How to prevent email spoofing in Zimbra 8.7.x?

[netseeker]

I have Zimbra 8.7.6GA (8.7.6.GA.1776.UBUNTU14.64 UBUNTU14_64 FOSS edition) and I wanted to hardening it in a way that no anonymous user could send email or
no one can spoof our domain to send email on behalf of someone else.
For that reason I've followed following links :

https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5

https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses


These solutions work to some extends but not 100%.

They don't work while the user uses thunderbird and trying to edit the From field in the email, which means thunderbird will send this somehow malformed message to zimbra and zimbra send the email to the user without any second thoughts.

I desperately looking for a solution here. I don't know where to look should I focus on spamassassin or postfix or is it just zimbra's configuration?
I just want to stop my internal users and I don't care about other domains spoof messages.
Please help me to prevent other users spoof their original emails.

you can see a screenshot of thunderbird here : https://imgur.com/4B62i1B
Best.