Currently even whilst you set authOptional to true, the server will throw a "421 - Error: too many unauthenticated commands" after receiving _maxAllowedUnauthenticatedCommands unauthenticated commands. That's not desirable, because authentication in this case was not required.
The following line should check for this._server.options.authOptional, because if authOptional option is set to true, there may be infinite unauthenticated commands: https://github.com/nodemailer/smtp-server/blob/17fd809cf74d6ba5d9a4711d05ff4d379bbb6bb3/lib/smtp-connection.js#L454
Currently even whilst you set authOptional to true, the server will throw a "421 - Error: too many unauthenticated commands" after receiving _maxAllowedUnauthenticatedCommands unauthenticated commands. That's not desirable, because authentication in this case was not required.