You can only install one cert per IP (website), I am assuming both addresses would point to the inside? If that is the case I would buy a cert for mail.domain.com and then make an internal DNS alias for mail.domain.com for your internal users to use.
You don't need a cert for your ASA just your IIS Server
-Buy web cert for *.domain.com - wildcard cert
-setup DNS alias for mail.domain.com on internal DNS server
-no web cert needed for your ASA