If I connect from a website from the localhost (127.0.0.1) with port 587 and STARTTLS to my smtp-server on mail.example.tld, I get the the error "Connection refused, errno 111". Connections from a server with another IP are working, the problem occurs only with the localhost on the same server.
When I change mail.example.tld to smtp.example.tld it works.
For smtp.example.tld I have the following DNS entry in my example.tld zone
smtp IN CNAME mail.example.tld
From netstat I get
netstat -tlanp | grep 587
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 7617/master
tcp 0 0 [IPv4-Address]:587 0.0.0.0:* LISTEN 7617/master
tcp6 0 0 [IPv6-Address]:587 :::* LISTEN 7617/master
tcp6 0 0 ::1:587 :::* LISTEN 7617/master
Postfix listen on all addresses. When I try
openssl s_client -starttls smtp -crlf -connect mail.example.tld:587
I get the following
139770323395008:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
139770323395008:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
connect:errno=111
In my main.cf from postfix I have
inet_interfaces = IPv4, [IPv6], localhost
When I change it to
inet_interfaces = all
Then it works.
Why are connections from the localhost refused if I specify my IP addresses?
Best Answer
I would guess that "mail.example.tld" doesn't resolve the way you think, usually because of local /etc/hosts ovreride.
Did you try connecting with numeric IP addresses only ?
does "host mail.example.tld" resolve to the same IP address than "ping -c1 mail.example.tld" ?