The hotspot-temp rules in the firewall define what’s allowed by unauthenticated users, so whether it’s port 25 or any other port, adding an accept rule to that ruleset should be enough to let users through without logging in. You might consider limiting the bandwidth or the rate of SYN packets through those special rules just to limit the possible damage that could be done by unauthenticated users.