It really depends on what guarantees you need.Usually on the MTA layer it's fine to just spin up separate instances, and if one email gets lost in the 5 seconds between its receipt being acknowledged and it being forwarded to an MDA, c'est la vie.
If that's not acceptable, you need some form of file system/block layer replication (DRBD, Ceph, Gluster, …) to get the spool data to a spare. I don't think you can run it as a *hot*spare with both postfix instances accessing the same spool data, so it'd have to be started on demand?
On the MDA side, Cyrus, Dovecot etc. all offer built-in replication engines that solve the issue for you.
For all the surrounding infrastructure it'll again be mostly up to their built in solutions: Typical authentication backends like LDAP and SQL all have their own built-in replication solutions; and spam filters like rspamd can be set up to use replicated database backends as well.
(Since we don't need strong guarantees, we nowadays just run it all as containers on ZFS filesystems that are replicated whole to a standby server every 5 seconds and re-started there if necessary. A fraction the complexity, but only possible if all stakeholders agree that losing some emails in case of a failover is acceptable.)
OpenPGP_signature
Description: OpenPGP digital signature
