You are mixing two sets of API endpoints here, both of which require a separate token. Try leveraging the matching Graph API scopes instead:
https://graph.microsoft.com/IMAP.AccessAsUser.All
https://graph.microsoft.com/SMTP.Send
https://graph.microsoft.com/POP.AccessAsUser.All
This way you will still have all the required permissions, but on a single endpoint, so a single token is needed.