Giving spammers a hard time: The rules

/etc/pf.conf

table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
pass in log on egress proto tcp to port smtp \
            rdr-to 127.0.0.1 port spamd
pass in log on egress proto tcp from <nospamd> to port smtp
pass in log on egress proto tcp from <spamd-white> to port smtp
pass out log on egress proto tcp to port smtp

pre-4.7 version:

table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
no rdr proto tcp from <nospamd> to $mailservers port smtp
rdr pass on $ext_if inet proto tcp from <spamd> to \
  { $ext_if, $int_if:network } port smtp -> 127.0.0.1 port 8025
rdr pass on $ext_if inet proto tcp from !<spamd-white> to \
  { $ext_if, $int_if:network } port smtp -> 127.0.0.1 port 8025

Essential data in the spamd and spamd-white tables (but recent spamd versions use the /var/db/spamdb database).