Yes, a mailbox is required if you want to authenticate. Why? So that per mailbox limits ( if any) and any other restrictions ( send as etc..) can be enforced.
The way around that of course is to send anonymously to port 25.
This doc is for Exchange Online, but really it applies to on-prem Exchange as well
Note the requirement for a mailbox using authenticated relay