From what I can tell, you've only moved one program's use of port 25 to 587, which also requires TLS-encryption off the top of my head. You'll need to move all other programs use of port 25 to port 587 also, unless you want to setup an iptables rule to forward all traffic from 25 to 587, which I don't recommend - that would still leave programs configured to use port 25, which isn't what you're wanting.

Keep in mind the TLS part of port 587. I think most mail servers will deny your mail without a certificate being sent with it, which you could obtain from LetsEncrypt for free. – Dooley_labs – 2017-09-07T19:07:18.547

my aim is block malicious use of contact forms, scripts in php file from sending mail without using any password. my question is if I change the port in php from 25 to 587. Normally mail won't be send without using smtp. I think it will work like that or am I not in the right path. – Joshi – 2017-09-07T19:17:47.963

Perhaps use of Google's ReCaptcha would suit your situation better. It's free to use and easy to implement. I use them on all of my php-based contact/sign-up sites. This tutorial may be of-use.

I am not designing/developing all the websites on my server. some spaces are given to client. who may or may not implement captcha. – Joshi – 2017-09-07T19:42:38.203

In that case, an iptables rule would probably work. From this question you may be able to use iptables -A PREROUTING -t nat -i -p tcp --dport 25 -j REDIRECT --to-port 587 to achieve your goal. If it works, don't forget to iptables-save. If it doesn't work, switch the -A with -D to delete the rule. I'm assuming you may already know this based on your rep from other SE communities, but leaving it in for future reference.