====== Packet Filter Spamd ======
Spamd is a software package that put sends unknown mail servers a message of 451: come back later.  Correctly configured email servers should come back a few min. later and will be allowed to deliver email.  However the majority of spammers(90%+) never come back and so your server doesn't need to process the spam since it is never accepted.

===== spamd.conf =====
default: /usr/local/etc/spamd/spamd.conf
<file>
all:\
        :uatraps:nixspam:china:korea:

# University of Alberta greytrap hits.
# Addresses stay in it for 24 hours from time they misbehave.
uatraps:\
        :black:\
        :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
        within the last 24 hours":\
        :method=http:\
        :file=www.openbsd.org/spamd/traplist.gz

# Nixspam recent sources list.
# Mirrored from http://www.heise.de/ix/nixspam
nixspam:\
        :black:\
        :msg="Your address %A is in the nixspam list\n\
        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
        :method=http:\
        :file=www.openbsd.org/spamd/nixspam.gz

# Mirrored from http://www.okean.com/chinacidr.txt
china:\
        :black:\
        :msg="SPAM. Your address %A appears to be from China\n\
        See http://www.okean.com/asianspamblocks.html for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/chinacidr.txt.gz:

# Mirrored from http://www.okean.com/koreacidr.txt
korea:\
        :black:\
        :msg="SPAM. Your address %A appears to be from Korea\n\
        See http://www.okean.com/asianspamblocks.html for more details":\
        :method=http:\
        :file=www.openbsd.org/spamd/koreacidr.txt.gz:

# An example of a list containing addresses which should not talk to spamd.
#
#override:\
#       :white:\
#       :method=file:\

#       :file=/var/db/override.txt:
</file>

===== whitelist.txt =====
default: /usr/local/etc/spamd/whitelist.txt
<file>
#gmail
209.85.128.0/17
74.125.0.0/16

#apple
17.0.0.0/8

#misc
147.202.23.122
69.176.253.34
</file>

===== /etc/pf.conf =====
<file>
external_addr="10.1.0.73"

table <blacklist> persist file "/usr/local/etc/spamd/blacklist.txt"
table <whitelist> persist file "/usr/local/etc/spamd/whitelist.txt"
table <spamd> persist
table <spamd-white> persist

scrub in all

# redirect to spamd
rdr pass inet proto tcp from {<spamd-white>, <whitelist>} to $external_addr port smtp -> 127.0.0.1 port smtp
rdr pass inet proto tcp from {<spamd>, !<spamd-white>, !<whitelist>} to $external_addr port smtp -> 127.0.0.1 port spamd

# mail!
block in inet proto tcp from <blacklist> to any port smtp
pass in log inet proto tcp from any to $external_addr port smtp flags S/SA synproxy state
</file>

===== /etc/rc.conf =====
<file>
pf_enable="YES"
pf_rules="/etc/pf.conf"
obspamd_enable="YES"
obspamd_flags="-v -G 2:4:864"
obspamlogd_enable="YES"
</file>

===== /boot/loader.conf =====
<file>
pf_load="YES"
pflog_load="YES"
</file>