I don't think you need a line in hosts.allow unless you are also using hosts.deny. The default is allow unless you specify otherwise.
In present usage, hosts.deny isn't employed much. If your hosts.allow is empty, then everything will be allowed. Most folks use:
ALL: 127.0.0.1: ALLOW
ALL: ALL: DENY
at the end of their /etc/hosts.allow, then above those lines add ALLOW and DENY statements as needed.
I'm running qpopper on RH7 and have empty hosts.allow and hosts.deny files.
Which is the default, though not necessarily recommended configuration.
I believe the poster did indeed have iptables on by virtue of RedHat's firewall setup, and that was causing the issue. My biggest complaint with RedHat's default configuration is the lack of explicit logging of what's dropped. Leads to too many people not understanding why they're getting into trouble.
