As I wrote - I set force_TLS:
DISCOURSE_SMTP_FORCE_TLS = true
and ENABLE_START_TLS explicitly to false… then mail sending works - provided the mail server runs on 465.
With mail servers running on 567 - it must be exactly the other way around.
Since then, I have a notice on the dashboard in the backend… but mail sending works without problems.