Perhaps the following example would be easy to follow. Here, x.y.z.1 is the
external IP addresss of your SMTP server and x.y.z.2 as the external address
you use for general NAT traffic:
nat on $ext_if from $lan_net to any port smtp -> x.y.x.1
nat on $ext_if from $lan_net to any port != smtp -> x.y.z.2
Plus a rule to redirect incoming mail to a mail server on your DMZ or LAN:
rdr on $ext_if proto tcp from any to x.y.z.1 port smtp -> local_ip_of_server
port smtp
And a rule to allow incoming mail from the external interface:
pass in on $ext_if inet proto tcp from any to local_ip_of_server port smtp \
flags S/SA keep state
This covers rules for the external interface.
