I had a email that was bounced yesterday that I have a question about. my mail.log is missing several hours before the email and starts back up right after the email started getting bounced. mail.info and syslog still have log info but mail.log is missing several hours.
from syslog I found this
Jan 29 03:39:16 server postfix/smtpd[14727]: connect from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: setting up TLS connection from some.domain.com[75.x.x.x]
Jan 29 03:39:16 server postfix/smtpd[14727]: TLS connection established from some.domain.com[75.x.x.x]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan 29 03:39:17 server postfix/policy-spf[14734]: handler sender_policy_framework: is decisive.
Jan 29 03:39:17 server postfix/policy-spf[14734]: : Policy action=PREPEND Received-SPF: none (some.domain.com: No applicable sender policy available) receiver=server.server.com; identity=mfrom; envelope-from="nobody@some.domain.com"; helo=some.domain.com; client-ip=75.x.x.x
Jan 29 03:39:18 server postfix/smtpd[14727]: 57B494CC15E: client=some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/cleanup[14735]: 57B494CC15E: message-id=<E1JJm02-0002dc-CB@some.domain.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: 57B494CC15E: from=<nobody@some.domain.com>, size=8036, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/smtpd[14727]: disconnect from some.domain.com[75.x.x.x]
Jan 29 03:39:18 server postfix/pickup[14443]: A1B1C4CC2D9: uid=10006 from=<customer5_guruweb>
Jan 29 03:39:18 server postfix/cleanup[14735]: A1B1C4CC2D9: message-id=<20080129093918.A1B1C4CC2D9@server.server.com>
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: from=<web5_xxxx@server.com>, size=413, nrcpt=1 (queue active)
Jan 29 03:39:18 server postfix/local[14753]: A1B1C4CC2D9: to=<admispconfig@localhost.localdomain>, relay=local, delay=0.3, delays=0.1/0.01/0/0.19, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 29 03:39:18 server postfix/qmgr[11372]: A1B1C4CC2D9: removed
Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")
Jan 29 03:39:24 server postfix/cleanup[14735]: 3B4264CC2D9: message-id=<20080129093924.3B4264CC2D9@server.server.com>
Jan 29 03:39:24 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 03:39:24 server postfix/bounce[14774]: 57B494CC15E: sender non-delivery notification: 3B4264CC2D9
Jan 29 03:39:24 server postfix/qmgr[11372]: 57B494CC15E: removed
Jan 29 03:39:26 server postfix/smtp[14775]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 03:40:17 server postfix/smtp[14775]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=53, delays=0.01/0.02/2.5/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection rate 1/60s for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max connection count 1 for (smtp:75.x.x.x) at Jan 29 03:39:16
Jan 29 03:42:38 server postfix/anvil[14731]: statistics: max cache size 1 at Jan 29 03:39:16

Jan 29 04:09:02 server postfix/qmgr[11372]: 3B4264CC2D9: from=<>, size=9965, nrcpt=1 (queue active)
Jan 29 04:09:04 server postfix/smtp[15289]: certificate verification failed for some.domain.com: num=18:self signed certificate
Jan 29 04:09:55 server postfix/smtp[15289]: 3B4264CC2D9: to=<nobody@some.domain.com>, relay=some.domain.com[75.x.x.x]:25, delay=1831, delays=1778/0.02/2.4/51, dsn=4.0.0, status=deferred (host some.domain.com[75.x.x.x] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))

what could cause this error? and foremost what could cause my mail.log to be missing several hours while this took place?
Jan 29 03:39:24 server postfix/local[14736]: 57B494CC15E: to=<web5_xxxx@server.com>, orig_to=<webmaster@server.com>, relay=local, delay=7.5, delays=1.8/0.01/0/5.7, dsn=5.3.0, status=bounced (Command died with signal 6: "/usr/bin/procmail -f-")

Does
/usr/bin/procmail -v
show any errors?

Nope
srv02:/# /usr/bin/procmail -v
procmail v3.22 2001/09/10
Copyright (c) 1990-2001, Stephen R. van den Berg <srb@cuci.nl>
Copyright (c) 1997-2001, Philip A. Guenther <guenther@sendmail.com>

Submit questions/answers to the procmail-related mailinglist by sending to:
<procmail-users@procmail.org>

And of course, subscription and information requests for this list to:
<procmail-users-request@procmail.org>

Locking strategies: dotlocking, fcntl()
Default rcfile: $HOME/.procmailrc
It may be writable by your primary group
Your system mailbox: /var/mail/root

What's the output of ls -la in web5_xxxx's homedir? Maybe some permissions are wrong...

I checked permissions already and they looked right so I don't believe their wrong. besides after that I also updated the user so that permissions or files would be replaced to check and make myself feal better haha I have been known to make mistakes. but here you can take a look.
ls -la web5_xxx
total 124
drwxr-xr-x 5 web5_xxx web5 4096 2008-01-30 05:59 .
drwxr-xr-x 3 web5_xxx web5 4096 2007-10-20 21:25 ..
-rw-r--r-- 1 root root 189 2008-01-30 05:59 .antivirus.rc
-rw-r--r-- 1 root root 804 2008-01-30 05:59 .autoresponder.rc
-rw-r--r-- 1 root root 69149 2008-01-30 05:59 .html-trap.rc
-rw-r--r-- 1 root root 3889 2008-01-30 05:59 .local-rules.rc
drwx------ 9 web5_xxx web5 4096 2007-11-09 16:45 Maildir
-rw-r--r-- 1 root root 204 2008-01-30 05:59 .mailsize.rc
-rw-r--r-- 1 root root 656 2008-01-30 05:59 .quota.rc
drwx------ 2 web5_xxx web5 4096 2008-01-29 03:39 .spamassassin
-rw-r--r-- 1 root root 1236 2008-01-30 05:59 .spamassassin.rc
-rw-r--r-- 1 root root 2039 2008-01-30 05:59 .user_prefs
-rw-r--r-- 1 root root 32 2008-01-30 05:59 .vacation.msg
drwxrwxr-x 2 web5_xxx web5 4096 2007-10-20 21:25 web

Thanks for taking the time to toss ideas at me falko. I put this server together back in October and never gave a lick of problems tell this fluk and hasn't since. everything seems to look right to myself and rkhunter, chrootkit, and clamav don't produce any negative results. I will continue to monitor the situation and ask if anything else seems to pop up. If you have any other ideas please feel free to toss them my way :)

What's the output of ls -la /var/www/web5?

srv02:/# ls -la /var/www/web5
total 68
drwxr-xr-x 14 web5_xxx web5 4096 2008-01-30 05:59 .
drwxr-xr-x 13 root root 4096 2007-10-20 21:30 ..
drwxr-xr-x 2 root root 4096 2007-10-20 21:25 bin
drwxr-xr-x 2 web5_xxx web5 4096 2007-10-20 21:24 cgi-bin
drwxr-xr-x 2 root root 4096 2007-10-20 21:25 dev
drwxr-xr-x 4 root root 4096 2007-10-20 21:25 etc
-rw------- 1 web5_xxx web5 24 2008-01-30 05:59 .forward
-rw-rw-r-- 1 root web5 53 2008-02-02 04:00 .htpasswd
drwxr-xr-x 4 root root 4096 2007-10-20 21:25 lib
drwxr-xr-x 4 web5_xxx web5 4096 2008-02-02 00:30 log
lrwxrwxrwx 1 root root 44 2008-01-30 05:59 Maildir -> /var/www/web5/user/web5_xxx/Maildir
drwxrwxrwx 2 web5_xxx web5 4096 2007-10-20 21:24 phptmp
-rw-r--r-- 1 root root 494 2008-01-30 05:59 .procmailrc
lrwxrwxrwx 1 root root 51 2008-01-30 05:59 .spamassassin -> /var/www/web5/user/web5_xxx/.spamassassin/
drwxr-xr-x 2 web5_xxx web5 4096 2007-10-20 21:24 ssl
drwxr-xr-x 3 web5_xxx web5 4096 2007-10-20 21:25 user
drwxr-xr-x 4 root root 4096 2007-10-20 21:25 usr
lrwxrwxrwx 1 root root 52 2008-01-30 05:59 .vacation.cache -> /var/www/web5/user/web5_xxx/.vacation.cache
drwxr-xr-x 3 root root 4096 2007-10-20 21:25 var
drwxr-xr-x 17 web5_xxx web5 4096 2008-01-22 17:30 web

Looks ok, too... :confused:

Yes I know that feeling too :confused:
I will continue to monitor the server and see what if anything will happen again.
either way, thanks for your time Falko.