This is my varnish configuration, which enhances the wordpress blogs:

backend default {
  .host = "localhost";
  .port = "81"; # This need to be the same as the Apache vHost port listener!
}

acl purge {
	"localhost";
}

sub vcl_recv {
	if (req.http.host ~ "^piwik.klammeraffe.org$") {
		return(pipe);
	}
	if (req.url ~ "/server-status") {
		return (pipe);
	}
	if (req.url ~ "/wp-admin") {
		return (pipe);
	}
	if (req.url ~ "/mailman") {
		return (pipe);
	}
	if (req.request == "PURGE") {
			if (!client.ip ~ purge) {
				error 405 "Not allowed.";
			}
		return(lookup);
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_hit {
	if (req.request == "PURGE") {
		set obj.ttl = 0s;
		error 200 "Purged.";
	}
}

sub vcl_miss {
	if (req.request == "PURGE") {
		error 404 "Not in cache.";
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset req.http.cookie;
	}
	if (req.url ~ "^/[^?]+.(jpeg|jpg|png|gif|ico|js|css|txt|gz|zip|lzma|bz2|tgz|tbz|html|htm)(\?.|)$") {
		unset req.http.cookie;
		set req.url = regsub(req.url, "\?.$", "");
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_pipe {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_pass {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_fetch {
	if (req.url ~ "^/index.php/archives/20") {
		set beresp.http.Cache-Control = "max-age=1000";
		set beresp.ttl = 600s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		set beresp.http.Cache-Control = "max-age=30";
		set beresp.ttl = 15s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
		set beresp.http.Cache-Control = "max-age=14400";
		set beresp.ttl = 1w;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		unset beresp.http.set-cookie;
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset beresp.http.set-cookie;
	}
	if (beresp.ttl < 60s) {
		set beresp.ttl = 60s;
	}
}

A newer post about the subject in my web server talk.