JoshuaR
You do not need to manually poke holes in the firewall by playing with masq.
Issuing the correct commands to enable mail services for public access, will also open the firewall ports required.
Here is an example of one command you will likely need to run (coming from private server gateway mode)
config setprop qpsmtpd access public
signal-event post-upgrade
reboot
You need to check what else will need changing with
config show |more