The obvious macros
webserver = "192.0.2.227" webports = "{ http, https }" emailserver = "192.0.2.225" email = "{ smtp, pop3, imap, imap3, imaps, pop3s }" nameservers = "{ 192.0.2.221, 192.0.2.223 }"
and rules that use them
pass proto tcp from any to $webserver port $webports synproxy state pass proto tcp from any to $emailserver port $email synproxy state pass log proto tcp from $emailserver to any port smtp synproxy state pass inet proto { tcp, udp } from any to $nameservers port domain