Ok, so you’re using external DNS (Gandi)
One thing to check while you wait for propagation: check that the dns entries for mta-sts are presenr and correct at your DNS provider.
Just an update, pfsense’s weird NAT bug and my dual-wan setup was causing the issues. Note for future people with issues, try creating an alias for the required ports instead of creating the rules one by one.
MTA-STS problem has mysteriously resolved itself after about 2 days, it’s still not working properly but that’s due to my nginx gateway not properly forwarding SSL right now.
Topic can be closed, thanks everyone for the help.
1 Like