Thank you for your very detailed response. As far as I understand, it should primarily support PFS and choose that kind of ciphers with higher priority. Ciphers with a higher encryption should in general always be priorized. Older ciphers don't have to be banned, unless they are considered insecure (because of outdated/depricated) or flawed.
I did some online testing with a online smtp ssl checker: it showed PFS were not supported, but after enabling mercurys session logging I've seen that:
ECDHE-RSA-AES256-SHA, SSLv3, Kx=ECDH, Au=RSA, Enc=AES(256), Mac=SHA1
DHE-RSA-AES256-GCM-SHA384, TLSv1.2, Kx=DH, Au=RSA, Enc=AESGCM(256), Mac=AEAD
ECDHE-RSA-AES256-SHA384, TLSv1.2, Kx=ECDH, Au=RSA, Enc=AES(256), Mac=SHA384
are often negotiated for encrypted communication. These are PFS ciphers. So the online testing doesn't seem to be reliable.
The person of the Data Protection Authority we are in contact with is an IT-Professional. I've heard from him that he had already contact with other mail server developers to help them out with all these issues. I've heard also that they have their own software for testing purposes. My suggestion: I will get in touch with him, show him this thread and ask him to get in direct contact with you. I think that would make more sense.
Thanky you very much in advance.