[centos 5] SMTP suddenly not available

CentOS 5 - been running stock postfix / dovecot for years problem free (dovecot might be EPEL) without problems.

Suddenly today I can not send mail. I can receive but not send.

Here is result of nmap from outside:

Starting Nmap 6.01 ( http://nmap.org ) at 2013-02-27 04:08 PST
Nmap scan report for **my_domain** (**my_IP**)
Host is up (0.61s latency).
Not shown: 994 filtered ports
PORT    STATE  SERVICE
22/tcp  closed ssh
53/tcp  open   domain
80/tcp  open   http
443/tcp open   https
631/tcp closed ipp
993/tcp open   imaps

Nmap done: 1 IP address (1 host up) scanned in 72.83 seconds

Notice no port 25

Here is result of nmap against localhost after ssh into host:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-27 07:10 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1671 closed ports
PORT     STATE SERVICE
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
143/tcp  open  imap
443/tcp  open  https
783/tcp  open  spamassassin
993/tcp  open  imaps
3306/tcp open  mysql
5432/tcp open  postgres

25 is clearly open, postfix is running.

Here are my iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport **** -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

(**** is my custom sshd port)

Any suggestions? Been years since I set the system up, it's been flawless until now, I don't understand what borked it and why I don't see port 25 from the outside.