MTA-STS bounce error from gmail after removing MIAB

Hi,

It’s been almost a week since I completely removed MIAB server and all DNS settings are updated with new email provider’s (yandex). My domain (kiral.net) successfully sends & receives email from any other providers like yahoo, icloud etc. but I cannot receive email from gmail and gives following bounce error:

“The MX host does not match any MX allowed by the STS policy.”

I saw another mta-sts related issue posted here:

Does anyone know what is happening here?

I appreciate any help.

Thanks.

I believe you probably need to remove the policy with GMAIL, by doing the mta sts steps again, then setting the mode to “none”, then hopefully gmails read it, and update the policy.

From what is happening right now, it seems your previous mta-sts policy is still being enforced.

Example of a policy to remove mta-sts

version: STSv1
mode: none
mx: mail.example.com
mx: *.example.net
mx: backupmx.example.com
max_age: 604800

https://www.uriports.com/blog/mta-sts-explained/

Thank you, I’ll give it a try.

Were you using MIAB internal nameservers? (the nameservers for your domain were pointing to ns1 and ns2.box.domain.com). If yes, all previous configuration should indeed have totally disappeared. I don’t see how anyone could still access it.

If you were using an external DNS configuration, check you correctly removed everything in your nameservers configuration.

It could be GMAIL which cached your previous MTA-STS (up to the “max_age” period defined) and still enforces it as Daveteu mentions. But in this case, as GMAIL isn’t reading your new config (unless there isn’t any, and that would be your problem), I don’t really see why it would read your “removal” request.

Or maybe there’s a problem with your new Yandex MTA-SLS policy, and it hasn’t anything to do with the previous MIAB.

Thanks for all help.

I reinstalled MIAB and changed to none as daveteu suggested, after a while gmail removed policy and it started working again.

Cheers.