Change spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@

src/etc/examples/pf.conf

@@ -1,4 +1,4 @@
-#	$OpenBSD: pf.conf,v 1.1 2014/07/16 12:46:16 deraadt Exp $
+#	$OpenBSD: pf.conf,v 1.2 2015/05/18 16:04:21 reyk Exp $
 #
 # See pf.conf(5) for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@@ -22,8 +22,8 @@ pass		# establish keep-state
 # rules for spamd(8)
 #table <spamd-white> persist
 #table <nospamd> persist file "/etc/mail/nospamd"
-#pass in on egress proto tcp from any to any port smtp \
-#    rdr-to 127.0.0.1 port spamd
+#pass in on egress inet proto tcp from any to any port smtp \
+#    divert-to 127.0.0.1 port spamd
 #pass in on egress proto tcp from <nospamd> to any port smtp
 #pass in log on egress proto tcp from <spamd-white> to any port smtp
 #pass out log on egress proto tcp to any port smtp