From nobody Sat Feb 25 20:09:24 2023
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PPHsp1s5Kz3tqJV
	for <freebsd-pf@mlmmj.nyi.freebsd.org>; Sat, 25 Feb 2023 20:09:34 +0000 (UTC)
	(envelope-from dave@horsfall.org)
Received: from nsstlmta02p.bpe.bigpond.com (nsstlmta02p.bpe.bigpond.com [203.38.21.2])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "", Issuer "Openwave Messaging Inc." (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PPHsm2Xk8z4D2R
	for <freebsd-pf@freebsd.org>; Sat, 25 Feb 2023 20:09:32 +0000 (UTC)
	(envelope-from dave@horsfall.org)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of dave@horsfall.org designates 203.38.21.2 as permitted sender) smtp.mailfrom=dave@horsfall.org;
	dmarc=none
Received: from smtp.telstra.com ([10.10.24.4])
          by nsstlfep02p-svc.bpe.nexus.telstra.com.au with ESMTP
          id <20230225200927.KNSQ6326.nsstlfep02p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com>
          for <freebsd-pf@freebsd.org>; Sun, 26 Feb 2023 07:09:27 +1100
X-RG-Spam: Unknown
X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvhedrudekiedgjedtucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuuffpveftpgfvgffnuffvtfetpdfqfgfvnecuuegrihhlohhuthemucegtddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfgggtgesthdttddttdervdenucfhrhhomhepffgrvhgvucfjohhrshhfrghllhcuoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqeenucggtffrrghtthgvrhhnpeeiheehvedtiedtledvffevtdevgfdutddvfeejueeuheeludefffehvefgheekffenucffohhmrghinhephhhorhhsfhgrlhhlrdhorhhgnecukfhppeduuddtrddugedurdduleefrddvfeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheprghnvghurhhinhdrhhhorhhsfhgrlhhlrdhorhhgpdhinhgvthepuddutddrudeguddrudelfedrvdeffedpmhgrihhlfhhrohhmpegurghvvgeshhhorhhsfhgrlhhlrdhorhhgpdhnsggprhgtphhtthhopedupdhrtghpthhtohepfhhrvggvsghsugdqphhfsehfrhgvvggsshgurdhorhhgpdhrvghvkffrpegtphgvqdduuddtqddugeduqdduleefqddvfeefrdhnshifrdgrshhprdhtvghlshhtrhgrrdhnvghtpdhgvghokffrpeetfgdpoffvtefjohhsthepnhhsshhtlhhrghduvdhpqdhsvhgt
X-RazorGate-Vade-Verdict: clean 0
X-RazorGate-Vade-Classification: clean
X-RG-VS-CLASS: clean
Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (5.8.812)
        id 6392ADA20EDA7E58 for freebsd-pf@freebsd.org; Sun, 26 Feb 2023 07:09:27 +1100
Received: from aneurin.horsfall.org (localhost [127.0.0.1])
	by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id 31PK9PFg091363
	for <freebsd-pf@freebsd.org>; Sun, 26 Feb 2023 07:09:25 +1100 (EST)
	(envelope-from dave@horsfall.org)
Received: from localhost (dave@localhost)
	by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id 31PK9OPj091360
	for <freebsd-pf@freebsd.org>; Sun, 26 Feb 2023 07:09:25 +1100 (EST)
	(envelope-from dave@horsfall.org)
X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs
Date: Sun, 26 Feb 2023 07:09:24 +1100 (EST)
From: Dave Horsfall <dave@horsfall.org>
To: FreeBSD PF List <freebsd-pf@freebsd.org>
Subject: Where did "from <__automatic_43ce223_0> come from?
Message-ID: <alpine.BSF.2.21.9999.2302260703030.91342@aneurin.horsfall.org>
User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16)
X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub
X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0  587B EF46 7357 EF5E F58B
X-Home-Page: http://www.horsfall.org/
X-Witty-Saying: "chmod 666 the_mode_of_the_beast"
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Spamd-Result: default: False [-1.69 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-0.29)[-0.293];
	R_SPF_ALLOW(-0.20)[+ip4:203.38.21.0/24];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[203.38.21.2:from];
	FROM_HAS_DN(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org];
	DMARC_NA(0.00)[horsfall.org];
	ARC_NA(0.00)[];
	ASN(0.00)[asn:1221, ipnet:203.36.0.0/14, country:AU];
	R_DKIM_NA(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_COUNT_FIVE(0.00)[5];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org];
	TO_DN_ALL(0.00)[];
	HAS_XAW(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_TLS_LAST(0.00)[]
X-Rspamd-Queue-Id: 4PPHsm2Xk8z4D2R
X-Spamd-Bar: -
X-ThisMailContainsUnwantedMimeParts: N

FreeBSD aneurin.horsfall.org 10.4-RELEASE-p13 FreeBSD 10.4-RELEASE-p13 #0: Thu Sep 27 09:21:23 UTC 2018     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386

(Yeah, I'll update soon, when I find a newer box)

Seen in my daily security run output:

    +block drop in quick inet from <__automatic_43ce223_0> to any [ Evaluations: 7333 Packets: 4 Bytes: 240 States: 0 ]

Obviously something created automatically (I don't have anything faintly 
resembling that in my pf.conf), but how?

Thanks.

-- Dave