Tony Finch wrote:
I've been trying to figure that out too.
The text in 2821 says
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
It is a well-established principle that an SMTP server may refuse to
accept mail for any operational or technical reason that makes sense
to the site providing the server.
This is a contradiction. The fix, in line with current practice, is to
downgrade the MUST NOT to a SHOULD NOT - or delete it altogether.
I personally prefer deleting it and/or modernize it with a change in
thinking to "MAY REJECT" or "MAY CONSIDER REJECTING" with an
informative note about supporting legacy clients