Errror MTA-STS with External Spamfilter (via MX)

blixa1977 · December 11, 2020, 10:51am

Hello,
after upgrading to 0.51 i cannot receive mails from hosts like gmail.

background: i have set up an external spamfilter which routes the clean messages to my “box”.

after some time the sender gets an error:
The MX host does not match any MX allowed by the STS policy

i´ve changed the mta-sts.txt in the “.well-known”-directory manually
to:
version: STSv1
mode: enforce
mx: mx1-eu.mtaroutes.com
mx: mx2-eu.mtaroutes.com
mx: mx3-eu.mtaroutes.com
mx: mx4-eu.mtaroutes.com
max_age: 604800

but i still get no mails from google mail…

How can i disable this feature, if this won´t work?

thank you

openletter · December 11, 2020, 1:50pm

Is there anything in the MiaB logs?

If you want to disable MTA-STS, one way to accomplish this is to make a custom TXT record for

_mta-sts.example.com

in the Custom DNS page of the MiaB admin dashboard. The record can be almost anything and sending servers will declare the MTA-STS policy invalid, because custom DNS records in MiaB automatically overwrite the records that are automatically configured by MiaB.

However, I would suggest working with whatever is providing your external spamfilter to support MTA-STS. I’m pretty sure if whatever that is doesn’t support MTA-STS, they will lose a lot of users.

alento · December 11, 2020, 5:08pm

I am just guessing as I have not followed MTA-STS closely …
but what happens if you change mode from enforce to testing ?

faisal · December 14, 2020, 10:45pm

moving to testing should work, so would changing the MX on the policy. MTA-STS is heavily cached so it may take a few days to catch up