Testing it seems when I put user who can't see all mails under admin group in ispconfig, it can see all mails.
admins can see everything, so admin is not a group. You basically disabled all permission checks for this login, so this is nothing you want to do.
seems as if some mailboxes are assigned to a wrong user then. The permissions of a record are defined by its sys_* columns in the database table.