And that is the best practice, if you want the sent emails to have any chance to reach the inbox of the recipient. This is because most email providers reject non-authenticated emails, in an effort to combat spam. This can get pretty serious in situations of emails for password recovery emails and/or 2FA emails.
I was looking in the Web UI for the SMTP account for internal Hestia mails, but instead I found it on the command line with the commands v-add-sys-smtp and v-delete-sys-smtp. Just putting that information here, which may help others looking for that.