PostFix Gateway

[Goombadave]

Recently I set up an email server on my local LAN. It is set to receive mail on a nonstandard port (8025 Port-Forwarded to port 25 on the LAN side) and to send mail SMTP to an email relay, also on a nonstandard port (3325). I have this setup working fine now using a single port forward to take the external (8025) (inbound mail) and send it to the server on port 25.

After configuring this I came across the PostFix plugin which looks pretty cool. My question(s) is, would it make sense to return the mail server on my LAN to a "standard" ports setup and have the Postfix gateway on OPNsense handle sending the outbound mail to the relay? And the same for inbound? Do I understand this correctly that the Postfix gateway is sort of similar to a reverse proxy for my email server? If so would I gain any security benefits using Postfix Plugin instead of Port Forwarding? (as I do with other webservers like Nextcloud) It would seem that I could get another layer of spam filtering with the Postfix Plugin. Mail Server is running Postfix on the LAN.

I have OPNsense installed with several plugins including NGINX as the reverse proxy for a few web services. OPNsense handles SSL offloading with NGINX and Let's Encrypt. I have been happy with NGINX (and HAPROXY) and the integration of Let's Encrypt. Can I/should I reverse proxy a mail server as well with NGINX? or Postfix as the gateway? Or am I fine exposing one external port (port-forwarded 8025 to 25 to mail server)?

Thanks for your input

Thoughts?

[fabian]

The postfix plugin allows the easy integration of rspamd (other plugin) and with that also clamav. It is designed to run a mail server behind which has bad protection.

[Goombadave]

Thank, so I will plan to make the change. I assume I would have to set up the relay on the Postfix plugin page in OPNsense and remove the relay auth settings from my mail server itself?