'Invoked' by (qmail ##### invoked by uid 78).
Though the qmail number varies, the "invoked by uid 78" part is always constant. What is uid 78 referring to, and do you know what the problem is with my business mail?
The 'uid 78' that you are seeing in your emails refers to user ID (uid) 78, which invoked the qmail process. There are two types of users who could have invoked qmail: human or system. You, for example, are obviously a human user, while programs like Apache and qmail are system users, not human users. The fact that the uid is constant makes tracking down your problem a lot easier. If you search for the uid 78, inside the /etc/passwd file, using the grep command-line text search tool, for example, you should find the user associated with this uid. So here's a possible command, for example:
# grep 78 /etc/passwd
If you find that user id 78 is associated with a human user, then you can immediately suspend the user's account and take the matter further with the user directly. I suspect, though, that you will find that uid 78 is that of a system program, which will require additional investigation. On Red Hat Linux, for example, all uids below 500 are reserved for system use.
Keep in mind that programs cannot generate mail on their own. They only generate mail when instructed to do so. The first place I would look would be scripts that run on the server. One cause may be a Web form script sending mail using user ID 78's account. This could occur if you restarted your Apache Web server incorrectly using the "su," or substitute user command. The error would lead to the wrong user's environment variables being used by the Web script engine.
To avoid such problems in the future, ensure all administrators follow best practices when making changes to servers and that they log on and off using the correct accounts. Any system configuration changes or restarts should be logged following change-control procedures. If the appearance of this mail header has suddenly started, you should be able to narrow down the problem and trace it back through your change log to see who made what changes to your server and when.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.