I have a need to allow 2-3 internal users to access an Exchange server

I have run debug and have not yet seen where it asks for port 25
logged in yet). I see port 135 and many ports around port 1060.
Are there any suggestions?
Is it very insecure to allow all TCP to the remote Mail Server's IP