I believe i may have found an issue with the generated dovecote configuration. when adding a domain it creates the correct configuration for the SSL per domain, however it seems to use ca_ssl for the intermediate certificate. I believe this is not used for this but for client certificates. Can the system be made to set the SSL_cert to use ssl.combined instead of ssl.cert for the domain? this would mean the intermediate cert is used correctly. Just spent 3 days working out why this was not working.
Dovecot SSL issues - Intermediate certificates