Sorry Roger, what do you mean by "STS support" and what are the errors you see in https://ssl-tools.net/mailservers?

These are my results (note that tls 1.3 and DANE are not enabled because of me, I will enable them in the next days if I can...):

Hi Gabriel

Why do you keep SSLv3 enabled?

Mail Transfer Agent-Strict Transport Security (MTA-STS) is an email protocol that encrypts incoming email with a security layer. This enables TLS-encrypted communication between SMTP servers, which in turn prevents man-in-the-middle attacks.

The MTA-STS policy is designed to prevent attackers from tampering with the content of emails or sending the communication to a different address. Unlike STARTTLS, MTA Strict Transport Security keeps TLS always on. It tells sending servers that your e-mail server accepts delivery of e-mail only over a secure connection.

Ciao Sabatino!

Ho avvisato i clienti che sarà disabilitato con il 01/06/2023 (ho ancora qualche cliente che ha dei software vecchi che non supportano TLS, ma ora gli ho dato l'ultimatum...)

I found out how to implement it. It is basically independent from SmarterMail see this tutorial. It works for me now

MTA-STS and TLS-RPT Implementation Guide (powerdmarc.com) 

Just to update this, even though .well-known is the the IIS tree as an actual directory under the SmarterMail site, I think ARR is not letting it work and I don't know how to deal with it. Also my BIMI image, which I placed in MRS, no longer works. I'm just not good enough with IIS honestly.

In any case, dropping a file in .well-known on Build 8684 works as I would expect. I submitted a ticket.

Earlier:

Roger, I’m having trouble figuring out where to put the policy file. There is a .well-known folder in my MRS folder, so I put it there and the MTA checker I’m using can’t retrieve the file.