For any incoming mail ,sophos ESA needs to do reverse DNS lookup (PTR Record) for incoming domain MTA before accepting connection and process mails.

This should be done at first level whenever sending MTA trying to make connection with our ESA MTA.

If incoming mail domain do not have valid PTR record,then connection should be rejected at that point before any processing / checking at ESA MTA policy level.

This is additional Anti-Spam technique to thwart spamming and spoofing based fraudulent mails.

This is also called Forward Reverse DNS lookup match.

A record of incoming MTA should exactly matched with PTR record of incoming MTA IP address for any legitimate incoming emails.

e.g
Our sophos ESA MTA is responsible for sending emails for our domain i.e opalindia.in

MTA DNS A record (smtp.opalindia.in ): 117.239.33.39
MTA Reverse DNS PTR record (117.239.33.39): smtp.opalindia.in