Thanks for all the replies. I didn't have time to reply earlier. I went with my first proposed solution. Everything else is simply too much hazzle. You would have to set this for every single exception/address/user and so on and you cannot be sure that it doesn't bite you some time later with a tiny problem you didn't imagine at that time. For instance with domain affiliation of users.
Yes, this is a Postfix problem. I just thought first it belongs more to Dovecot because it is Dovecot's lmtp that does the final mailbox delivery. I changed the SQL code a few times and tried to convince Postfix to deliver to virtual users without a domain, but it didn't work. As soon as I remove the domain or have an account name like user@whatever Postfix uses user@$myorigin (even completely removing the whatever stub) and this might have created a problem differentiating users (for instance for domain quota). It only delivers to mailboxes without a domain that are transport "local". And I wanted to keep that domain "local", anyway.
I setup a stub dummy zone of "mail.localdomain" in Unbound which works as a wildcard and setup a fitting domain for that client. This works just like a normal domain. I can now reuse this wildcard for any more I might need it for.
Kai