I have a Received header from an e-mail as follows:
Received: by aaa.bbb.ccc (Postfix, from userid 0)
id A70248414D5; Sun, 26 Apr 2020 16:49:01 +0200 (CEST)
What does the userid part stand for? Is it the UID of the receiving postfix process? Is it the UID of the sender? How is it determined?
Note I have seen posts indicating that this is generated when using PHP's mail() function.
I just can't seem to find details on how the uid is determined.
This doesn't indicate the mail was sent using PHP mail() function, as it's just one example of applications sending mail through Sendmail. It could be anything that utilizes Postfix's local submissions. From Postfix Architecture Overview: How Postfix receives mail:
Local submissions are received with the Postfix sendmail(1) compatibility command, and are queued in the maildrop queue by the privileged postdrop(1) command. This arrangement even works while the Postfix mail system is not running. The local pickup(8) server picks up local submissions, enforces some sanity checks to protect Postfix, and gives the sender, recipients and message content to the cleanup(8) server.
The pickup is aware of the user that used the postdrop.
postfix/pickup[4771]: A70248414D5: uid=0 from=<root>
The cleanup adds a unique message ID and a received header based on this information.
postfix/cleanup[4776]: cleanup_header_callback:
'Received: by example.com (Postfix, from userid 0)
??id A70248414D5; Sun, 26 Apr 2020 16:49:01 +0200 (CEST)'
postfix/cleanup[4776]: A70248414D5: message-id=<20200426144901.A70248414D5@example.com>
The from literally means the user the message is from.
The userid 0 indicates it's from the root.
