To combat spam I have enabled reverse-DNS lookups of incoming SMTP connections. If the FQDN does not match the HELO-Identity, I reject the connection with a 550 Error.
I think this is asking for trouble and is arguably in violation of RFC 1123:
The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification.
I have now found that this breaks communication even with reputable (well, an international bank that is) peers. Dunno how much more mail I may have lost through this... How are you out there handling that, are you doing reverse-lookups?
I do reverse DNS lookups for information only.
AOL are only accepting mail from sites that *have* reverse DNS, but it doesn't matter much what the reverse DNS points to - see http://postmaster.aol.com/info/rdns.html
Paul.
