@Eugene:
Let me give you one advice. Make your life simpler: set up your mail server behind pfSense and that is it.
Mail server[local IP]–----[local IP]pfSense[public IP]–--Provider
Don't waste your time creating messy and hard to troubleshoot set up.
You're right. I kindly asked ISP for more IP addresses, now I'll have /29. Let's say I put the mailserver on separate DMZ, then:
1. configure WAN as x.x.x.6/29, gateway x.x.x.1
2. add CARP address x.x.x.5/29
3. add NAT 1:1 from x.x.x.5/29 to internal server IP on DMZ
Right?