There are several: the global one is /etc/letsencrypt/cli.ini and there's one per existing certificate in /etc/letsencrypt/renewal/ (though those are overwritten when you renew with specific options). You can also place renewal hook scripts in the directories under /etc/letsencrypt/renewal-hooks/.
If systemd is present, service seems to act as a backward-compatible wrapper around systemctl. So it should be possible.
However, if systemd is present, the cron entry installed by the certbot package is ignored in favour of the systemd timer, so modifying it won't do any good.
It would be better to update the renewal configuration file(s), as that works no matter which scheduling method is used.
The recommended way to do that is to run certbot again with the correct options so that they get saved automatically to the per-certificate renewal config files. For example:
sudo certbot renew --force-renewal --deploy-hook "service postfix reload; service dovecot reload"
The --force-renewal option is needed to force it to renew immediately so that it will save the new configuration (normally it skips certificates that aren't close to expiry), and --deploy-hook is slightly better than --post-hook here because it only runs after a successful renewal. If you have multiple certificates you should add the --cert-name option to tell certbot which one you want to update.