Avatar of terrontech
terrontech
Flag for United States of America asked on

Email not accepted for policy reasons.

Hello, ever since I installed my new SBS 2011 server last weekend I can't send to any yahoo.com domain. I can send to EVERYONE else (hotmail, aol, gmail, and every other doamin). I keep getting the message below. I have send several emails to the postmaster, filled out the whitelist form and the ulk sender form (even though I am not a bulk sender) and have not heard back from yahoo. We did not change our IP address, we are not on any blacklist, we have a reverse dns entry, and I created an spf record yesterday. Is there anything else I can do on my end? Yahoo isn't responding. This is nuts!

mta1050.mail.sp2.yahoo.com rejected your message to the following e-mail addresses:

terrontech@yahoo.com (terrontech@yahoo.com)


mta1050.mail.sp2.yahoo.com gave this error:
Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]


A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
Windows Server 2008Exchange

Avatar of undefined
Last Comment
terrontech

8/22/2022 - Mon
Chris

have you setup R-DNS and SPF records

http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS

http://en.wikipedia.org/wiki/Sender_Policy_Framework

try sending via Telent commands you might get a more meaningful error
http://exchange.mvps.org/smtp_frames.htm
todd_beedy

According to Yahoo it looks as though you may have a setting that is forcing them to use specific authentication methods to validate you.

http://help.yahoo.com/kb/index?page=content&y=PROD_MAIL_ML&locale=en_US&id=SLN4382&impressions=true

This error message indicates that your email wasn't accepted because it failed authentication checks against your sending domain's DomainKeys or DKIM policy. DomainKeys and its successor, DKIM, are email authentication technologies, which ensure emails really come from their claimed domain.
We only reject emails for failing DomainKeys or DKIM authentication when both of these conditions apply:
The signing domain (i.e., as identified in the "d=" tag of the DomainKeys/DKIM signature) has given us explicit indication that all emails from the domain must be signed and authenticated with DomainKeys and/or DKIM to prevent forgery.
The rejected email couldn't be authenticated against the sending domain's policy (e.g., due to a missing or bad signature).
terrontech

ASKER
Yes, please read my post. I stated that I created the spf yesterday. And Yes, I know what the Yahoo error says. I just don't know what it means or how to fix it. I haven't heard anything back from yahoo and I wanted to know if there is anything I can do on my server to rectify this. I even called Microsoft yesterday and they didn't know what this DKIM was either. Is it something I can enable? Again, this is specific to yahoo. Any ideas on how to correct it?
Your help has saved me hundreds of hours of internet surfing.
fblack61
todd_beedy

The domain keys signature is a yahoo thing and you will not be able to "get around it" from what I am reading...

This should help to start with...

http://www.simpledns.com/kb.aspx?kbid=1092

I am working on the policy stuff... but that should help for the dns signature side.
todd_beedy

have you ran your domain through mxtoolbox yet?
WORKS2011

what happens if you use a smart host. We had similar problems like this where we couldn't send to one domain and setting up the smart host resolved it.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
terrontech

ASKER
Hi Todd, Yes, it comes back with no blacklists and the disgnostics run fine. It just gives a warning about the transaction time, but it does that every time I have ever tested it for any domain. I think that simpledns you sent me is the answer, but I'm confused as to how to write the txt record for my domain. Are there any examples?
Chris

sorry i didn't absorb all the content of you post

looking at it exchange doesn't/wont support it out of the box

If you have a third party relayer i.e. messagelabs, webroot etc they might be able to offer it

here is another promising post that may be a little more complex
http://nicholas.piasecki.name/blog/2010/12/dkim-signing-outbound-messages-in-exchange-server-2007/
todd_beedy

http://domainkeys.sourceforge.net/

is the SF page for the project but there is not a lot there...

Also try using your domain name here for some assistance...

http://domainkeys.sourceforge.net/policycheck.html

--- try those.. i am working on more.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
todd_beedy

...also I just tested our new exchange server setup here and I am able to send to my yahoo address...

I am going to take a look at some of the policies to see if there was a specific setup option performed.
terrontech

ASKER
Thank you, I also found this and I am reading through now....
http://dkimcore.org/tools/
Chris

i never have any issues with exchange to yahoo (2010)
I have no specific connector settings, only have SPF setup recently due to another domain and on my test lab have no rDNS.


its possible that you have been added to a specific blacklist within Yahoo
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
todd_beedy

Terrontech...

does your company send out mass mailings of any sort?
WORKS2011

I agree I wouldn't go into great detail on your server when Yahoo  could easily be at fault, the probability that your server is incorrect for one domain or that Yahoo is configured to cause the problem?
WORKS2011

and the smart host takes 2 minutes to install if you haven't tried it, get your ISP's info and plug it in you're now using your ISP and not your email server, or how Yahoo will see it.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
GeoTV

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
terrontech

ASKER
Yahoo still has me blocked, all attempts at unblocking have gove unanswered. Thank you for the help, but even adding the DKIM record has not helped.