This is typically done by exporting the user list as aliases:
All nonexistent addresses would therefore be rejected as unauthorized
What if the users have authenticated do they have relaying privileges?
The mail will be accepted, but subsequently bounced.
Another question is - can courieresmtpd validate existence of addresses
provided in mail from: in the same way as it validated rcpt to: ?
Can you please answer my last question - can (are) domain in rcpt to:
validated the same way as those in mail from:, when BOFHCHECKDNS is set?
So the users wouldn't send mail to nonexistent domains...
No. Historically this originated as an easy way to reject junk mail with a
randomly-generated return address. There was never a need to do a DNS lookup
on the recipient's domain. That's where that came from.