To close the loop here: I finally got back to this project and everything is working beautifully! The secrets limit has been raised, and now that all ports are allowed I can run on 25, 465, and 587.
In case it’s helpful for others working on smtp, here’s the relevant bits of my fly.toml:
[[services]]
internal_port = 25
protocol = "tcp"
[[services.ports]]
port = 25
[[services.ports]]
handlers = ["tls"]
port = 465
[[services.ports]]
port = 587
Thanks for all the improvements along the way! I’m really excited to cut traffic over from my old server.