MTA-STS policy is missing: STSFetchResult.NONE after 2 days of install

Hi there,

I would be very gratefuf for your help, if possible.

I have installed MIAB in a new server. Everything is running fine, and I am also using CloudFlare, where I have not proxied entries related to MIAB.

But that error “MTA-STS policy is missing: STSFetchResult.NONE” still being displayed by MIAB, despite I am able to send and receive e-mails.

Do you have some idea about that, please?

P.S.: currently, also, the message “Nameserver glue records ( and should be configured at your domain name registrar as having the IP address of this box (MY_SERVER_IP). They currently report addresses of [Not Set]/[Not Set]. If you have set up External DNS, this may be OK.”. Is this OK?

I’m using Mail-in-a-Box with external DNS, and I also got the MTA-STS policy is missing error. However, Mail-in-a-Box wasn’t generating the MTA-STS records in the first place. I think it’s a bug. Here’s my workaround:

  1. Export the relevant DNS A records from Mail-in-a-Box and load them into the real DNS server (LiveDNS in my case).

  2. Request certificates for the above hostnames via

  3. Re-run sudo mailinabox but do not change anything.

  4. Export the remaining DNS resource records from Mail-in-a-Box and load them into the real DNS server. This will include the _mta-sts TXT record(s) for your domain(s).

You can verify that everything worked using MTA-STS Validator.

If you’re using Mail-in-a-Box to host your DNS zone data, then no. That’s not OK.

If you registered your domain with Gandi, for example, you’d follow these instructions to create the required glue records: What are Glue Records and How Do I Use Them With Gandi Domains. Your registrar should have similar instructions on their website.


Thank you so much for your answer.

So, but the problem is that I already exported all DNS entries from MiAB and added them to CloudFlare.

Regarding certificates, MiAB still saying at that some certificates are missing.

But I am almost sure that is correct, because the mentioned domains are the main ones, for which I already have A entries (at CloudFlare) pointing to the correct server.

Well, I am really lost here. :frowning:

My first attempt at giving an answer…
There seems to be an order of operations that need to followed.
Add the account in MiaB (this creates the external DNS information)
Load DNS information at your DNS server
[this is when I always get the error that you are posting about]
then go back to TLS Certificates page; there should be a list of certificates that MiaB knows it needs to create. Click the button that says to create them.
Now you get the mta-sts code listed in the external DNS settings (which as I understand it can actually be anything but MiaB likes it much better if you use its code; and it is the same for every one of the domains you host in MiaB). Grab the text string and paste it at your DNS.
Then give it a bit and re-run your Status Check; should be good to go.

What I don’t know is if I could have had MiaB provision the certificates before I loaded the external DNS information. But for some reason it seems I always do it in this order.

P.S. I don’t have to run sudo mailinabox to get the error to go away if I follow this order of operations


Thank you so much for your help.

So, but I really don´t understand what is happening, because the account is the main one, i.e., the account created during the MiAB install proccess (with administrative rights).

Also, if I go to check the SSL certificates page, the only domains the system says that there are no certificates installed are the main ones, i.e., the entries related to the domains hosted in another server, for which I use CloudFlare.

There I can see that there’s a button to install certificates. But I don’t know if doing that will cause any change. Or, if doing that will cause any harm.

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.