A healthy mail server or gateway allows unauthenticated connections from the Internet only to port 25, and only for message delivery to the local mail server domain(s). Messages for non-local mail domains should be configured for authentication required.
A mail server which accepts unauthenticated connections from the Internet, for delivery to remote mail domains, is called an open relay, and spammers are constantly probing for them. If you run an open relay, you take the blame for their dirty deeds.
For Webmail, authentication should always be required, I don't think it can be disabled.
For IMAP, POP, ActiveSync, and EWS, authentication should be used to prevent hacking. Disabling authentication might be possible, but is a terriible idea.
For applications that submit mail, authentication is always preferred. If the application is unable to submit credentials, it is possible to configure an authentication exception (from a server admin login, settings, Security, Whitelist, add IP address or range.) If you do a big enough range, you can configure an open relay, but you should not!
I also recommend using an incoming gateway (SmarterMail+Declude or any other product) in front of your mail server, to further protect your crown jewels from the bad guys..