Move MX record to its own subdomain

2026-05-11 16:34:39 +00:00 · 2024-11-22 13:50:38 +00:00
7 changed files with 19 additions and 22 deletions
--- a/.github/workflows/staging-ipv4.testrun.org-default.zone
+++ b/.github/workflows/staging-ipv4.testrun.org-default.zone
@@ -19,3 +19,4 @@ $TTL 300
 mta-sts.staging-ipv4.testrun.org.    CNAME   staging-ipv4.testrun.org.
 iroh.staging-ipv4.testrun.org.       CNAME   staging-ipv4.testrun.org.
 www.staging-ipv4.testrun.org.        CNAME   staging-ipv4.testrun.org.
+mx.staging-ipv4.testrun.org.         CNAME   staging-ipv4.testrun.org.
--- a/.github/workflows/staging.testrun.org-default.zone
+++ b/.github/workflows/staging.testrun.org-default.zone
@@ -19,4 +19,5 @@ $TTL 300
 mta-sts.staging2.testrun.org.    CNAME   staging2.testrun.org.
 iroh.staging2.testrun.org.       CNAME   staging2.testrun.org.
 www.staging2.testrun.org.        CNAME   staging2.testrun.org.
+mx.staging2.testrun.org.         CNAME   staging2.testrun.org.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,17 +2,6 @@

 ## untagged

-## 1.5.0 2024-12-20
-
- cmdeploy dns: always show recommended DNS records
-  ([#463](https://github.com/deltachat/chatmail/pull/463))
-
- add `--all` to `cmdeploy dns`
-  ([#462](https://github.com/deltachat/chatmail/pull/462))
-
- fix `_mta-sts` TXT DNS record
-  ([#461](https://github.com/deltachat/chatmail/pull/461)
-
 - deploy `iroh-relay` and also update "realtime relay services" in privacy policy. 
  ([#434](https://github.com/deltachat/chatmail/pull/434))
  ([#451](https://github.com/deltachat/chatmail/pull/451))
@@ -76,6 +65,8 @@
 - fix Dovecot quota_max_mail_size to use max_message_size config value
  ([#438](https://github.com/deltachat/chatmail/pull/438))

+- Move MX record to its own subdomain
+  ([#403](https://github.com/deltachat/chatmail/pull/403))

 ## 1.4.1 2024-07-31

--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -616,7 +616,12 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
    deploy_iroh_relay(config)

    # Deploy acmetool to have TLS certificates.
-    tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
+    tls_domains = [
+        mail_domain,
+        f"mta-sts.{mail_domain}",
+        f"www.{mail_domain}",
+        f"mx.{mail_domain}",
+    ]
    deploy_acmetool(
        domains=tls_domains,
    )
--- a/cmdeploy/src/cmdeploy/chatmail.zone.j2
+++ b/cmdeploy/src/cmdeploy/chatmail.zone.j2
@@ -7,10 +7,11 @@
 {% if AAAA %}
 {{ mail_domain }}.                   AAAA  {{ AAAA }}
 {% endif %}
-{{ mail_domain }}.                   MX 10 {{ mail_domain }}.
+{{ mail_domain }}.                   MX 10 mx.{{ mail_domain }}.
 _mta-sts.{{ mail_domain }}.          TXT "v=STSv1; id={{ sts_id }}"
 mta-sts.{{ mail_domain }}.           CNAME {{ mail_domain }}.
 www.{{ mail_domain }}.               CNAME {{ mail_domain }}.
+mx.{{ mail_domain }}.                CNAME {{ mail_domain }}.
 {{ dkim_entry }}

 ;
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -29,7 +29,7 @@ def check_initial_remote_data(remote_data, *, print=print):
 def get_filled_zone_file(remote_data):
    sts_id = remote_data.get("sts_id")
    if not sts_id:
-        remote_data["sts_id"] = datetime.datetime.now().strftime("%Y%m%d%H%M")
+        sts_id = datetime.datetime.now().strftime("%Y%m%d%H%M")

    template = importlib.resources.files(__package__).joinpath("chatmail.zone.j2")
    content = template.read_text()
@@ -49,18 +49,16 @@ def check_full_zone(sshexec, remote_data, out, zonefile) -> int:
        kwargs=dict(zonefile=zonefile, mail_domain=remote_data["mail_domain"]),
    )

-    returncode = 0
    if required_diff:
        out.red("Please set required DNS entries at your DNS provider:\n")
        for line in required_diff:
            out(line)
-        out("")
-        returncode = 1
-    if recommended_diff:
+        return 1
+    elif recommended_diff:
        out("WARNING: these recommended DNS entries are not set:\n")
        for line in recommended_diff:
            out(line)
+        return 0

-    if not (recommended_diff or required_diff):
-        out.green("Great! All your DNS entries are verified and correct.")
-    return returncode
+    out.green("Great! All your DNS entries are verified and correct.")
+    return 0
--- a/cmdeploy/src/cmdeploy/nginx/mta-sts.txt.j2
+++ b/cmdeploy/src/cmdeploy/nginx/mta-sts.txt.j2
@@ -1,4 +1,4 @@
 version: STSv1
 mode: enforce
-mx: {{ config.domain_name }}
+mx: mx.{{ config.domain_name }}
 max_age: 2419200