pf rules and binat

[Kilaru Sambaiah]

I have a question regarding pf and binat.

I need to protect mail server and web server behind firewall. I am 
planning to run
pf with binat rules. I need to do the following:
1) Allow only ssh to firewall
2) Allow 80, 443 fron net to web server through binat
3) Allow 25 and 143 to mail server

I am ending with allowing 22, 25, 80, 143, 443 to firewall, mail server 
and webserver.

How to enable only required ports for binat instead of all.

thanks,
Sam