To meet your organization's requirements of blocking all SMTP traffic to your cloud environment except for traffic originating from your corporate network, while restricting SMTP access to only specific VPCs across Google Cloud projects, what configuration steps should you take in the security policy?