I have noticed a header called Authentication-Results: when mail is forwarded from gmail to my server, but any mail sent directly sent to the ISPConfig server does not have this header?
spf is checked by amavis/spamassassin automatically and becomes part of the overall spam score of an email.
Ok, also is it normal for the root user to go into any mailbox via command line and see the content of any email?
Emails are normally not stored encrypted on mail servers as the only way to encrypt them securely would be that the email client is doing that and not the server. Any serverside encryption would be decryptable on the server itself as the server software would need to have the key in that case and when the key is on the server, then the server software and also the server administrator are able to decrypt the emails.