Hi
I presume to best support all(?) clients out there is to have "local_name" sections for SNI first and then "local" sections for IP address based certs. It is my understanding that SNI needs to be requested by the client, so aside from client bugs (nah, those don't exist ^o^) every client should get an appropriate response for TLS. Has anybody done a setup like that already?
Although not what you asked for, just so you are aware, Godaddy (boo hiss, etc) offer reasonably inexpensive multi subject alt name based certs. This means you can have a single cert which is valid for lots of completely different domain names. The mild benefit is that this doesn't require SNI support for SSL (which I'm unsure is supported by many mail clients?)
Although it's more expensive, I think it's a good solution (I'm using it for a small 5 domain installation)
Good luck Ed W
