We have sendmail boxes as front line, that do all the pre-connect tests
easily without adding in 35 patches like we have to make qmail
modern-ish and then anti virus/spam/phishing/etc tests, one important
factor is the milter smf-sav which asks the database server (we call)
"qmaster" (a vpopmail/mysql db server) if user exists to avoid
backchatter, if it does, then sendmail sends to "qrouter" which is a
simple qmail/vpopmail install that accepts the mail and puts it into the
users dir (which are NFS attached) all the nfs stuff and qmaster and
qrouter all operate on pvt address space, on second gbit port for added
protection, but of course could be run on live net interfaces if you
dont have the option of dual ethernet.
(we tried postfix with its remote recipient verification, but it cant
handle the loads and even its author recommends not to use on very busy
systems, we dont use qmail on the front line boxes because we dont have
to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS
checks, badmx zone checks, bad helo, force helo, and milter-regex to
stop all home users etc etc etc, sure we might end up geting qmail to do
all these, but after how many hours, when with sendmail its just there
and adding a milter after another milter cant break patching like with
qmail :) )
We do the same thing but with Bill Shupp's qmail toaster (and no
additional patches). Each external MX talks to two SA servers in round
robin and then the mail is delivered to the end user pop/smtp server
(soon to be delivered directly by the external MX's, whoot!).
It's all mounted NFS on a netapps and we use MySQL as a backend Auth
running on two sql servers mounted iSCSI on the netapps for the databases.
Just my $0.02 CAD.