Error: MTA-STS policy is missing; do I need a "_smtp._tls.your-domain" record in the external DNS?

I get under status checks the error message “MTA-STS policy is missing: STSFetchResult.NONE” for both mydomain . de and box. mydomain. de.

However, under “https: //mta-sts. mydomain .de /.well-known/mta-sts.txt” and “https: //mta-sts .box. mydomian .de /.well-known/mta-sts . txt” (I put in spaces because as a new user I am allowed only two url) I can access the relevant txt files without error.

Under esmtp.email/tools/mta-sts I get the following answers:

  • MTA-STS TXT DNS response contains zero answers
  • TLSRPT TXT DNS response contains zero answers
  • DNS answer for MX record not protected with DNSSEC
  • box. mydomian. de presented a valid TLS certificate

I use mail-in-a-box version v60.1 .

In the thread Digging into STSFetchResult.FETCH_ERROR I read that I should add a DNS-record like "
_smtp. _tls. your-domain TXT “v=TLSRPTv1; rua=reporting-address” in the external DNS.

Is this additional DNS-record really necessary? Main-in-a-box gives me the impression that I should indeed only do what it tells me to do. In external DNS, such an additional record is not given to me and it is not recommended. On the other hand, as I said, I get the above error message, so I think I should fix it. In fact, I would like to fix it. Or does the problem and its solution lie somewhere else?

When did you install the box? This error is often reported just after installation and is usually automagically resolved after a day or so.

I installed the box three weeks ago. However at that time I tried to do it with the internal nameservers from MiaB recorded in the DNS of my provider. That didn’t work because my tld requests different nameservers from different IP-adresses.

Three days ago I changed the DNS setting to the nameservers of my provider and copied the external DNS information in the controlpanel of the provider. Two days ago I provided the Let’sEncrypt-certificates for all servers on my MiaB.

I am terribly sorry. I made a newbie mistake. I forgot to enter the two entries _mta-sts and _mta-sts.box from the External DNS list into the DNS of my provider. Now the error is fixed.

Please excuse me for asking an unnecessary question here.

The problem is solved.