Originally Posted by freesqrt
Recently I heard about separating the mail gateway from the MTA and installing two different mail servers for security and performance issues.
Can anyone give me some perspective about why and how we may do that?!
We used to do this at a large company I worked at. We had quite a few mail servers.
On the incoming side, we had a server at multiple geographic locations. That gave us some ability to both deliver mail closer to users in those areas, cutting down on internal traffic, and give us some redundancy in case of failures. We'd balance the traffic to preferred sites using MX records. For example, if the servers that hosted user accounts for particular domains were located in one city, we'd give those domains an MX preference of 10, and the servers in other locations MX 20, and so on.
On the outbound side, you can do some interesting things to help deal with load. One of the things to keep your primary outbound gateway snappy is to keep your queue processing quickly. The last thing you need is mail that has a very low probability of being delivered hanging around and being processed over and over. We used to use sendmail's FallbackMX feature to deal with this. It basically works by adding a fake MX record of your own choosing to all mail. What happens is, the gateway does an MX lookup when trying to deliver mail. If it fails (incorrectly addressed mail, for example), or can't deliver to the listed preferences, it will "fallback" and deliver to the server you chose. That has the effect of being able to push your "slow queue" to another gateway, and the primary machine can deal with the fast queue.
Don't forget that for most of us in hosting environments, we may use a "smart host" gateway. If on your other servers you use the name of the smarthost rather than an IP, you should be able to benefit from using MX records against the smart host, just like a normal domain. That means if the highest preference gateway is down, your server can try a different gateway. Or, you may use multiple gateways with the same MX preference to create a cheap fault tolerant, load balanced solution.
There's more, but hopefully that will give you some ideas.