What does it mean to get an email from someone with a different actual sender?

I got a strange email and I just want to confirm my suspicions.

For background, I have my own email server which I set up using iRedMail on a VPS. I have an acquaintance who most likely has be on their address book, although I don’t have them on mine.

I got a highly suspect email with "Urgent! <acquaintance’s name>" as the subject, and a body that just said they need a favour. Looking at the headers of the email, I see that the Sender field is an unrelated university email address from another country, while the From field is my acquaintance’s name and a different email address than the one I had communicated with them in the past.

My hypothesis is that their account got hacked, the hacker stole their address book and is sending a scam to all of their contacts.

My fear is that my own server got hacked, or something. My email setup did not complain about this email even though I have virus scanning, and I expect that the regular checks (DKIM, SPF etc.) were done.

Can anyone confirm my hypothesis?