To permanently enable each of the aforementioned services, use the following command:
firewall-cmd --permanent --add-service <service>
Note that the given command doesn't activate access to the service until you restart FirewallD. Anyway, that's it.
As a final note, I didn't allow access to admin port 7171. The reason is that I'm not so comfortable with allowing Internet wide access to admin console. To access admin console, I'm going to use ssh tunneling. Basically, I'll forward local port 7171, over ssh, to port 7171 on loopback interface of mail server. In case you are unlike me, and don't have problems with allowing access to that port, use the following command:
firewall-cmd --permanent --add-port=7171/tcp
Again, don't forget to restart FirewallD after issuing the given command.