We are looking for this too. Usually the submission port that allows authentication should only allow AUTH if a TLS session was negotiated first (STARTLS). Port 25 shouldn't allow AUTH. That's the best practices.

But I don't know how to do this with smartermail :/

Thanks for getting this posted. I have a feature request submitted on behalf of EchoDreamz and this community post will help gather/build a use case that this would benefit the rest of the community. I'll keep an eye on this and will link the post to the ticket as well. 

The main reason, we disabled port 25, and after about 3 days, the spammers figured it out and simply updated whatever they were using to hammer our server with crap to our alternative ports.

Also agree, we should be able to state which ports are TLS required.

Plus one!

Maybe a setting per SMTP port that says "Authentication Required", though, I am not sure how hard that is to implement on a per port basis, so maybe a setting on the SMTP In card that says "Authentication Required" and enforce it globally.

I'd think a per-port setting may be better, where as a global setting may be easier to implement. This setting can still by bypassed by IPs that are whitelisted for "SMTP Auth Bypass".

I have added this to our features request list.

Thanks Robert! This would be an awesome addition to SM, especially since we use external anti-spam gateways.