>>- any other mail servers on that /24 subnet xxx.xxx.xxx.000 to xxx.xxx.xxx.254
>
>I thought IP4 adresses are only internal and hidden toutside now, checked some headers - and yupp, some include IP4 adresses.
>Feels wrong, even if by itself it should not be a security risk, as NAT on the router should make that invisible.
>Still - as internal IP changes not often, it might identify specific PC with its internal adress to target that pc if surfing unsafe sites - or am I missing something ?

At the lower levels of the ISO stack, servers communicate with each other only via IP addresses. So the receiving server (first) knows the sending server's public IPv4 address. The receiving server can perform a reverse DNS lookup, and if that fails the message spam score is increased.

Not sure about your security concern. Most mail clients don't send mail directly, they talk to an SMTP mail server which sends mail on their behalf. The SMTP server may choose to include the original sending computer IPv4 address (e.g. NATted LAN IP) in the headers. I'm not sure if that's an RFC or other standard or if the server can be configured to not do that.