needs review - cml
How the Apache infrastructure processes email.
Mail received at MX border goes through postfix-policyd-spf-python and other checks as outlined in ASF Mail Rejection Policy. After the border, it is routed to the spamc/spamd infrastructure described in the following diagram:
Mail is routed via haproxy to spamd spamassassin engines defined in https://github.com/apache/infrastructure-puppet/tree/deployment/modules/spamassassin
Other config items (mainly routing tables) are defined in the spamd yaml: https://github.com/apache/infrastructure-puppet/blob/deployment/data/nodes/spamd1-us-west.apache.org.yaml (same config for all 4 hosts).
After spamd processing, mail is routed according to the transport map, primarily to hermes.apache.org, which is a non-puppet FreeBSD box of ancient origin. Some docs are available in Hermes Replacement.
Starting 17 July 2020, hermes routes outgoing email through an haproxy router through TLS enabled postfix relays.