*) Your solution with SQL structure modification is worse. With "mailbox.username='%s' OR mailbox.enablesendermismatch=1", it can bypass mailbox.username, that means anyone with "mailbox.enablesendermismatch=1" can fake sender address.
*) The best solution for you should be: use default Postfix setting configured by iRedMail, and replace "reject_sender_login_mismatch" by "reject_unauthenticated_sender_login_mismatch". Reference: http://www.postfix.org/postconf.5.html# … strictions
*) No plan to use "reject_unauthenticated_sender_login_mismatch" as default value.
I "think/guess" most users just check "From:" address to see who sent this message, and mail clients (Outlook, Thunderbird, etc) doesn't show the real sender (shown in mail headers) at all. Consider this situation: all users under your domain can send out emails as another one, even as your boss (use your boss's email address in "From:") ...