Link to home
Start Free TrialLog in
Avatar of terrontech
terrontechFlag for United States of America

asked on

Email not accepted for policy reasons.

Hello, ever since I installed my new SBS 2011 server last weekend I can't send to any yahoo.com domain. I can send to EVERYONE else (hotmail, aol, gmail, and every other doamin). I keep getting the message below. I have send several emails to the postmaster, filled out the whitelist form and the ulk sender form (even though I am not a bulk sender) and have not heard back from yahoo. We did not change our IP address, we are not on any blacklist, we have a reverse dns entry, and I created an spf record yesterday. Is there anything else I can do on my end? Yahoo isn't responding. This is nuts!

mta1050.mail.sp2.yahoo.com rejected your message to the following e-mail addresses:

terrontech@yahoo.com (terrontech@yahoo.com)


mta1050.mail.sp2.yahoo.com gave this error:
Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]


A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
Avatar of Chris
Chris
Flag of United Kingdom of Great Britain and Northern Ireland image

have you setup R-DNS and SPF records

http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS

http://en.wikipedia.org/wiki/Sender_Policy_Framework

try sending via Telent commands you might get a more meaningful error
http://exchange.mvps.org/smtp_frames.htm
According to Yahoo it looks as though you may have a setting that is forcing them to use specific authentication methods to validate you.

http://help.yahoo.com/kb/index?page=content&y=PROD_MAIL_ML&locale=en_US&id=SLN4382&impressions=true

This error message indicates that your email wasn't accepted because it failed authentication checks against your sending domain's DomainKeys or DKIM policy. DomainKeys and its successor, DKIM, are email authentication technologies, which ensure emails really come from their claimed domain.
We only reject emails for failing DomainKeys or DKIM authentication when both of these conditions apply:
The signing domain (i.e., as identified in the "d=" tag of the DomainKeys/DKIM signature) has given us explicit indication that all emails from the domain must be signed and authenticated with DomainKeys and/or DKIM to prevent forgery.
The rejected email couldn't be authenticated against the sending domain's policy (e.g., due to a missing or bad signature).
Avatar of terrontech

ASKER

Yes, please read my post. I stated that I created the spf yesterday. And Yes, I know what the Yahoo error says. I just don't know what it means or how to fix it. I haven't heard anything back from yahoo and I wanted to know if there is anything I can do on my server to rectify this. I even called Microsoft yesterday and they didn't know what this DKIM was either. Is it something I can enable? Again, this is specific to yahoo. Any ideas on how to correct it?
The domain keys signature is a yahoo thing and you will not be able to "get around it" from what I am reading...

This should help to start with...

http://www.simpledns.com/kb.aspx?kbid=1092

I am working on the policy stuff... but that should help for the dns signature side.
have you ran your domain through mxtoolbox yet?
what happens if you use a smart host. We had similar problems like this where we couldn't send to one domain and setting up the smart host resolved it.
Hi Todd, Yes, it comes back with no blacklists and the disgnostics run fine. It just gives a warning about the transaction time, but it does that every time I have ever tested it for any domain. I think that simpledns you sent me is the answer, but I'm confused as to how to write the txt record for my domain. Are there any examples?
sorry i didn't absorb all the content of you post

looking at it exchange doesn't/wont support it out of the box

If you have a third party relayer i.e. messagelabs, webroot etc they might be able to offer it

here is another promising post that may be a little more complex
http://nicholas.piasecki.name/blog/2010/12/dkim-signing-outbound-messages-in-exchange-server-2007/
http://domainkeys.sourceforge.net/

is the SF page for the project but there is not a lot there...

Also try using your domain name here for some assistance...

http://domainkeys.sourceforge.net/policycheck.html

--- try those.. i am working on more.
...also I just tested our new exchange server setup here and I am able to send to my yahoo address...

I am going to take a look at some of the policies to see if there was a specific setup option performed.
Thank you, I also found this and I am reading through now....
http://dkimcore.org/tools/
i never have any issues with exchange to yahoo (2010)
I have no specific connector settings, only have SPF setup recently due to another domain and on my test lab have no rDNS.


its possible that you have been added to a specific blacklist within Yahoo
Terrontech...

does your company send out mass mailings of any sort?
I agree I wouldn't go into great detail on your server when Yahoo  could easily be at fault, the probability that your server is incorrect for one domain or that Yahoo is configured to cause the problem?
and the smart host takes 2 minutes to install if you haven't tried it, get your ISP's info and plug it in you're now using your ISP and not your email server, or how Yahoo will see it.
ASKER CERTIFIED SOLUTION
Avatar of GeoTV
GeoTV

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yahoo still has me blocked, all attempts at unblocking have gove unanswered. Thank you for the help, but even adding the DKIM record has not helped.