and there are no ways to disable this? :/
Only if you want to open yourself to a mountain of hack attempts.
Note that backend authentication systems have been changed as well - this is all to keep you secure.
That means that we need to buy SSL certificate from third party, as some devices don't accept the self issued certificates.
Yup - they are trying to tell you something, and there is a good chance that quite a lot of clients will drop plain unauthenticated connections in due course.... the push for better security is relentless, like it or not. The same will be true for http connections soon. Going the same way the Dodo did.
But you do NOT need to buy a certificate.
Letsencrypt certs are free and SME has had the ability to use them for several years. There is no real excuse not too, unless you run some sort of internal only, airgapped server. Even then there are methods to deploy to it.
You really should not be accepting any authentication on port 25 in 2024. Use 465 and enjoy some more security. If you are in the EU then it possibly even falls under GDPR.