Incoming SMTP ports should never accept email from it's own domain.
As you can see from his post, his server did not accept an e-mail "from it's own domain":
Replies were sent to the Return-Path: header that is not in our domain.
"Return-Path" is an SMTP header generated by the MTA based on the what it received in the envelope. It's generally only created by an intermediate internal server that forwarded e-mail, thus changing the "From:" envelope address.
And, even a perfectly configured MTA that rejects any "From:" envelope address that is in a domain for which the MTA is an MX still can't stop phishers from forging the "From:" header, which is just part of the body of the e-mail. Unfortunately, the envelope address usually never gets to the MUA, so an e-mail can look like it's legitimately from an internal source. If you use an MUA like Outlook that hides all the technical info, it's easy to be fooled.