Hi - re port 25, I’m pretty sure it must be open for sending - those higher ports are used for clients (eg. the email app on your phone) submitting to your box (only the 1st step in the chain), then your box forwards the message towards the destination on port 25.
(PS. We talk about “port 25” being blocked, but every connection has 2 ends, usually with unrelated port numbers. What is blocked is all connections to someone else’s port 25, which is where email servers listen for incoming messages from other servers.)
Re forwarding/mailgun/etc - anything is possible but it will be outside the scope of MIAB, so you’ll be on your own. That in itself is just a source of fun (!) but know that every MIAB upgrade will overwrite some of your changes, so mods become a continuous process. And you need (or will acquire) a fair bit of knowledge about TCP and email.
MIAB makes your box into a real email server, it needs real access to the rest of the world. The consensus seems to be - it your provider won’t open 25, go to someone who will.