diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index d8e4e178a..df0e894fe 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -664,6 +664,18 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               dkim('add', array('key_size' => $_data['key_size'], 'dkim_selector' => $_data['dkim_selector'], 'domains' => $domain));
             }
           }
+          // Create MTA-STS settings from template if enabled
+          if (!empty($DOMAIN_DEFAULT_ATTRIBUTES['mta_sts']) && $DOMAIN_DEFAULT_ATTRIBUTES['mta_sts'] == 1) {
+            $mta_sts_data = array(
+              'domain' => $domain,
+              'version' => $DOMAIN_DEFAULT_ATTRIBUTES['mta_sts_version'],
+              'mode' => $DOMAIN_DEFAULT_ATTRIBUTES['mta_sts_mode'],
+              'max_age' => $DOMAIN_DEFAULT_ATTRIBUTES['mta_sts_max_age'],
+              'mx' => $DOMAIN_DEFAULT_ATTRIBUTES['mta_sts_mx'],
+              'active' => 1
+            );
+            mailbox('add', 'mta_sts', $mta_sts_data);
+          }
           if (!empty($restart_sogo)) {
             $restart_response = json_decode(docker('post', 'sogo-mailcow', 'restart'), true);
             if ($restart_response['type'] == "success") {
@@ -1648,6 +1660,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $attr['relay_unknown_only']          = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : 0;
           $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
           $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
+          $attr['mta_sts']                    = (isset($_data['mta_sts'])) ? intval($_data['mta_sts']) : 0;
+          $attr['mta_sts_version']            = (isset($_data['mta_sts_version'])) ? $_data['mta_sts_version'] : 'stsv1';
+          $attr['mta_sts_mode']               = (isset($_data['mta_sts_mode'])) ? $_data['mta_sts_mode'] : 'enforce';
+          $attr['mta_sts_max_age']            = (isset($_data['mta_sts_max_age'])) ? intval($_data['mta_sts_max_age']) : 604800;
+          $attr['mta_sts_mx']                 = (isset($_data['mta_sts_mx'])) ? $_data['mta_sts_mx'] : '';
 
           // save template
           $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
@@ -2999,6 +3016,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             $attr['relay_unknown_only']          = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : 0;
             $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
             $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
+            $attr['mta_sts']                    = (isset($_data['mta_sts'])) ? intval($_data['mta_sts']) : 0;
+            $attr['mta_sts_version']            = (isset($_data['mta_sts_version'])) ? $_data['mta_sts_version'] : 'stsv1';
+            $attr['mta_sts_mode']               = (isset($_data['mta_sts_mode'])) ? $_data['mta_sts_mode'] : 'enforce';
+            $attr['mta_sts_max_age']            = (isset($_data['mta_sts_max_age'])) ? intval($_data['mta_sts_max_age']) : 604800;
+            $attr['mta_sts_mx']                 = (isset($_data['mta_sts_mx'])) ? $_data['mta_sts_mx'] : '';
 
             // update template
             $stmt = $pdo->prepare("UPDATE `templates`
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 1e8525957..ae3011e6e 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -723,6 +723,8 @@
         "mta_sts_mx": "MX server",
         "mta_sts_mx_info": "Allows sending only to explicitly listed mail server hostnames; the sending MTA checks if the DNS MX hostname matches the policy list, and only allows delivery with a valid TLS certificate (guards against MITM).",
         "mta_sts_mx_notice": "Multiple MX servers can be specified (separated by commas).",
+        "mta_sts_enable": "Enable MTA-STS",
+        "mta_sts_template_info": "When enabled, MTA-STS will be automatically configured for all domains created with this template.",
         "multiple_bookings": "Multiple bookings",
         "none_inherit": "None / Inherit",
         "nexthop": "Next hop",
diff --git a/data/web/templates/edit/domain-templates.twig b/data/web/templates/edit/domain-templates.twig
index d4612a198..690613380 100644
--- a/data/web/templates/edit/domain-templates.twig
+++ b/data/web/templates/edit/domain-templates.twig
@@ -124,6 +124,48 @@
       </div>
     </div>
     <hr>
+    <div class="row mb-4">
+      <label class="control-label col-sm-2">{{ lang.edit.mta_sts }}</label>
+      <div class="col-sm-10">
+        <div class="form-check mb-3">
+          <input type="hidden" value="0" name="mta_sts">
+          <label><input type="checkbox" class="form-check-input" value="1" name="mta_sts"{% if template.attributes.mta_sts == '1' %} checked{% endif %}> {{ lang.edit.mta_sts_enable }}</label>
+          <p><small class="text-muted">{{ lang.edit.mta_sts_template_info|raw }}</small></p>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3" for="mta_sts_version">{{ lang.edit.mta_sts_version }}</label>
+          <div class="col-sm-9">
+            <select data-style="btn btn-light" class="form-control" name="mta_sts_version">
+              <option value="stsv1"{% if template.attributes.mta_sts_version == 'stsv1' %} selected{% endif %}>STSv1</option>
+            </select>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3" for="mta_sts_mode">{{ lang.edit.mta_sts_mode }}</label>
+          <div class="col-sm-9">
+            <select data-style="btn btn-light" class="form-control" name="mta_sts_mode">
+              <option value="enforce"{% if template.attributes.mta_sts_mode == 'enforce' %} selected{% endif %}>enforce</option>
+              <option value="testing"{% if template.attributes.mta_sts_mode == 'testing' %} selected{% endif %}>testing</option>
+              <option value="none"{% if template.attributes.mta_sts_mode == 'none' %} selected{% endif %}>none</option>
+            </select>
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3" for="mta_sts_max_age">{{ lang.edit.mta_sts_max_age }}</label>
+          <div class="col-sm-9">
+            <input type="number" class="form-control" name="mta_sts_max_age" value="{{ template.attributes.mta_sts_max_age|default('604800') }}">
+          </div>
+        </div>
+        <div class="row mb-2">
+          <label class="control-label col-sm-3" for="mta_sts_mx">{{ lang.edit.mta_sts_mx }}</label>
+          <div class="col-sm-9">
+            <textarea autocorrect="off" autocapitalize="none" class="form-control" rows="3" name="mta_sts_mx">{{ template.attributes.mta_sts_mx }}</textarea>
+            <small class="text-muted">{{ lang.edit.mta_sts_mx_notice|raw }}</small>
+          </div>
+        </div>
+      </div>
+    </div>
+    <hr>
     <div class="row">
       <div class="offset-sm-2 col-sm-10">
         <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="editdomain_template" data-item="{{ template.id }}" data-api-url='edit/domain/template' data-api-attr='{}' href="#">{{ lang.admin.save }}</button>