There is a checkbox in the Advanced Delivery dialog that reads "Perform
reverse DNS lookup on incoming messages". What is the point of this
checkbox? I was hoping it meant that the SMTP server would reject
connections where RDNS failed. But that doesn't appear to be the case. Is
there another way to block those connections?

[quoted text, click to view]

Yes, we all had that hope once. :)

It'll _tag_ messages that have a non-empty HELO that doesn't match the
empty or non-empty PTR, but it won't reject them at the connection
level. To do more than that, you'd need an event sink that does more
connection-time processing.

IMO, it's in a sense good that such an easy-to-flip feature doesn't
reject all roundtrip failures without any means of whitelisting. As
effective as the roundtrip test has proven to be, being able to ignore
it for V.I.P./sloppy-yet-legit servers is essential. With tagging, at
least you could interpret the roundtrip failure in a post-acceptance
anti-spam system that itself offers whitelisting (though that system
might do the lookup itself just as easily, and post-acceptance
weighting of data that was wholly available pre-acceptance is
backward).