Somehow these people are sending spam form several IP's on this machine and I'm receiving complaints from spamcop. Here is a snippet of the header: Received: (qmail 37742 invoked by uid 29966); Thu, 22 Sep 2005 20:49:34 +0200 (CEST) Message-Id: <email@example.com> Look at the UID 29966, this does not exist on the system and I don't understand why it's showing up. There is nothing in /tmp and its set noexec. we're running mod_security and the system seems to work well otherwise. Any ideas even where to start looking?