==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Ubuntu 16
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi!
I can send spoofed email:
1. Via roundcube
1.1. Login in roundcube
1.2. Change FROM address (owner@mydomain.com to spoof@mydomain.com)
1.3. Write email
1.4. When send email, then erro - spoof@mydomain not owned by owner@mydomain.com

2. I configured Outlook(or Thunderbird) - email owner@mydomain.com
2.1 Just change FROM in Outlook to spoof@mydomain.com
2.2 Send email with FROM HEADER = poof@mydomain.com without errors.....

In mail header i can see Authenticated Sender: real-email@mydomain , i tried solve this with /etc/postfix/header_checks:
/^From:/        IGNORE
/.*\(Authenticated sender:(.*@mydomain.com)/   PREPEND From:$1

But sometimes this working wrong and i have many bad addresses in FROM header

How solve this provlem? This is very important