Setting up mta-sts for google dkim email and Virtualmin

OS type and version Ubuntu Linux 20.04.6
Webmin version 2.105
Virtualmin version 7.9.0


Trying to get my everything sorted on the email front making sure _dmarc and dkim is in place for all our mail clients. Noticed one client who has email through google workspace - we do dns - workspace does not “authenticate” the dkim record even though multiple external tests/checks verify it is correct.

Checking on the site shows it does not have “mta-sts” enabled and fails that check.

So I’ve read up on mta-sts and seems straight forward… so my question is does Virtualmin provide any tools for managing this (UI or cmdline)? If not any suggestions/tips/gotcha’s you’ve experienced if you employ mta-sts?


If you are handling the DNS for this domain? Just follow the instructions from google what is needed for your DNS entries. It is pretty straight forward. You can add the entries through Bind DNS Server if that is what you are using to handle the DNS.

If you are to host the mta-sts.txt policy? again follow the instructions on how to create a /.well-known directory to store the policy in. That can even be done through Virtualmin File manager for that domain.

Good luck!

@cyberndt Thanks for the response. Yes I’ve manually put it in place and seems to be working fine - but will keep an eye on it before fully implementing.

Really wondering how/if VM will manage this going forward. Will be tough to manually put this in place for 10’s or 100’s of existing domains manually. Going forward new domains DNS can be added during creation, mta-sts enabled per domain through mail tools/menus to create the mta-sts.txt policy file, add mta-sts host header, and generate cert.

Really just figuring out if I need to plan on managing this manually or if VM has plans to provide tools.


Maybe blue sky it.


Let’s not forget that postfix needs to be setup properly to enforce starttls with strict protocols during smtp connection and submission.

Google and Outlook 365 have already stated several times that at the moment they are not enforcing mta-sts and if your email servers have starttls properly setup they will use it when transferring mails.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.