I use the certificate(s) generated by certbot for email as well as web.
There are two ways to use an x.509 certificate on an email server. The email server can use the certificate to authenticate itself and encrypt incoming connections via “STARTTLS” for receiving email, or it can present the certificate in client mode when making connections to MX port 25 for transmitting outgoing email.
Both practices seem to be a good idea, but it does not (yet) seem to be practical at this time to require the foreign server to present a valid certificate in client mode when accepting connections on port 25 for incoming email. On the other hand, there seems to be very little problem refusing plaintext emails and requiring the foreign server to use some form of TLS encryption, even if it is not configured to present a valid certificate in client mode.
On the one hand, very few spammers bother with TLS at all, and on the other hand, almost all legitimate email-sending servers are capable of some form of TLS these days.
It seems to be a more prevalent practice to sign email headers with DKIM, rather than x.509 certificates in client mode for TLS, but the DKIM public keys are published via DNS, and are not generally signed unless one is using DNSSEC, so they are vulnerable to DNS poisoning attacks.
Are there better ideas or general pointers on these practices?