Thanks for the quick reply.
I'd totally forgotten about the SSL aspect of this, I think I'll have to go with option 1. (Just set the MX record to mail.server.com for every client.) because I don't want folks ringing me up re certificate errors.
I don't really want to fork out for a wildcard certificate so I think when I move server I'll set up mail1.server.com, buy an ssl for mail1, shift the accounts, and then add mail.server.com CNAME mail1.server.com.
As part of the move I was looking to expand to a couple of servers, and move sites and email clients between servers as necessary to balance the load. I was hoping that by using option 3, that I could change the CNAME records and make the move transparent to the end customer. E.g.
Before: Client1's email boxes on mail1.server.com and mail.client1.com CNAME mail1.server.com
After: Move the client1's email boxes to mail2.server.com and do mail.client1.com CNAME mail2.server.com
Is there anyway to achieve this without getting certificate errors? Maybe a way to redirect (like a web 301) mail.client1.com to mail2.server.com. Basically, looking for a way to move some email boxes without having to trouble the customer.
Thanks for your help.