Mail Spoofing altough SPF / DMARC are deployed

Greetings,

Please your support with this. We have a current mail spoofing attack. Some from an external IP is using our mail relays to send inbound spoofed messages.

Ill copy the header and I dont understand why Exchange let them in altough we have Sender ID / SPF / DMARC

Received: from xxx.xxxxx.xxx (Internal IP adress) by xxxx.xxxxx.xxx
 (Internal IP adress ) with Microsoft SMTP Server (TLS) id xx.x.xxx.x; Wed, 16 Mar
 2016 11:43:13 -0500
Received: from [178.175.49.131] (178.175.49.131) by xxx.xxxxx.xxx
 (Internal IP adress) with Microsoft SMTP Server id xx.x.xxx.x; Wed, 16 Mar 2016
 11:43:08 -0500
From: <Organization email>
To: <organization email>
Subject: Document2
Thread-Topic: Document2
Thread-Index: AdF+sJZYKtxaTvOhSFC+rMKD/CUwyg==
Date: Wed, 16 Mar 2016 17:43:09 +0200
Message-ID: <71C97C63C7AD64656424264EC@BORO-SBS.boro.local>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.x.xx]
Content-Type: multipart/mixed;
    boundary="_004_300621BC94B77642BC430B054CFFEC9C4A08FF5DBOROSBSboroloca_"
MIME-Version: 1.0
Return-Path: Organization email
X-MS-Exchange-Organization-PRD: myexchange
Received-SPF: Fail (xxx.xxxxxxxx.xxx: domain of xxxx@xxxxx.xxx
 does not designate 178.175.49.131 as permitted sender)
 receiver=xxx.xxxxxx.xxx; client-ip=178.175.49.131; helo=[178.175.49.131];
X-KSE-ServerInfo: xxxxx.xxx, 9
X-KSE-AntiSpam-Interceptor-Info: scan successful
X-KSE-AntiSpam-Version: 5.5.9, Database issued on: 03/16/2016 16:28:08
X-KSE-AntiSpam-Status: KAS_STATUS_NOT_DETECTED
X-KSE-AntiSpam-Method: none
X-KSE-AntiSpam-Rate: 55
X-KSE-AntiSpam-Info: Lua profiles 93080 [Mar 16 2016]
X-KSE-AntiSpam-Info: LuaCore: 415 415
 56d27afa4611b5fc17406ce7708f83a66d615280
X-KSE-AntiSpam-Info: Version: 5.5.9.3
X-KSE-AntiSpam-Info: Envelope from: xxxxx@xxxxx.xxx.xxxx
X-KSE-AntiSpam-Info: {relay has no DNS name}
X-KSE-AntiSpam-Info: 127.0.0.200:7.1.3;domain:7.1.1;127.0.0.199:7.1.2;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;178.175.49.131:7.3.4
X-KSE-AntiSpam-Info: Auth:dmarc=fail header.from=domain
 policy=reject;spf=fail smtp.mailfrom=domain;dkim=none
X-KSE-AntiSpam-Info: {rdns complete}
X-KSE-AntiSpam-Info: dmarc_local_policy_1
X-KSE-AntiSpam-Info: Rate: 55
X-KSE-AntiSpam-Info: Status: not_detected
X-KSE-AntiSpam-Info: Method: none
X-KSE-AntiSpam-Info: Moebius-Timestamps: 4015174, 4015198, 0
X-KSE-Antiphishing-Info: Clean
X-KSE-Antiphishing-Method: None
X-KSE-Antiphishing-Bases: 03/16/2016 16:32:00
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus Fail;OrigIP:178.175.49.131
X-MS-Exchange-Organization-AVStamp-Mailbox: KasprLab;28094;0;0
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-SenderIdResult: FAIL
X-MS-Exchange-Organization-AuthSource: xxx.domain
X-MS-Exchange-Organization-AuthAs: Anonymous
X-Auto-Response-Suppress: DR, OOF, AutoReply

Deal