needs review - cml


How the Apache infrastructure processes email.

MX Servers:

Puppet YAML: https://github.com/apache/infrastructure-p6/blob/production/data/nodes/mx1-ec2-va.apache.org.yaml

MX Module: https://github.com/apache/infrastructure-p6/tree/production/modules/mx_asf


Mail received at MX border goes through postfix-policyd-spf-python and other checks as outlined in ASF Mail Rejection Policy. After the border, it is routed to the spamc/spamd infrastructure described in the following diagram:



Mail is routed via haproxy to spamd spamassassin engines defined in https://github.com/apache/infrastructure-puppet/tree/deployment/modules/spamassassin

Other config items (mainly routing tables) are defined in the spamd yaml: https://github.com/apache/infrastructure-puppet/blob/deployment/data/nodes/spamd1-us-west.apache.org.yaml (same config for all 4 hosts).


After spamd processing, mail is routed according to the transport map, primarily to hermes.apache.org, which is a non-puppet FreeBSD box of ancient origin. Some docs are available in Hermes Replacement.


Starting 17 July 2020, hermes routes outgoing email through an haproxy router through TLS enabled postfix relays.