-
Title
Email cannot be delivered due to “MTA-STS validation” error during Domain Address Rewrite or Domain Move. -
Description
Email cannot be delivered due to “MTA-STS validation” error during Domain Address Rewrite or Domain Move. -
Cause
Microsoft has enabled “Introducing MTA-STS for Exchange Online - Microsoft Tech Community” security feature in Exchange Online, and will refuse deliver messages to servers that don’t support TLS and have a trusted certificate. Administrators can find the message being blocked with similar message trace listed below
Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=451 4.4.8 MX hosts of 'lab6.leagueteam.us' failed MTA-STS validation.] [LastAttemptedServerName=lab6.leagueteam.us] [BN7NAM10FT024.eop-nam10.prod.protection.outlook.com]};{MSG=451 4.4.8 MX hosts of 'lab6.leagueteam.us' failed MTA-STS validation.};{FQDN=lab6.lea. OutboundProxyTargetHostName: lab6.leagueteam.us
-
Resolution
Update the MTA-STS policy and add the Email Relay Server’s MX records to the policy.
Below is a sample of the policy, additional detail for MTA-STS implementation in Exchange Online, please refer to Introducing MTA-STS for Exchange Online - Microsoft Tech Community link. Contact Microsoft regarding any questions or issues regarding this Microsoft supported article.