This may be off topic, so I will not include postfix config for the moment.
Should I be using different certs for Postfix smtp (25) and submission
(587)? Is this even possible in Postfix?
Should Dovecot imaps (993) be using a different cert from Postfix?
The question was if the Cert+Key are compromised how does this affect
What are the effects for submission, imap? As users have to login for
both submission and imap, is the problem the possibility of a MITM?
How would one recognize such an attack?
Is the solution simply to change/update certs on a regular basis?
I suspect I have over thunk myself into a corner on this.