Feeds

Google's Postini Fail pinned on bad filter, hardware glitch

Oh, and 'malformed types of messages'

SANS - Survey on application security programs

The extreme email delays the plagued users of Google's Postini message management service earlier this week were caused by a shoddy email-filter update and a power-related hardware failure involving the company's database storage servers.

Today, the Mountain View Chocolate Factory released an "incident report" to Postini users, saying the "severe mail flow issues" began at 11:30pm Pacific time on Monday and extended through at least 12:30am Pacific on Wednesday. That puts the email snafu past the 24 hour mark.

The report does not say how many users were affected. Google tells us the problem was limited to customers on Postini's "System 7," one of several systems running the hosted email security and spam-filtering service, but at least one customer says the problem extended to System 5 as well.

"My company is on System 5 and our email was pretty much non-existent until we switched to a backup system. Once we pulled Postini out of the loop, all of that deferred mail hit our system (along with quite a lot of spam)," said Russ Meyer of the US-based Midland Paper.

At one point, Google rerouted traffic to another data center, which could explain the delays seen by Meyer.

Unlike so many on System 7, however, Meyer and Midland never had problems visiting the service's web-based admin console, which Google switched off for some customers in an effort to boost mail flow.

On Monday evening, after Google's monitoring systems detected the problem, engineers rerouted mail traffic from what the company calls a secondary data center. But this didn't help. So they returned some of the traffic back to the primary facility "to maximize processing resources." Then, at least for some users, they shut-off the admin console and some other web interfaces in an effort to reduce the strain on those resources.

Eventually, Google engineers decided the problem was down to three things:

  • A new filter update appears to have inadvertently impacted the mail processing systems.
  • Unusual malformed types of messages triggered protracted scanning behavior, and its interaction with filter update affected mail delivery.
  • A power-related hardware failure with database storage servers reduced input/output rates. The latency in database access reduced our overall processing capacity.

Which sounds like two things to us. Surely, it's the service's duty to deal with "malformed types of messages" - whatever those are.

"The combination of these conditions resulted in high failure rates for mail processing and the deferral of new connections from sending mail servers," Google's report says.

On Tuesday evening, a day after the delays first hit, engineers replaced the faulty hardware - with help from the vendor - and at 11pm Pacific, Google says, database disk throughout returned to normal. Then, an hour later, Google removed the offending filter update, and according to company, mail processing was back on track.

Google continued to process traffic across both data centers for another hour. The company does say, however, that users may still experience delays. "Although mail processing was at normal speed and capacity, some users may have seen delayed messages continue to arrive in their inboxes. These potential delays occur when the initial or subsequent delivery attempt is deferred and the sending server waits up to 24 hours before resending the same message." This explains complaints we received on Wednesday afternoon.

The report says no messages were bounced or deleted.

Originally, Google indicated the problem was limited to US users, but yesterday, the company acknowledged that at least some European users were affected as well. ®

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.