Hmm - when using elliptic curve algos like X25519 / x448 I don't think dh params are needed/used any longer - are they?
And if they were being used (with rsa or whatever), aren't finite field like ffde4096 (a la rfc 7919 [1]) the preferred choice?
If were me, I would completely eliminate any RSA certs anyway - there's no longer any need to use them at all. it depends on what usage is configured. true if using TLS v >=1.3 or EC only.
it's unclear 2 me what specific certs/configs are being used by the OP. if no, or a too weak, DH parameter is provided, and any DHE cipher suite is config as available for use, OpenSSL will refuse to perform any handshake that uses it.
i don't know atm what checks are IN Dovecot 2.4.1, and whether they exercise the config _options_ beyond the particular certs in use.
in any case, since it's a first guess, checking bit depths where the error is 'too weak', seems an easy check.
as for getting rid of RSA, that's an available choice. it's not "100%" viable. whether one cares is a different issue, depends on your use case