linux

How to split a mail server into two separate ones (anti-spam and mail)?

Good afternoon, colleagues.

At the moment my mail server can't handle the load. Therefore, I want to move antispam protection to a separate server.

What I want to do / How I see this implementation.
fw - firewall, an external address is assigned to it (5.5.5.5, aka mx for external senders).
srv1 - antispam - postfix, rspamd (address 10.1.1.1).
srv2 - mailer - postfix, dovecot, web-muzzle, database (address 10.1.1.2, aka mx for local users).
IMAP, POP3, HTTP traffic goes directly to srv2.

Incoming mail from outside gets to srv1, is checked for spam and transferred to srv2 (10.1.1.1 -> 10.1.1.2), where it is decomposed into user boxes.
Internal users only connect to srv2 (10.1.1.2). It sends mail to the outside, bypassing srv1.


On srv2, as I understand it, you need to open mysql on the 10.1.1.2 interface so that srv1 can check whether there is a recipient address and specify the database host as 10.1.1.1 in virtual_mailbox_maps on srv1. Or is there another way?

But then I got confused ... I don’t quite understand how to set it up in postfix. It seems like you need to set up master.cf correctly, but what exactly? How can postfix tell srv1 to send mail to srv2 after checking with rspamd ? Tell me please.

Maybe I did not choose the right approach at all? Explain how to do it right. Setting up everything on one server is not a problem, but I don’t know how to properly separate it.