Postfix SMTP on port 587 errno connection refused only from localhost

Question

If I connect from a website from the localhost (127.0.0.1) with port 587 and STARTTLS to my smtp-server on mail.example.tld, I get the the error "Connection refused, errno 111". Connections from a server with another IP are working, the problem occurs only with the localhost on the same server.

When I change mail.example.tld to smtp.example.tld it works. For smtp.example.tld I have the following DNS entry in my example.tld zone

smtp IN CNAME mail.example.tld

From netstat I get

netstat -tlanp | grep 587
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      7617/master
tcp        0      0 [IPv4-Address]:587       0.0.0.0:*               LISTEN      7617/master
tcp6       0      0 [IPv6-Address]:587   :::*                    LISTEN      7617/master
tcp6       0      0 ::1:587                 :::*                    LISTEN      7617/master

Postfix listen on all addresses. When I try

openssl s_client -starttls smtp -crlf -connect mail.example.tld:587

I get the following

139770323395008:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
139770323395008:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
connect:errno=111

In my main.cf from postfix I have

inet_interfaces = IPv4, [IPv6], localhost

When I change it to

inet_interfaces = all

Then it works.

Why are connections from the localhost refused if I specify my IP addresses?

Answer 1

I would guess that "mail.example.tld" doesn't resolve the way you think, usually because of local /etc/hosts ovreride.

Did you try connecting with numeric IP addresses only ?

does "host mail.example.tld" resolve to the same IP address than "ping -c1 mail.example.tld" ?