keep state default for pass rules, also flags S/SA for TCP
Table entries expirable via pfctl
spamd defaults to greylisting mode -- -g flag obsolete; -b for pure blacklisting mode
spamd database synchronization - GREY or TRAPPED entries sync across hosts
hoststated new load balancing deamon by (mainly) reyk@ and pyr@
-- all fresh, all to be explored shortly