Well, that's because your supplier asked for this email to be rejected. To be more complete, they have published an SPF policy in their public DNS zone (we could check the exact policy if you gave the real domain name, but here we can't). Anyway, this policy lists the servers allowed to emit emails using their domain as sender. The policy also tells to reject any email which is not comming from one of the allowed servers (this is what the -all is for). Looks like you are receiving an email from an server which is not allowed, so your SME is correctly rejecting it.