This may be off topic, so I will not include postfix config for the moment.
Should I be using different certs for Postfix smtp (25) and submission
(587)? Is this even possible in Postfix?
Should Dovecot imaps (993) be using a different cert from Postfix?
The question was if the Cert+Key are compromised how does this affect
the system.
What are the effects for submission, imap? As users have to login for
both submission and imap, is the problem the possibility of a MITM?
How would one recognize such an attack?
Is the solution simply to change/update certs on a regular basis?
I suspect I have over thunk myself into a corner on this.
