mx record added and mail subdomain note

2 files changed, 10 insertions, 3 deletions

diff --git a/README.md b/README.md
index f08a3ae..0238a36 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,9 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
 1. Debian or Ubuntu server. I suited this script for
    [Vultr](https://www.vultr.com/?ref=8940911-8H) servers originally, but it
    works consistently on any normal setup.
-2. DNS records that point your domain to your server's IP (IPv4 and IPv6).
+2. DNS records that point at least your domain's `mail.` subdomain to your
+   server's IP (IPv4 and IPv6). This is required on initial run for certbot to
+   get an SSL certificate for your `mail.` subdomain.
 
 ## Mandatory Finishing Touches
 
diff --git a/emailwiz.sh b/emailwiz.sh
index 9e6c04a..4167f88 100644
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -331,6 +331,7 @@ pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p
 dkimentry="$subdom._domainkey.$domain	TXT	v=DKIM1; k=rsa; $pval"
 dmarcentry="_dmarc.$domain	TXT	v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1"
 spfentry="$domain	TXT	v=spf1 mx a:$maildomain -all"
+mxentry="$domain	MX	10	$maildomain	300"
 
 useradd -m -G mail dmarc
 
@@ -338,9 +339,11 @@ grep -q '^deploy-hook = echo "$RENEWED_DOMAINS" | grep -q' /etc/letsencrypt/cli.
 	echo "
 deploy-hook = echo \"\$RENEWED_DOMAINS\" | grep -q '$maildomain' && service postfix reload && service dovecot reload" >> /etc/letsencrypt/cli.ini
 
-echo "$dkimentry
+echo "NOTE: Elements in the entries might appear in a different order in your registrar's DNS settings.
+$dkimentry
 $dmarcentry
-$spfentry" > "$HOME/dns_emailwizard"
+$spfentry
+$mxentry" > "$HOME/dns_emailwizard"
 
 printf "\033[31m
  _   _
@@ -357,6 +360,8 @@ $dkimentry
 $dmarcentry
 
 $spfentry
+
+$mxentry
 \033[0m
 NOTE: You may need to omit the \`.$domain\` portion at the beginning if
 inputting them in a registrar's web interface.