OK here is something odd, I set the smapd on /etc/rc.d to NO and still starts, the port is open and is indeed listening, if I telnet to it I get the header for "ESMTP smapd IP-based SPAM blocker".
The pf rules are the same, but there is no mapping for submission port onto spamd and I wonder if that redirection is needed.
block drop log all
pass in on egress inet proto icmp from 172.16.10.0/24 to any
pass out all flags S/SA
pass in on egress inet proto tcp from any to any port = 25 flags S/SA rdr-to 127.0.0.1 port 8025
pass in on egress proto tcp from <nospamd> to any port = 25 flags S/SA
pass in log on egress proto tcp from <spamd-white> to any port = 25 flags S/SA
pass in on egress proto tcp from any to any port = 80 flags S/SA
pass in on egress proto tcp from any to any port = 443 flags S/SA
pass in on egress proto tcp from any to any port = 587 flags S/SA
pass in on egress proto tcp from any to any port = 143 flags S/SA
pass in on egress proto tcp from any to any port = 993 flags S/SA
pass in on egress proto tcp from any to any port = 110 flags S/SA
pass in on egress proto tcp from any to any port = 995 flags S/SA
pass in on egress proto tcp from any to any port = 22 flags S/SA
Thank you.