Source

iredmail / iRedMail / samples / pf.conf

Full commit
# Basic PF rules for mail server.

mail_services="{www, https, submission, imap, imaps, pop3, pop3s, ssh}"

table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"

# Options
set block-policy drop
set skip on lo

# Block all
block log all

pass out

# rules for spamd(8)
pass in on egress proto tcp from any to any port smtp \
    rdr-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp

# Access to other mail services
pass in on egress proto tcp from any to any port $mail_services