MTA-STS policy on Migadu
·1 min
After self-hosting Mail-in-a-Box for a few months, I ended my experiment and moved to Migadu so as to let more experienced folks manage this critical infrastructure for me.
As part of that migration, I learnt that MIAB sets up an MTA-STS policy and Migadu, by default, doesn’t guide you to do that. That led to Gmail failing to send emails to me because it was caching the older but no longer valid policy.
Here are some links that helped me fix that:
- https://easydmarc.com/tools/mta-sts-check - I used these to both generate the records and test them once setup.
- https://365labs.cloud/blog/mta-sts-using-cloudflare-workers - fantastic/simple tutorial to set this up as a Cloudflare worker.
- It’s also a best practice to setup a
_smtp._tls
TXT record.- Setup guide: Step 4 here: https://support.google.com/a/answer/9276512?sjid=8610881763154163115-NA
- Validate here: https://www.mailhardener.com/tools/tls-rpt-validator?domain=ketanvijayvargiya.com - this also has an MTA-STS checker to double-check my records from earlier.