Email and office tools - MTA-STS (Mail Transfer Agent Strict Transport Security) on Zimbra "Starter" e-mail account
BMPCreated with Sketch.BMPZIPCreated with Sketch.ZIPXLSCreated with Sketch.XLSTXTCreated with Sketch.TXTPPTCreated with Sketch.PPTPNGCreated with Sketch.PNGPDFCreated with Sketch.PDFJPGCreated with Sketch.JPGGIFCreated with Sketch.GIFDOCCreated with Sketch.DOC Error Created with Sketch.
Frage

MTA-STS (Mail Transfer Agent Strict Transport Security) on Zimbra "Starter" e-mail account

A
Von
account1815
Erstellungsdatum 2026-01-30 13:37:25 (edited on 2026-01-30 13:56:08) in Email and office tools

Does anyone have any idea how to set up
a] subdomain "mta-sts"
b] certificate for the subdomain "mta-sts"

on the FREE Zimbra "Starter" 15GB E-Mail account

so I can enable MTA-STS for my e-mail account as per instructions on
https://mxtoolbox.com/dmarc/details/mta-sts/what-is-mta-sts-record



I have asked this in the past post,
https://community.ovhcloud.com/community/en/mta-sts-on-free-web-hosting
but all 7 replies (inconveniently) are now invisible ...    
Positive Bewertungen (0)
12346 Ansichten
6 Antworten ( Latest reply on 2026-02-02 17:39:41 Von
account1815
)

Hello,

Are you sure that all sending and/or receving servers are capable of/configured for checking and enforcing your STS policy, if you defined any ?

 
Hilfreich (0)
A

What sort o question is this ;)
(Just because IPv6 is not so widespread there is no need to implement IPv6 ... mentality)?


Many of the home run actually are .... few major ones do so as well.


If there is a protocol (MTA-STS) why not to support it?
(How many man hours will it take for giant like OVH to get it implemented)?

There is 16k Amazon employees looking for work now

https://www.theregister.com/2026/01/29/amazon_layoffs/

 
Hilfreich (0)

MTA-STS implements an additional layer of security. There is always a chance that implementing it could make intercommunication inoperable and down times.

A general-purpose provider such as OVH doesn't require such high-level server authentication. They need to have the e-mail workflow working reliably.

What is your interest in complaining here ?

 
Hilfreich (0)
A

You are absolutely right = If It Ain't Broke, Don't Fix It mentality will not innovate,

(there could be a switch [MTA-STS] to turn it on or off again ;)
it would be nice to have a choice ....

 

 

There is always something broken with OVH :(

https://www.uceprotect.net/en/rblcheck.php?ipr=94.23.152.220

https://www.uceprotect.net/en/rblcheck.php?ipr=188.165.6.20

  • UCEPROTECT-Network-Spam.Database.Query-2026-02-02-188.165.6.20.png 3.54M
  • Screenshot-2026-01-30-at-08-41-07-UCEPROTECT-Network-Spam-Database-Query.png 2.93M
Hilfreich (0)

ok, then build your own mailserver with all bell ans whistles, and stop complaining here.

Moreover you are pledging allegiance to the worst crooks on the planet. (uceprotect)

Read about this:
https://www.reddit.com/r/sysadmin/comments/eur4ju/removal_from_uceprotectl3_blacklist/
https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html
https://www.trustpilot.com/review/www.uceprotect.net
Hilfreich (0)
A

I have running several instances of Mail-in-a-Box (MIAB) that are hosted

on several small VPS services (that ware willing to set up PTR record for assigned IPv4/6).

None of them has ever had a problem with UCEPROTECT-Network.

 

The fact that the Zimbra "Starter" 15GB E-Mail account is FREE and finally has 

implemented DKIM is great, MTA-STS implementation and option to either

enable it or turn it off (or run in "testing" rather then "enforce") would be also great.
(GitHub Pages, CloudFlare Workers)??

 

Looking at OVH, is not much better
https://www.trustpilot.com/review/ovh.ca

https://www.trustpilot.com/review/ovh.com/fr

https://www.trustpilot.com/review/ovh.it

https://www.trustpilot.com/review/ovh.pl

 


If anyone finds a way on how to "enable"  MTA-STS on the Zimbra "Starter" 15GB E-Mail account

please share.

As of 2026/02 it is not possible to do so AFAIK.
Hilfreich (0)

An Diskussion teilnehmen