What you describe above is no security problem, it is the normal way email works. If it would be required that users have to be authorized to send a email to a local mailbox, then nobody would be able you send you a email.
Please dont mix this up with sending a email trough your server to a external email. Sending to a external email trogh your server requires authorization, but sending e amil to a local user can not require authorization.
Is there any way to stop email from telnet 25(unauthorized) port without affecting email sending & receiving capability.
Thats not possible without disabling email receiving at alltogether.