Developers Documentation



301 error for file:

User Tools

Site Tools

Mail System

This document describes the various steps of how a message flows through an on-premise mail server running on ClearOS. There are quite a few apps that can be involved in this process:

  • SMTP Server - Postfix
  • Greylisting - Postgrey
  • Kaspersky Mail Antivirus
  • Mail Antispam - SpamAssassin
  • Mail Antivirus - ClamAV
  • Mail Filter - Amavis (library only)
  • Mail Routing - ClearOS (library only)
  • Mail Settings - Domain and Outbound Postfix Mailer
  • IMAP and POP - Cyrus and Zarafa

As you will soon find out reading this document, Postfix and Mail Routing are heavily involved in managing the mail flow. So let's get started.

Mail Flow

Step 1 - SMTP Server - Arrival and Basic Checks

An inbound message to ClearOS is first handled by the Postfix SMTP server running on TCP port 25. On arrival, the SMTP server does a few very basic tasks:

  • Checks for trusted mail, for example message sent via SMTP Authentication
  • Rejects mail relay attempts
  • Runs a few other basic checks

If the message is not bounced, it is delivered to the next stage in the mail process: Greylisting.

Step 2 - Greylisting

If Greylisting app is installed and running, the SMTP Server will hand off the message to the Postgrey greylist system. We will skip the details on greylisting, but you read more about it here. Once the message gets through the greylist engine, it is passed back to the Postfix SMTP Server.

Step 3 - Mail Routing - Pre-Filter

The next step in the mail flow is “pre-filtering”, which is a script that is part of the “Mail Routing” core app. You won't see this app in Marketplace, it is just a library used by antivirus, antispam and other apps. The “pre-filter” is basically a traffic cop: it probes the system to see what is available and directs mail in the right direction. Specifically, if any of the following apps are installed, the pre-filter will hand off the mail message:

  • Mail Antispam
  • Mail Antivirus
  • Kaspersky Antivirus
  • Mail Quarantine

If none of the above apps are active, the pre-filter script will simply send the message back to the Postfix SMTP Server. If one or more of the above apps are active, the pre-filter script passes the message on to another traffic cop - the Mail Filter app (amavisd-new).

Step 4 - Mail Antispam, Antivirus and Quarantine

Once a message is received by the open source amavisd-new package, the software dispatches the message to other mail apps:

  • Mail Antispam - SpamAssassin
  • Mail Antivirus - ClamAV
  • Kaspersky Antivirus
  • Mail Quarantine

Viruses are discarded, spam is tagged or deleted, and suspicious messages are quarantined. If a message makes it through the labyrinth of Amavis mail processing, it is delivered back into the Postfix SMTP Server. For those command line hackers out there, the /etc/postfix/ contains configuration for a special SMTP Server running on port 10026 (localhost only). Any mail delivered to this port skips over the mail filtering process and goes straight to the next step - preparing for final mail delivery.

Step 5 - De-Aliasing

After Mail Filter processing, the Postfix SMTP Server receives the mail message… again! At this point, the message is prepared for delivery. Specifically, if a message is addressed to multiple recipients, Postfix will create a copy of the message for each recipient. In addition, mail aliases and distribution lists are processed. The same thing happens here - a copy of the message is created for every valid recipient.

Before Postfix passes the message to the delivery system, the message goes through one last filter: the post-filter in the Mail Routing app.

Step 6 - Post-Filter

Like its evil twin, mail “post-filter” is also a script that is part of the “Mail Routing” app. The “post-filter” can do things like detect a calendar event and take some kind of action. When the filter is complete, it passes the message on to the delivery system.

Step 7 - Mail Delivery

The last step in the mail flow is the actual mail delivery. Both Cyrus IMAP and Zarafa include delivery agents for this purpose. The “post-filter” connects to the delivery agent and the IMAP server handles the rest.

content/en_us/dev_architecture_mail_system.txt · Last modified: 2015/03/03 11:10 (external edit)