It's rather simple: you need the hostname used by a TLS client in your certificate. But as this differs per situation:
- For a MTA (mail tranfser agent) connecting to the MX record through SMTP you need the hostname of the MX record in your certificate
- For a MUA (mail user agent), you need to add the hostname which is entered by the user in their MUA to your certificate. If you use separate hostnames for SMTP and/or IMAP (i.e.,
smtp.example.comfor the SMTP server andimap.example.comfor the IMAP server), you'll need to add both to the cert.