We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Problem sending to hotmail - "Command rejected for policy reasons"

mikcanavan asked
Medium Priority
Last Modified: 2012-05-05
Hi - this is a bit of a big question / couple rolled into one!

We recently placed the spamhaus and ordb connection filters into exchange within our SBS 2003 server. We also support numerous other SBS 2003 servers which we were going to roll out the same settings to. After setting up ours, and one of our customers - we hit our first problem.... WE HAD BEEN BLACKLISTED!
As our server is on the same network as our workshop (where we repair domestic pc's etc) we believe that we were on the CBL for this reason (viruses/spambots). We have now managed to remove ourselves, but would like to stop this happening again. Any suggestions?

As for the second part of my question, which I believe is related to the first - we are unable to send to hotmail:

|The following recipient(s) could not be reached:
|  xxxxxxxxxxx@hotmail.co.uk on 25/10/2006 09:39
|  There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
|  <fivenines.co.uk #5.5.0 smtp;550 Command rejected for policy reasons.>

I have checked using www.dnsstuff.com with the SPAM database lookup and we are now clean - BUT we were on 3 lists (all running from the CBL list) 24 hours ago.

I didn't know if I should list my IP or my domain name - but if it helps, let me know

This is quite an urgent one - as we need to resume normal communications - so I have allocated 500 points
Watch Question

Hi mikcanavan,

do you have reverse dns?
make sure you aren't on the blacklistst anymore and make sure that your server ain't an open relay

Principal Consultant
Most Valuable Expert 2016
Top Expert 2014
FYI, you are technically violating EE rules by putting more than one question into a post.  I won't edit that out this time, but please refrain from the practice in the future because it otherwise doesn't make it very easy for folks to search from the database of PAQs. (Previously Answered Questions)...

The NDR error message may be related to being blacklisted... however asking how to avoid blacklisting is certainly a separate question.

If you really were blacklisted, and you think it may have been caused by having computers you repair connected to the network... then you need to not connect a computer that you suspect MAY have a virus (ie, any computer you are repairing) to the network/Internet until you have turned it on and verified that there is no virus.  Becuse otherwise you are being blacklisted for very good reason.

However, I wonder if you really WERE blacklisted?  According to http://mxtoolbox.com/index.aspx, you have THREE MX records... (assuming your domain is fivenines.co.uk).  Two of which are from 1and1, which are still blacklisted.  You should remove those unless you are using them as a backup mailserver, which I wouldn't recommend.

You can then run the diagnostic at mxtoolbox.com to see that your server is running just fine... however your Reverse DNS has not been modified to match your domain name.  This generally doesn't cause a problem, but some larger mail servers don't like it.  (I've never heard of a problem with Hotmail, though).  You can contact your ISP (ZEN Internet) to have them modify the reverse DNS.  Another view of your settings is here:  http://www.robtex.com/ip/

I'd also note that while I was reviewing your settings, I checked your server's SSL certificate which was not created with the appropriate name.  When you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) you should put "mail.fivenines.co.uk" in as the FQDN of your server (even if your server has a different host name, your certificate needs to match what is listed as your HOST A record in your 1and1 DNS zone file).  Rerun the CEICW to change this.

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

I don't know if I directly answered anything for you here... but I would troubleshoot by removing the spamhaus and ordb connection filters since it is unclear whether adding those is the cause of you getting these NDR's.  If you remove those and you stop getting the NDRs, then you can add them back to see if they are truly the cause.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thanks Jeff

There was a lot to go through there... and it has taken a couple of weeks for things like the rDNS requests to go through, but we have learnt a great deal from just your post alone!!!

We are now able to send to Hotmail - and are no longer listed in any of dnsstuff's Spam database lookups.

I will try over the next week or so - adding the spamhaus and ordb connection filters again... and see if that is the cause.

Thanks again Jeff
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

There's no real need to add the spamhaus and ordb filters if you are using Exchange SP2 with the Intelligent Message Filter. That'll filter out just as much as using those blacklists without nearly as much effort by your server's resources.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.