mail traffic thru firewall problem

["WR" <gen2_(_at_)_planetofidiots_(_dot_)_com>]

Hi all

I'm stumped on something that is probably very simple...but I'm not
getting it (even after reading Absolute OpenBSD and dozens of man
pages...and googling a bunch)! Running obsd 3.4 as a dsl gateway-fw,
everything is working (www and ftp-proxy traffic, port rdr's, are flowing
nicely) except mail. From watching the fetchmail log on a local mail
client, it appears that communications switch from POP to SMTP at the
point where messages are actually downloaded, and this is where I have a
problem. I can telnet into my isp's mail server, LIST mail fine, but as
soon as I (or fetchmail) send a RETR, the connection hangs there. If I
patch my store-bought router/fw back in, mail flows fine, so the
client/server components are fully-functional.

There was no explicit pf rule to allow ports 110 and/or 25 on the
firewall, so I figured I'd see the blocked part of mail transactions show
up in pflog0, but they don't show. ("block in log all" is set).

I tried to add this:
($pop_servers="{list-of-ip-addresses}")

pass in log on $ext_if proto tcp from $pop_servers to $ext_if port { 25,
110 } keep state

but still same problem.
Any hints?

Thanks!