There are a number of differing views, but I subscribe to the view that port 25 is best assigned for incoming mail/smtp only. Anything heading outbound, which requires authentication, I use a higher port assignment.
I tend to keep the two separate by using multiple instances of Postfix with their own independent inbound/outbound configs. That way I can apply fierce spam and virus scanning to incoming mail, but - rather selfishly/commonly found - less stringent rules on the outbound.
I guess one of the questions I would ask would be "What are my main clients going to be, and how much desktop to desktop hoping are you going to have to do?"
Port 465 is also worth mentioning. I'm sure I had some issues with Microsoft clients in the dim and distance past and that port played a part in it - but don't quote me on it!
Just my view, but I'm certainly no expert.