Has anyone else had issues receiving emails from Office 365 or Outlook / Live Mail users when MTA-STS has been setup?
All tests I’ve run shows that my setup is good and I’m able to receive emails from GMail, GSuite Protonmail and other MTA-STS compliant email providers.
I can receive emails if I set the mode to “testing” in /var/lib/mailinabox/mta-sts.txt, but when I change back to “enforce”, no emails come in.
I get the below in the Office 365 Exchange message:
Reason: LED=450 4.4.317 Cannot connect to remote server [Message=451 4.4.8 MX hosts of ‘inoz.me’ failed MTA-STS validation.]
I’m not seeing anything in /var/log/mail.log as the TLS connection is not being established due to MS not trusting the connection with mode set to “enforce”
I’ve set a TLSRPT DNS record, which has Google sending me reports almost daily stating everything with my MTA-STS setup is happy, but no reports from Microsoft.
Uncle Google / DuckDuckGo doesn’t come up with much other than Microsoft recently implemented MTA-STS. I’m guessing either MS’s implementation may not be 100% correct, or, as my domain was recently using Office365 before moving back to MIAB, they may have some stale data about my domain hanging around.
Maybe get one of the throw away domain names being offered at discount for a yer(and then extortionate amount) add it to your MIAB and check if delivery is working.
I have decided to use a cheap domain for the primary/default domain name to make sure that something similar does not happen to me …
Thanks for the tip on the throw away domain. Best $1 I spent
In the end I resolved this by using MIAB as the primary DNS instead of setting up everything on external DNS providers due to the _mta-sts TXT record updating after config changes. I guess that record was out of sync, but the tests weren’t picking that up.