'Invoked' by (qmail ##### invoked by uid 78).
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Though the qmail number varies, the "invoked by uid 78" part is always constant. What is uid 78 referring to, and do you know what the problem is with my business mail?
The 'uid 78' that you are seeing in your emails refers to user ID (uid) 78, which invoked the qmail process. There are two types of users who could have invoked qmail: human or system. You, for example, are obviously a human user, while programs like Apache and qmail are system users, not human users. The fact that the uid is constant makes tracking down your problem a lot easier. If you search for the uid 78, inside the /etc/passwd file, using the grep command-line text search tool, for example, you should find the user associated with this uid. So here's a possible command, for example:
# grep 78 /etc/passwd
If you find that user id 78 is associated with a human user, then you can immediately suspend the user's account and take the matter further with the user directly. I suspect, though, that you will find that uid 78 is that of a system program, which will require additional investigation. On Red Hat Linux, for example, all uids below 500 are reserved for system use.
Keep in mind that programs cannot generate mail on their own. They only generate mail when instructed to do so. The first place I would look would be scripts that run on the server. One cause may be a Web form script sending mail using user ID 78's account. This could occur if you restarted your Apache Web server incorrectly using the "su," or substitute user command. The error would lead to the wrong user's environment variables being used by the Web script engine.
To avoid such problems in the future, ensure all administrators follow best practices when making changes to servers and that they log on and off using the correct accounts. Any system configuration changes or restarts should be logged following change-control procedures. If the appearance of this mail header has suddenly started, you should be able to narrow down the problem and trace it back through your change log to see who made what changes to your server and when.
Dig Deeper on Email and Messaging Threats (spam, phishing, instant messaging)
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.