I have a need to allow 2-3 internal users to access an Exchange server

remotely.
I have run debug and have not yet seen where it asks for port 25
(haven't
logged in yet). I see port 135 and many ports around port 1060.
Are there any suggestions?
Is it very insecure to allow all TCP to the remote Mail Server's IP
Address?
Thanks