harmonise and simplify the two architecture diagrams

not using clusters make things much more readable.

policy/tpa-rfc-15-email-services/architecture-post.dot

 digraph email {
         label="Email architecture TPA-RFC-15 plan, torproject.org, April 2022"
         labelloc=bottom
+        node [shape=rectangle]
 
-        subgraph clustertpa {
-                label="TPA-managed machines"
-                tpoboxes [label="other non mail hosts"]
-                submission
-                mailhosts [color="orange" label="mail hosts\ngitlab, RT, CiviCRM"]
-                eugeni [color="red" label="eugeni\nmailman, schleuder"]
-                relay [color="green"]
-                mx [color="green"]
-                mailbox [color="green"]
-                mx -> { mailbox, eugeni }
-        }
-        dotdotdot [label="remote mail hosts"]
+        // a user
         user [shape=triangle]
-        user -> mailhosts
-        user -> { submission, mailbox }
-        submission -> dotdotdot -> mx
-        tpoboxes -> relay -> dotdotdot
-        dotdotdot -> mailhosts -> dotdotdot
+
+        // all other boxes that don't do anything special with email
+        tpoboxes [label="other TPA hosts"]
+        // hosts that manage and send their own email
+        mailhosts [color="orange" label="mail hosts\ngitlab, RT, CiviCRM"]
+        submission [color="orange"]
+        // legacy
+        eugeni [color="red" label="eugeni\nmailman, schleuder"]
+        // new machines
+        relay [color="green"]
+        mx [color="green"]
+        mailbox [color="green" label="mailbox\nIMAP, webmail"]
+        // external boxes
+        dotdotdot [label="internet\nnon TPO mail hosts", shape=ellipse]
+
+        // all relations
+
+        // mx receives email from everywhere and forwards it
+        dotdotdot -> mx -> { mailbox, eugeni, mailhosts }
+        dotdotdot -> mailhosts
+        // user interacts with those
+        user -> { mailhosts, submission, mailbox, eugeni }
+        // those all relay mail to the outside
+        { submission, mailhosts, eugeni, relay } -> dotdotdot
+        // except those, who still go through the relay
+        tpoboxes -> relay
 }

policy/tpa-rfc-15-email-services/architecture-pre.dot

 digraph email {
         label="Email architecture, torproject.org, April 2022"
-        compound=true; nodesep=1.0;
+        labelloc=bottom
+        node [shape=rectangle]
+
+        // a user
 
         user [shape=triangle]
-        user -> mailhosts
-        user -> submission
-        subgraph clustertpa {
-                label="TPA-managed machines"
-                tpoboxes [label="other non mail hosts"]
-                mailhosts [label="mail hosts\ngitlab, RT, CiviCRM", color=orange]
-                submission
-                eugeni [color=red label="eugeni\nmailman, schleuder\nmx, relay"]
-        }
-        submission -> dotdotdot
-        dotdotdot [label="remote mail hosts"]
-        mailhosts -> dotdotdot
-        dotdotdot -> mailhosts
-        dotdotdot -> eugeni
-        tpoboxes -> eugeni -> dotdotdot
+
+        // all other boxes that don't do anything special with email
+        tpoboxes [label="other TPA hosts"]
+        // hosts that manage and send their own email
+        mailhosts [color="orange" label="mail hosts\ngitlab, RT, CiviCRM"]
+        submission [color=orange]
+        // legacy
+        eugeni [color=red label="eugeni\nmailman, schleuder\nmx, relay"]
+        // external boxes
+        dotdotdot [label="internet\nnon TPO mail hosts", shape=ellipse]
+
+        // all relations
+
+        // eugeni handles basically everything except some rare
+        // exceptions on mailhosts
+        dotdotdot -> { mailhosts, eugeni }
+        // users interact with those
+        user -> { mailhosts, submission, eugeni }
+        // those all relay mail to the outside
+        { submission, mailhosts, eugeni } -> dotdotdot
+        // except those, who still go through the relay
+        tpoboxes -> eugeni
 }