How can I set the server without expose the smtp port

Hi all,
New to bitwarden, trying to set my own server. For now I have a smtp server running by postfix on the same server with bitwarden, but I don’t want to expose my smtp port (25) to public. What can I do?

I tryed using 127.0.0.1 as globalSettings__mail__smtp__host in ./bwdata/env/global.override.env and it fail to send any email.I assumed the bitwarden in the docker so it doesn’t work,what else can I do?

If I use my domain, it still get blocked when my firewall is running,even it’s sending from the same address,which is wried btw.

ps:I’m able to access the port by adding my public ip to the firewall, just trying to find a more elgant way here