Hi,
I created a test MIAB server with the default setting (box.mydomain) and enabled MTA-STS in force mode with a TTL of one week. Later, I rebuilt the MIAB server with the proper subdomain (mail.mydoman), after which I stopped receiving emails from Gmail. However, other providers like M365 have no issues.
I have TLS reporting enabled and finally discovered that Google still caches the old MTA-STS policy. Even after I updated the MTA-STS ID to notify of the policy change, or even deleted the MTA-STS, nothing worked.
I receive bounce messages from Gmail stating, “The MX host does not match any MX allowed by the STS policy.” Additionally, Google’s TLS reporting still mentions: policy-string":[“version: STSv1”,“mode: enforce”,“mx: box.mydomain”,“max_age: 604800”].
I then tried changing the MX to box.mydomainand creating an A record identical to mail.mydomain, but it still didn’t work. The report then stated, “The certificate is not valid according to the STS policy.” From the syslog, I see the following error: “lost connection after STARTTLS from mail-yb1-f172.google[209.85.219.172].”
Any ideas, please? Or will I have to wait 7 days until the TTL expires?