Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Problem sending to hotmail - "Command rejected for policy reasons"

Posted on 2006-10-25
Last Modified: 2012-05-05
Hi - this is a bit of a big question / couple rolled into one!

We recently placed the spamhaus and ordb connection filters into exchange within our SBS 2003 server. We also support numerous other SBS 2003 servers which we were going to roll out the same settings to. After setting up ours, and one of our customers - we hit our first problem.... WE HAD BEEN BLACKLISTED!
As our server is on the same network as our workshop (where we repair domestic pc's etc) we believe that we were on the CBL for this reason (viruses/spambots). We have now managed to remove ourselves, but would like to stop this happening again. Any suggestions?

As for the second part of my question, which I believe is related to the first - we are unable to send to hotmail:

|The following recipient(s) could not be reached:
|  xxxxxxxxxxx@hotmail.co.uk on 25/10/2006 09:39
|  There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
|  <fivenines.co.uk #5.5.0 smtp;550 Command rejected for policy reasons.>

I have checked using www.dnsstuff.com with the SPAM database lookup and we are now clean - BUT we were on 3 lists (all running from the CBL list) 24 hours ago.

I didn't know if I should list my IP or my domain name - but if it helps, let me know

This is quite an urgent one - as we need to resume normal communications - so I have allocated 500 points
Question by:mikcanavan
  • 2
  • 2
LVL 21

Expert Comment

ID: 17801853
Hi mikcanavan,

do you have reverse dns?
make sure you aren't on the blacklistst anymore and make sure that your server ain't an open relay

LVL 21

Expert Comment

ID: 17801862
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17827902
FYI, you are technically violating EE rules by putting more than one question into a post.  I won't edit that out this time, but please refrain from the practice in the future because it otherwise doesn't make it very easy for folks to search from the database of PAQs. (Previously Answered Questions)...

The NDR error message may be related to being blacklisted... however asking how to avoid blacklisting is certainly a separate question.

If you really were blacklisted, and you think it may have been caused by having computers you repair connected to the network... then you need to not connect a computer that you suspect MAY have a virus (ie, any computer you are repairing) to the network/Internet until you have turned it on and verified that there is no virus.  Becuse otherwise you are being blacklisted for very good reason.

However, I wonder if you really WERE blacklisted?  According to http://mxtoolbox.com/index.aspx, you have THREE MX records... (assuming your domain is fivenines.co.uk).  Two of which are from 1and1, which are still blacklisted.  You should remove those unless you are using them as a backup mailserver, which I wouldn't recommend.

You can then run the diagnostic at mxtoolbox.com to see that your server is running just fine... however your Reverse DNS has not been modified to match your domain name.  This generally doesn't cause a problem, but some larger mail servers don't like it.  (I've never heard of a problem with Hotmail, though).  You can contact your ISP (ZEN Internet) to have them modify the reverse DNS.  Another view of your settings is here:  http://www.robtex.com/ip/

I'd also note that while I was reviewing your settings, I checked your server's SSL certificate which was not created with the appropriate name.  When you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) you should put "mail.fivenines.co.uk" in as the FQDN of your server (even if your server has a different host name, your certificate needs to match what is listed as your HOST A record in your 1and1 DNS zone file).  Rerun the CEICW to change this.

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

I don't know if I directly answered anything for you here... but I would troubleshoot by removing the spamhaus and ordb connection filters since it is unclear whether adding those is the cause of you getting these NDR's.  If you remove those and you stop getting the NDRs, then you can add them back to see if they are truly the cause.


Author Comment

ID: 17921285
Thanks Jeff

There was a lot to go through there... and it has taken a couple of weeks for things like the rDNS requests to go through, but we have learnt a great deal from just your post alone!!!

We are now able to send to Hotmail - and are no longer listed in any of dnsstuff's Spam database lookups.

I will try over the next week or so - adding the spamhaus and ordb connection filters again... and see if that is the cause.

Thanks again Jeff
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17922540
There's no real need to add the spamhaus and ordb filters if you are using Exchange SP2 with the Intelligent Message Filter. That'll filter out just as much as using those blacklists without nearly as much effort by your server's resources.


Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RAID Configuration 18 62
SBS 2008 RDP Gateway works on from Windows 10 5 39
WSUS 3.0 SP2 Replicate to WSUS 2016 3 47
Massive Event ID 10009 5 28
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question