrence of the incident where a subset of users are getting pop-ups or slow mail access. Engineers are investigating this as a matter of urgency.

Time: June 25, 2021, 1:27 p.m.

Status: Monitoring

Update: Dear Clients, The SYNAQ Cloud Mail platform is now operational. All clients should be able to access services without any issues. Our Engineers will continue to monitor the platform closely for the next 72 hours before resolving this incident. Please Note: Closing and re-opening your mail application may resolve any remaining issues should they still exist. We sincerely apologise for this lengthy disruption to your email services, we are absolutely committed to excellence and will ensure world-class service moving forward.

Time: June 25, 2021, 9:28 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail platform is still experiencing an incident where a subset of users may experience slow access to their mailbox and/or receive intermittent login pop-up requests. Our Engineers are investigating this as a matter of urgency. Please note: Restarting your mail client or webmail should resolve the issue.

Time: June 25, 2021, 7:22 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail platform is currently experiencing an incident where a subset may experience slow access to their mailbox and/or receive intermittent login pop-up requests. Our Engineers are investigating this as a matter of urgency. Please note: Restarting your mail client or webmail should resolve the issue. We will send our next update in 60 minutes.

Time: June 24, 2021, 12:22 p.m.

Status: Identified

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and all services are operational. We will continue to monitor the service stability for the next 24 hours.

Time: June 24, 2021, 10:41 a.m.

Status: Identified

Update: Dear Clients, Our engineers are still working on the resolution of the SYNAQ Cloud Mail issue. This is being treated as a matter of urgency. We will send our next update in 60 minutes.

Time: June 24, 2021, 8:58 a.m.

Status: Investigating

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail intermittent access issue and are working on a resolution. Mail flow and delays have been fully restored. The current intermittent issue regarding mail authentication pop-ups and slow access is being addressed. Please note restarting your mail client or webmail should resolve the issue. We will send our next update in 60 minutes

Time: June 24, 2021, 7:41 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where certain users are getting password prompts and slow access to mail. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.

Time: June 24, 2021, 6:56 a.m.

Status: Monitoring

Update: Dear Clients, Mail flow has been restored. SYNAQ Engineers will continue to monitor throughout the day and will send a full restore once confirmed.

Time: June 23, 2021, 3:14 p.m.

Status: Monitoring

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and are monitoring the service stability for the next 12 hours.

Time: June 23, 2021, 2:48 p.m.

Status: Monitoring

Update: Dear Clients, Our engineers have implemented a fix for the SYNAQ Cloud Mail incident and are monitoring the service recovery and processing of email backlog

Time: June 23, 2021, 2:08 p.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We have approximately 60% of new mail delivering and we will have 100% of new mail delivering within 30 minutes. The backlog of mail will need to be worked through. We will send our next update in 30 minutes

Time: June 23, 2021, 1:41 p.m.

Status: Identified

Update: Dear Clients, Our engineers have identified the SYNAQ Cloud Mail incident and are working on a resolution. We have approximately 30% of new mail delivering and we will have 100% of new mail delivering within 30 minutes. The backlog of mail will need to be worked through. We will send our next update in 30 minutes

Time: June 23, 2021, 12:38 p.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 30 minutes.

Time: June 23, 2021, 11:26 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 30 minutes.

Time: June 23, 2021, 9:29 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. Engineers have restored partial mail flow and are working on restoring the remaining servers. We will send our next update in 60 minutes.

Time: June 23, 2021, 8:21 a.m.

Status: Investigating

Update: Dear Clients, Our engineers are still investigating the SYNAQ Cloud Mail incident. Please be assured that we have this under control and are treating this as a top priority. We will send our next update in 60 minutes.

Time: June 23, 2021, 7:09 a.m.

Status: Investigating

Update: Dear Clients, SYNAQ Cloud Mail is currently experiencing an incident where mail is being delayed. Engineers are investigating this as a matter of urgency. We will send our next update in 60 minutes.