I'm no RFC expert by any means so not sure if the topic is covered or not but IMO email that comes in from the outside & is forwarded automatically by the server should not have the original sender's email address in tact as far as the SMTP conversation is concerned. Here's why:
1. As you pointed out, with SPF & other anti-spam tests done it will likely get rejected and bounce.
2. Really bad thing is the bounce goes to the original sender who has no idea your box is being forwarded. Causes confusion & likely considered a privacy/security leak of info since they now know the address you're forwarding to.
3. Your server can easily be blacklisted for appearing to spoof the original sender.
Because of these reasons (and possibly others I've missed) I'd agree for hMailServer to have an option to change the SMTP 'From' address (not changing the From in the headers as shown in meail but the address used in the SMTP conversation) that is used. Ideally would be configurable as:
Rewrite forward sender as:
( ) Leave original sender
( ) Use address being forwarded
( ) Server Postmaster
( ) Domain Postmaster
( ) Custom: [ ]
Perhaps overkill in options, just brainstorming.
Btw, in general as someone who manages mail server I've long been against forwarding to outside domains for many reasons (like listed above) but in particular because it blindly forwards everything including spam & is just begging to get you blacklisted. Charter has banned us a few times & I eventually disabled forwarding options in the web admin for end-users & was done with it.
But yeah it is a useful thing if used sparingly but it isn't very useful if the place you're forwarding to blocks the messages.