Perhaps the line `pki domain.tld key "/etc/mail/tls/smtpd.key"` should be `pki domain.tld key "/etc/smtpd/tls/smtpd.key"`? There is no mention to that directory above this line!

You are correct, I'm translating most of this from OpenBSD setups so occasionally a platform specific path like /etc/smtpd vs /etc/mail this gets by me.

What are the ports which I need to open? For receiving and sending emails