diff --git a/roles/nginx/templates/sites-enabled/mail.conf b/roles/nginx/templates/sites-enabled/mail.conf
index d8599d5..e7bc61e 100644
--- a/roles/nginx/templates/sites-enabled/mail.conf
+++ b/roles/nginx/templates/sites-enabled/mail.conf
@@ -11,3 +11,18 @@ server {
         include /etc/nginx/snippets/proxy.conf;
     }
 }
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mta-sts.{{ domain }};
+
+    location / {
+        return 404;
+    }
+
+    location = /.well-known/mta-sts.txt {
+        proxy_pass https://127.0.0.1:{{ ports['mailserver_https'] }};
+    }
+}