Is it possible to run an SMTP server like postfix on a Google Cloud instance without using an external mail provider by relay?

Solution 1:

This was first decided back in 1982 with RFC 821, Appendix A and has been this way ever since. Currently the TCP port 25 is IANA assigned for this purpose, too. From SMTP RFC 5321:

4.5.4.2. Receiving Strategy

The SMTP server SHOULD attempt to keep a pending listen on the SMTP port (specified by IANA as port 25) at all times. This requires the support of multiple incoming TCP connections for SMTP.

You cannot simply change the port, because there is no mechanism for other SMTP servers to know you are using a non-standard port, and you cannot either send to other servers using any other port.

The Google Cloud is not designed for this, as explained in their guide: Sending email from an instance:

Using standard email ports

By default, Compute Engine allows outbound connections on all ports except port 25, which is blocked because of the risk of abuse. All other ports are open, including ports 587 and 465.

Note: Port 25 is always blocked and can't be used, even through an SMTP relay using Google Workspace.

The ports 587 and 465 are available for SMTP Message Submission (RFC 6409). This means you can use an external mail relay (your own or from someone else) for authenticated SMTP, and this server handles delivery to other mail systems on port 25.