needs review - cml

How the Apache infrastructure processes email.

MX Servers:

Puppet YAML:

MX Module:

Mail received at MX border goes through postfix-policyd-spf-python and other checks as outlined in ASF Mail Rejection Policy. After the border, it is routed to the spamc/spamd infrastructure described in the following diagram:

Mail is routed via haproxy to spamd spamassassin engines defined in

Other config items (mainly routing tables) are defined in the spamd yaml: (same config for all 4 hosts).

After spamd processing, mail is routed according to the transport map, primarily to, which is a non-puppet FreeBSD box of ancient origin. Some docs are available in Hermes Replacement.

Starting 17 July 2020, hermes routes outgoing email through an haproxy router through TLS enabled postfix relays.