sXi’s suggestion should work, but users will be taken away from your own domain. This breaks the illusion of self-hosting.
You can also just add a subfolder “domain.com/webmail” and redirect it to https://webmail.domain.com. Though to cover users who use both http and https, you will also need to select Secure Hosting (not compatible with free CloudFlare), so they can go to either http://domain.com/webmail or https://domain.com/webmail. Secure Hosting by itself does not require a unique IP, only a trusted certificate does - and no DreamHost-hosted webmail has that anyway. Secure, just not trusted.
In my case, I want a signed certificate for the assurance of my users - to eliminate the certificate errors. So, I:
1 - Installed my own copy of webmail at domain.com/WebMail (yea, I like the URL fancy),
(1b - created the folder domain.com/webmail with a redirect to https://www.domain.com/WebMail,)
2 - Enabled Secure Hosting on domain.com,
3 - Added a unique IP for a later trusted certificate (which also simplified setup before transferring DNS, since I already had a skeleton site elsewhere),
3 - Disabled the DreamHost webmail,
4 - Set up the domain webmail.domain.com as a forwarder to https://domain.com/WebMail,
5 - Enabled Secure Hosting on webmail.domain.com.
This works for now. I’ll see if it continues without issues after adding a trusted certificate, which I haven’t done yet.
Until #5, http://webmail.domain.com worked, but I got a “bad_httpd_conf” error when trying https://webmail.domain.com.
If someone has a better/simpler option, please add it to the thread. It seems the suggestion for purchased trusted certificates for the normal https://webmail.domain.com was rejected for lack of votes.