OK, thanks for pointing to the DNS setup.
You can actually setup an alternate DNS server for a specific domain there, so I just needed to override my current (provider's) DNS servers for my reverse DNS zone (xx.xx.in-addr.arpa).

In my case, with only 2 internal mail servers relaying to the ESA, host entries would have been a simpler and more robust way to do it, but the DNS override does the job.

My outgoing Received headers now look pretty. :)

You can actually setup an alternate DNS server for a specific domain there

That's news to me, but I haven't looked at those settings for several years.

My outgoing Received headers now look pretty.

But if your IP addresses are indeed RFC1918, then anyone looking up the host name in those pretty headers will either get an address they can't use, or the name simply won't resolve. Either way, the correctness of the situation is debatable. At least "unknown" is correct from an external point of view.

If you're using publicly routable addresses then the question becomes, why won't your ISP either put in correct PTR records for you or delegate to you?

Yes, these are RFC1918 IPs.

My view on this is that Received headers are only here as a diagnostic tool.
No one is supposed to try to hack back to a random intermediate mail relay.

The "unknown" hostname just seemed to point to a misconfiguration, so I'd rather have a clean header.

No one is supposed to try to hack back to a random intermediate mail relay.

No, but it is reasonable to expect the recipient to verify the path for any one of several reasons. Tracing back to a name that won't resolve could cause consternation or suspicion.