Source

iredmail / iRedMail / samples / pf.conf

# Basic OpenBSD PF rules, based on the original /etc/pf.conf.

set block-policy drop
block log all

set skip on lo
#pass            # to establish keep-state

# rules for spamd(8)
table <spamd-white> persist
table <nospamd> persist file "/etc/mail/nospamd"
pass in on egress proto tcp from any to any port smtp \
    rdr-to 127.0.0.1 port spamd
pass in on egress proto tcp from <nospamd> to any port smtp
pass in log on egress proto tcp from <spamd-white> to any port smtp
pass out log on egress proto tcp to any port smtp

# Access to other mail services
pass in on egress proto tcp from any to any port {80,443,587,110,995,143,993,22}

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010