I disagree, you should not set this to may. If a external server has DANE configured incorrectly, that's on them. The mismatch is also a security mechanism.
That's true, security mechanism using dns and the tlsa record. Some have not configured correctly, and if you use dane you may leave mails on the table. It is just not established everywhere.
If it's not set up it doesn't matter. But when it is set up your server respect that and not deliver if there is a mismatch.
Should be true, but I have seen too many failures. Just my two cents, you can set to may or leave as is with dane if you want to go the extra mile and want to have extra security. Unfortunately there are providers which try to force dane if or if not configured, and finally their emails would never reach you. I wish you luck that you will never have to deal with such companies who are not able to maintain a correct system.
Their emails will reach you, but yours won't reach them. Of course I have to deal with other companies that do not have their servers set up correctly, and ISPConfig already has some settings set to non-optimal values to deal with that. But how far shall we go?
ISPConfig is the best platform I have ever seen, and re your question how far you should go: It is all fine, and nevertheless, re other companies: (not all, just a few) THEIR emails will not reach me, although mine go through like a charm.