Not really, because I've never used a route-to or reply-to, and PF has changed significantly in this area. The redirection you are using, though,
implies NAT, in one direction; NAT provides the translation in the other direction. But I can't tell from your fragment what your network topology really is. It appears you are operating a NAT router for <colo> subnets, and providing a single network interface outbound.
What I meant was to also NAT your xxx.xxx.3.1 spam filter platform, with something like this:
Code:
nat on $ext_if from {<colo> xxx.xxx.3.1} -> ($ext_if)
In that way, an inbound packet from the external interface would see a response from this same address, and xxx.xxx.3.1 would never be used in any outbound packet.
But I am confused by your three rules, because I do not understand your topology. I'm also no expert. If your <colo> subnets are NATted through a single IP address going out, your last rule may never match, unless there are addresses in <colo> which are in MX records somewhere, and routing tables go through your router to get there. But then NAT could not be used, so that SMTP sessions behave as expected.