Indeed, that must be it. Your MX setup is fine, though there’s no point in proxying the “mail” subdomain unless you also want it to be accessible through a web browser and would like to proxy that web traffic through Cloudflare. The IP address will be exposed either way via the MX record as the warning on the dashboard shows.
Glad you were able to sort it out 