I have a mail server that has a self signed SSL certificate.
I use Thunderbird to access this server, and it asks me to accept this certificate.
So lets say I accept this in a semi secure location, for example on a local network. Then move on to an insecure net with my certificate accepted in Thunderbird email client.
Thunderbird is set to use STARTTLS to the email server.
Is it so that once this certificate is accepted, it is impossible to do a man in the middle attack. For somebody to make use of this public self signed SSL certificate they also need a private key that the mail server keeps?
The red flag is if Thunderbird one day suddenly wants me to accept a new certificate from the mail server.
That is correct. An attacker cannot fake being the remote server unless they have the private key that matches what the client is using.
Problems remaining include brute-forcing the certificate (basically not going to happen), stealing the private key from the server, or exploiting a software vulnerability (that would probably affect "real" certs exactly the same as self-signed certs).
For verification of a known certificate, a self-signed certificate that you are confident in when you accept it is as good as anything else. PKI / signing chains make distribution and revocation much simpler, but are not critical to maintaining the authentication of a key. They just help the simplicity and tracing. That matters in the public and with large companies. If you're just talking about your private mail server, I do the exact same thing with a self-signed certificate.
You should strongly consider getting a free SSL Cert if you control the domain. There are a couple provides of free certs.
The "accepted" cert in Thunderbird pairs the hostname by which you referenced the server with the thumbprint of the certificate. So a MITM attack would be nigh impossible without solving the DL Problem. This assumes you picked a reasonable bit length (2048 or 4096 these days; though arguments could be made for 1024).
PKI Keys are only ever useful if you have both the private and public key. Yes, new warnings about certificate errors should always be reviewed with the utmost discernment.
If you trust the original certificate you imported into Thunderbird, then this will be used for all subsequent connections to the server matching the CN in the certificate.
Since the self-signed cert does not overlap with anything issued by a public CA, there are exactly 2 cases where a new certificate will be requested from the (possible compromised or spoofed) server:
The second case can occur sooner than you think: if you are on a dynamic IP, and somehow connect to the IP and not the hostname, it won't match.