Default MTA_STS mode is testing,

saves the state to /etc/mailinabox.conf so during upgrades,
the variable is perserved

conf/mta-sts.txt

@@ -1,4 +1,4 @@
 version: STSv1
-mode: testing
+mode: MODE
 mx: PRIMARY_HOSTNAME
 max_age: 86400

setup/start.sh

@@ -82,6 +82,11 @@ if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
 	chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
 fi
 
+# Default policy (initial) for MTA_STS = testing in the current state of inclusion.
+# it can be changed to "none", "testing" or "enforce". With this extention, this is preserved by
+# future upgrades
+
+MTA_STS="${DEFAULT_MTA_STS:-testing}"
 
 # Save the global options in /etc/mailinabox.conf so that standalone
 # tools know where to look for data.
@@ -93,6 +98,7 @@ PUBLIC_IP=$PUBLIC_IP
 PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
+MTA_STS=$MTA_STS
 EOF
 
 # Start service configuration.

setup/web.sh

@@ -126,7 +126,9 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
 # nginx configuration at /.well-known/mta-sts.txt
 # more documentation is available on: 
 # https://www.uriports.com/blog/mta-sts-explained/
+
 cat conf/mta-sts.txt \
+        | sed "s/MODE/$MTA_STS/" \
         | sed "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" \
          > /var/lib/mailinabox/mta-sts.txt
 chmod a+r /var/lib/mailinabox/mta-sts.txt