Not receive any email from Gmail due to MTA-STS TTL


I created a test MIAB server with the default setting (box.mydomain) and enabled MTA-STS in force mode with a TTL of one week. Later, I rebuilt the MIAB server with the proper subdomain (mail.mydoman), after which I stopped receiving emails from Gmail. However, other providers like M365 have no issues.

I have TLS reporting enabled and finally discovered that Google still caches the old MTA-STS policy. Even after I updated the MTA-STS ID to notify of the policy change, or even deleted the MTA-STS, nothing worked.

I receive bounce messages from Gmail stating, “The MX host does not match any MX allowed by the STS policy.” Additionally, Google’s TLS reporting still mentions: policy-string":[“version: STSv1”,“mode: enforce”,“mx: box.mydomain”,“max_age: 604800”].

I then tried changing the MX to box.mydomainand creating an A record identical to mail.mydomain, but it still didn’t work. The report then stated, “The certificate is not valid according to the STS policy.” From the syslog, I see the following error: “lost connection after STARTTLS from[].”

Any ideas, please? Or will I have to wait 7 days until the TTL expires?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.