'Invoked' by (qmail ##### invoked by uid 78).
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Though the qmail number varies, the "invoked by uid 78" part is always constant. What is uid 78 referring to, and do you know what the problem is with my business mail?
The 'uid 78' that you are seeing in your emails refers to user ID (uid) 78, which invoked the qmail process. There are two types of users who could have invoked qmail: human or system. You, for example, are obviously a human user, while programs like Apache and qmail are system users, not human users. The fact that the uid is constant makes tracking down your problem a lot easier. If you search for the uid 78, inside the /etc/passwd file, using the grep command-line text search tool, for example, you should find the user associated with this uid. So here's a possible command, for example:
# grep 78 /etc/passwd
If you find that user id 78 is associated with a human user, then you can immediately suspend the user's account and take the matter further with the user directly. I suspect, though, that you will find that uid 78 is that of a system program, which will require additional investigation. On Red Hat Linux, for example, all uids below 500 are reserved for system use.
Keep in mind that programs cannot generate mail on their own. They only generate mail when instructed to do so. The first place I would look would be scripts that run on the server. One cause may be a Web form script sending mail using user ID 78's account. This could occur if you restarted your Apache Web server incorrectly using the "su," or substitute user command. The error would lead to the wrong user's environment variables being used by the Web script engine.
To avoid such problems in the future, ensure all administrators follow best practices when making changes to servers and that they log on and off using the correct accounts. Any system configuration changes or restarts should be logged following change-control procedures. If the appearance of this mail header has suddenly started, you should be able to narrow down the problem and trace it back through your change log to see who made what changes to your server and when.
Dig Deeper on Email and Messaging Threats (spam, phishing, instant messaging)
Related Q&A from Michael Cobb
C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to ...continue reading
Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and ...continue reading
A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.