Troubleshooting PostFix SMTP Connection Issues: Fixing “Connection Refused” on Port 25 in CentOS


4 views

When attempting to establish a telnet connection to port 25 on a CentOS server running PostFix, you're encountering the frustrating "Connection refused" error. This typically indicates one of several potential issues in your mail server configuration.

First, confirm PostFix is actually running:

sudo systemctl status postfix

If it's not active, start it with:

sudo systemctl start postfix
sudo systemctl enable postfix

PostFix needs to be configured to listen on the correct interfaces. Examine your main.cf:

sudo nano /etc/postfix/main.cf

Look for these critical parameters:

inet_interfaces = all
inet_protocols = all

Even with SELinux disabled, iptables might be blocking traffic. Verify and add rules if needed:

sudo iptables -L -n
sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT
sudo service iptables save

Before testing from another machine, verify locally:

telnet localhost 25

If this works but remote connections fail, your issue is network-related.

PostFix might not be binding to your external interface. Check:

netstat -tulnp | grep :25

You should see output similar to:

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1234/master

Use postconf to verify all settings:

postconf -n

Pay particular attention to these parameters:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24

If telnet still fails, try these diagnostic commands:

nc -zv your.server.ip 25
nmap -p 25 your.server.ip
  • Service running (systemctl status postfix)
  • Correct inet_interfaces setting
  • Proper iptables rules
  • Network interface binding
  • Appropriate mynetworks configuration

First, confirm if Postfix is actually running and listening on port 25:

sudo systemctl status postfix

If inactive, start it with:

sudo systemctl start postfix
sudo systemctl enable postfix

Use netstat or ss to verify Postfix is bound to port 25:

sudo netstat -tulnp | grep :25
# OR
sudo ss -tulnp | grep :25

Expected output should show Postfix listening on 0.0.0.0:25 or your server's IP.

Even with SELinux disabled, iptables might block the connection. Add a rule:

sudo iptables -I INPUT -p tcp --dport 25 -j ACCEPT
sudo service iptables save

For firewalld users:

sudo firewall-cmd --add-port=25/tcp --permanent
sudo firewall-cmd --reload

Inspect /etc/postfix/main.cf for these critical settings:

inet_interfaces = all
# or specific IP:
# inet_interfaces = 192.168.1.100

After changes, reload Postfix:

sudo postfix reload

If telnet still fails, try these diagnostic commands:

# Check local connection
telnet localhost 25

# Test from another machine using nc
nc -zv your.server.ip 25

# Detailed port test
nmap -p 25 your.server.ip

Check /etc/postfix/master.cf to ensure SMTP service is enabled:

smtp      inet  n       -       n       -       -       smtpd

This line should NOT be commented out.

When all else fails, use tcpdump to analyze traffic:

sudo tcpdump -i eth0 port 25 -vv -n

Look for SYN packets coming in but no response, indicating a deeper network issue.