==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.7 MYSQL edition.
- Linux/BSD distribution name and version: Ubuntu 16.04.3 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache2
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm using the mailing list system by iredmail (https://docs.iredmail.org/sql.create.mail.alias.html) to send newsletters via it.
So I have created a mail alias account as explained there and set the access policy to "moderatorsonly". Let's assume this mail alias account is called "newsletter@mydomain.com".

I noticed with other unrelated eMail-addresses on my iRedMail server, that they happily accept spoofed eMails. I tested it with this tool
https://spf.guru/tools/spoofing/

Therefore let's assume the following: One of the moderators of the list is sirpumpkin@mydomain.com. Now if someone spoofs this eMail-Address and sends with the spoofed address sirpumpkin@mydomain.com to newsletter@mydomain.com, he could abuse it to send spam as a newsletter over my iRedMail server to everyone in the mailing list.

Is there any way to prevent this? I'm worried that someone will find out about this and send spam over the newsletter mailing list. Thank you.