In order to prevent spam, you can set only 127.0.0.1 in the allow list. This prevents spam, and you can send emails without filling in a username and password. However, some programs/codes cannot send emails without a username and password. Yes, and it is indeed not safe to use a password. So you still need to set the username and password of the SMTP server.
The username and password in IIS must be the user in the windows account. So you must first create a windows account name. Add a user to the user account and set the group to: IIS_WPG (in order to prevent excessive permissions from being unsafe, IIS_WPG is sufficient)
Then right-click on the "Default SMTP Virtual Server" in IIS and configure the SMTP server.
1. Add the user just created in the "Security" tab.
2. Check "Basic Authentication" in "Authentication" in the "Access" tab
Then I used one of my PHP programs to test. Originally, it was impossible to send emails without a username and password. After setting them up, I could send them immediately.