As this page[1] describes a more often occurring problem of forwarding messages from servers that are not included in the spf records. Maybe there should be a plugin that offers this forward functionality. Something like
get the spf records of the sender check if there is a -all then apply the sender substitution. https://doc.dovecot.org/configuration_manual/sieve/configuring_auto_forward_sender_address/
