It turned out that exim is a rather friendly chap, even when it comes to
be picky. It will positively verify HELO addresses by both forward and
reverse lookups (to pick up the thread from some days ago), so the
'reverse lookup' is not really a problem with at least halfway properly
configured MTAs.
One problem, though: I demand that my colleagues abroad AUTHenticate
themselves if they wish to use my exim as a relay (else relaying is
forbidden, of course). If I activate the helo_verify option, they are
rejected with a 550 error (HELO argument does not match calling host).
I assume this is because the HELO verification is done first, then the
AUTH is advertised, but that's too late then.
I cannot ask my friends to first find out their dialup IP/Hostname, then
set their mail software, and only then send their stuff. Sure, they could
always use their ISP's MTA as a relay, but once they are in the office,
the re-configuration starts again...
Any way around that? (except skipping helo_verify, that is)