*) Your solution with SQL structure modification is worse. With "mailbox.username='%s' OR mailbox.enablesendermismatch=1", it can bypass mailbox.username, that means anyone with "mailbox.enablesendermismatch=1" can fake sender address.
It was actually the wanted behavior.
In default iRedMail config you cannot sent email as any other address then mailbox.username / even if you have the wanted email as alias of your own mailbox.
It sounds for me very limiting and close to wrong (I could imagine different usernames, not in form of email address).
*) The best solution for you should be: use default Postfix setting configured by iRedMail, and replace "reject_sender_login_mismatch" by "reject_unauthenticated_sender_login_mismatch". Reference: http://www.postfix.org/postconf.5.html# … strictions
This will give the possibility to fake email address to all authenticated users. It sounds to me far worser than allow it to some users / on top, my solution allows to fake the address only in the same domain.
*) No plan to use "reject_unauthenticated_sender_login_mismatch" as default value.
I "think/guess" most users just check "From:" address to see who sent this message, and mail clients (Outlook, Thunderbird, etc) doesn't show the real sender (shown in mail headers) at all. Consider this situation: all users under your domain can send out emails as another one, even as your boss (use your boss's email address in "From:") ...
Sure it's not a good thing in general. Thus I try to allow it only for specific users.
Perfect solution would be to allow mailbox.username to sent emails as all aliases bound to the mailbox...
Could you point me in the correct direction of how to implement it? I would be glad to implement it and post the results to you.
I understand /etc/postfix/pgsql/sender_login_maps.cf does the check between mailbox.username and MAIL FROM. So is somewhere list and description of all substitutions done in the query? What's the meaning of '%s' and '%d'