why are pf-blocked ips 'leaking' thru to spamd?

[snowcrash]

> # echo "no rdr pass from <ip-black> to any" | pfctl -vvnf-
> stdin:1: "pass" not valid with "no"

that's a nifty way to check. thanks!

> Maybe you want to tag those packets and block them later:
>
> no rdr on em2 proto tcp from { <spamd>, !<ip-black> } to em2 port smtp
> tag BLOCKME
> ...
> block quick tagged BLOCKME

i'd gotten thru LABELs, but not to TAGs yet.  excellent.

much easier that iptables!  still keep tryin' to do things
bass-ackwards & the hard-way. ;-)

thanks for the help/education & hagw!