linux

Rootkit or still postfix? If postfix, how to close "extra" ports?

I installed chkrootkit on the server and scanned it.
He cursed at port 465: Checking `bindshell'... INFECTED (PORTS: 465)
Here is the output of some commands:
netstat -an|grep 465

tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp6 0 0 :::465 :::* LISTEN

sudo lsof -i :465

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 31549 root 106u IPv4 255217 0t0 TCP *:urd (LISTEN)
master 31549 root 107u IPv6 255218 0t0 TCP *:urd (LISTEN)

ps31549

PID TTY STAT TIME COMMAND
31549 ? Ss 0:32 /usr/lib/postfix/master

It looks like this port is used by postfix for smtp.
If I do /etc/init.d/postfix stop , that port is not seen to be open.
How to make sure that this is postfix, and not a rootkit that is disguised as it?
postfix only sends emails from a server that has a secure config that blocks everything else and closes unnecessary ports?