I have Postfix/postscreen 3.1.4 + AV/AS/etc. running on a hosted VM. It acts as a front-end, delivering to another postfix instance that's on my LAN; the comm's over a VPN link.
The local postfix instance delivers via LMTP to an IMAP store, currently on the same box. It also provides port 587 submission, and forwards out, over the VPN link, through the front-end instance, on out to the net. It all works well. I'm planning on adding CalDAV & CardDAV services to the setup. For simpler ClientCert access control, and eventual scale up, I'll put the IMAP, CalDAV & CardDAV service behind an NGINX proxy. NGINX can also serve as an SMTP proxy. I.e., I could in theory put the LAN-size Postfix instance behind the proxy as well. My questions are: Is there any advantage or disadvantage to putting that LAN-side Postfix instance behind an SMTP proxy, vs keeping it out in front. And, if I should keep it out front, is there any harm/benefit in having Postfix delivering to the IMAP store through the proxy, vs. directly to it ?
