How to restricted internal user to use port 25,so I can register scouping IP address who can use port 25 for outg

Remove Anonymous from the PermissionGroups of the Default receive connector.

Create a new receive connector with Anonymous in the PermissonGroups, bindings set to port 25 and RemoteIpRanges property set to the list of IP addresses and/or ranges that you want to be allowed to send SMTP to it.

Hi,

According to your description, I understand that allow some special account use port 25 for outbound mail flow, however others is be limited.
If I misunderstand your concern, please do not hesitate to let me know.

We cannot block telnet on port 25. Its the way SMTP works. More details about Network ports for clients and mail flow in Exchange 2013, for your reference:
https://technet.microsoft.com/en-us/library/bb331973%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

Besides, the workaround is use transport rule to limit user send message to external. We can limit outbound mail flow by a distribution group, figure as below:

Thanks

If the concern is to restrict the internal users who can send outbound SMTP mail, my answer is the best one.  Allen, yours restricts all outbound mail, not just that submitted via SMTP, but including mail submitted via Outlook, OWA, ActiveSync and EWS (Mac Outlook).