Postfix: sending outgoing mail through port 465/587 locally

I’ve got a mail server set up using postfix, dovecot, opendkim, and spamassassin. After a bit of hassle, I managed to get incoming mail working–I even set this account up using that server.

However, I’ve got a problem with outgoing mail. My ISP, fat as it is, blocks communications through port 25… meaning that, obviously, sending messages doesn’t work. Here’s logs after attempting to send to my old Protonmail account (from Neomutt on an external machine):

postfix/qmgr[653083]: 7E2BD9006AB: from=<swurl@doma.in>, size=479, nrcpt=1 (queue active)
// disconnect from external client
postfix/smtp[653086]: connect to mail.protonmail.ch[185.70.41.101]:25: Connection timed out
postfix/smtp[653093]: connect to mail.protonmail.ch[185.70.41.101]:25: Connection timed out
postfix/smtp[653086]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
postfix/smtp[653086]: 44DED90068A: to=<oldaccount@protonmail.com>, relay=none, delay=115, delays=55/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)

So, yeah… ISP blocks port 25 (outgoing), so I need a way to bypass this. One way I saw a lot about was configuring to use an external smtpd. I’d either have to use my ISP’s (not ideal) or, set up postfix on my friend’s VPS (not exactly ideal either but if all else fails I’ll ask him). TECHNICALLY I could ask my ISP to unblock port 25, but that, well, might not work.

However, I’d instead like to route all outgoing mail to port 465 or 587 of external servers, not 25, using only my local postfix setup. I couldn’t find anything about this online, and changing the outgoing smtp port to an alternate port in master.cf still sends stuff through 25. So, how should I go about doing this? Keep in mind, if there’s literally nothing I can do then I can just ask my friend for his VPS

postconf -n:

alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/bin
compatibility_level = 3.6
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Mail/Inbox/
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname $mydomain localhost localhost.localdomain
mydomain = doma.in
myhostname = mail.doma.in
mynetworks = 127.0.0.0/8 [::1]/128 MY.IP/32 192.168.86.1 192.168.86.0/24
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = inet:127.0.0.1:12301
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
relay_domains = $mydestination
sample_directory = /etc/postfix
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_tls_CAfile = /etc/letsencrypt/live/doma.in/cert.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtpd_milters = inet:127.0.0.1:12301
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/doma.in/fullchain.pem
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
smtpd_tls_key_file = /etc/letsencrypt/live/doma.in/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
unknown_local_recipient_rject_code = 550