In case this post helps anyone...

reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner;
or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.

smtpd_sender_login_maps (default: empty)
Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses.
Specify zero or more "type:table" lookup tables. With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following search operations are done with a sender address of user@domain:
1) user@domain
    This table lookup is always done and has the highest precedence.
2) user
    This table lookup is done only when the domain part of the sender address matches $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
3) @domain
    This table lookup is done last and has the lowest precedence.
In all cases the result of table lookup must be either "not found" or a list of SASL login names separated by comma and/or whitespace.

sender_login_maps.cf default code with iRedMail-8.0.3: