After having found and read through
I force-renewed my server's certificate with --preferred-chain "ISRG Root X1"
and triggered getting a mail from said server (it delivers Aldi Süd's Newsletter )
Apparently, the problem is gone now: The very same server now talked to my mail server. No error.
Did you mean that with "serving the short chain instead of the long one"? Sorry, I'm not really deep into SSL, until now, everything "just worked" …