Hi, thank you for the answer, and sorry for the late reply :( …

I analysed the logs thoroughly, and I can confirm my SMTP server hasn’t sent any email aside the legitimate ones.
And u/voracitude 's answer confirmed my thoughts, being that the emails were sent from somewhere else.

I don’t think it’s that much unusual to use a “small” domain for spoofing: SMEs are “easy targets” usually, and if the recipient’s anti-spam isn’t configured properly then the attackers could benefit from a domain which may be small but has a good reputation.

@voracitude Thank you very much! This confirms my worries, not much can be done…

@wintermute_oregon
I tested on Mxtoolbox, it shows my server isn’t an open relay.

@intelisense
Those are properly configured, I get a 10/10 on mail-tester dot com, as well as everything validated on mxtoolbox.

@TheBaldness
What type of error is it? Time-out, blocked, … ?

@TheBaldness
When opening the developer tools and going to the Network tab, are there errors? (refresh the page to be sure everything appears in the tab)