Life could be so easy without MS

It is true, that I quite recently switched servers, still, the problem
so far is only with the MS mailservers, which even on a technical level
is for un-understandable for me, since DNS, MX, A records all point to sa

There many ways to set the DNS up. When sending mail, the SMTP server
should announce itself with a fully-qualified domain name, which ideally
is the same as the reverse look-up of its IP. This appears to be the
case for your server.
The only (slightly confusing) thing is that the MX name is a completely
different name, but that should not cause any problem.

You might want to consider to use the 'a' or 'mx' setting in your SPF
record instead of a hard coded IPv4 address. If you enable IPv6 in
future or get a new IP address assigned then you don't have to update

If MS anti-spam gets upset 'coz, of my letsencrypt certificates, or
the mailservername != mx name, then I can only say, Goodby, free and
reliable, best effort Internet.

Does it? I'm using a Let's Encrypt certificate for SMTP and never had
any problems sending to a address, for example.
FWIW, your SMTP server does not use a Let's Encrypt certificate, it uses
a self-signed certificate which does obviously fail validation. Don't
know if some mail servers reject incoming mails because of that.

As mentiond above, mailservername != mx name should not be a problem.
But mailservername != reverse IP look-up might be.