You need to open port 25 inbound for connections to sendmail. You also need to allow sendmail to make DNS requests outbound, as it checks the domain names and IP addresses offered to it.

If sendmail runs on another machine, you need to set the firewall to forward port 25 connections to this inner machine.