You’re asking for a lot of pain. That’s all I can say. Like SIP, SMTP is one of the most attacked services out there. It has to be public, it has to be on specific ports, and it has to be advertised that it’s available. There’s a reason why people don’t mess with it anymore.
Just use Proton or a similar service. You’re getting the same thing for free or cheap.